Opening a command prompt in a SmartCard security context

In a computing environment with very high security access to many resources requires a physical credential. I’ve only seen this in 2 places: back while working for a bank and at Microsoft. I imagine a similar story in defense related work but I’ve never done defense related contracting so can’t speak from experience.

Anywho, physical credentials are great. Except when you lose them. Or leave them in the computer. Especially if the credential serves double duty; it’s your way to enter the building and to access secured resources.

Windows has a wonderful feature that lets you start a command prompt with the credential. As long as that command prompt remains open it has access to secured resources. So you can take your physical credential out, leave the window open and do what you need to in that command prompt window.

Enter the “runas” command. Introduced in Windows 7 or Vista IIRC, it lets you run a command under different security contexts. One of those contexts is SmartCard. So I created a shortcut on the desktop with the following command:

C:\Windows\System32\runas.exe /smartcard "C:\Windows\System32\cmd.exe /k cd C:\Users\XXX\YYY && C:\Users\XXX\YYY\YYY.cmd"

This opens a command prompt, asks for your credential password then runs the command prompt under the smartcard security context. In this case there’s a bat (.cmd) file that sets up the target command prompt with a bunch of stuff not relevant to this discussion. The /k option to cmd.exe keeps the window open.

Striping the boot volume across 2 SSDs for non-storage experts

If 1 SSD is good then surely 2 must be better? Smile

For a variety of reasons, one of which is to minimize compile/build times, I decided to try striping (RAID-0) the boot volume across 2 SSDs. My dev box is an HP Z420.

I’m a PC hobbyist not a storage expert. The answers to these questions might be obvious to someone more conversant with storage parlance. Posting this with hopes of helping other PC hobbyists enjoy maximum performance with minimum frustration.

Comments/fixes/errata welcome.

Can I get away with not using RAID at all?

The idea here was to use Windows 7 Dynamic Disks. This is very easy to setup and requires no extra hardware. Unfortunately Windows can’t boot from a dynamic disk.

Ok, How about Intel RAID since it’s built into the motherboard?

This *will* work but presents another problem. I’m striping SSDs. SSDs need TRIM support to extend their lifespan. Intel added TRIM support for it’s RAID solution (called Rapid Storage Technology) but only for series 7 chipsets. The HP Z420 ships with a C600 chipset which I presume is series 6. So no luck.

What’s this LSI RAID stuff in the “BIOS”

The firmware config (aka “BIOS”) has support for optional add-in RAID cards. One of which is the LSI 9212-4i. Apparently this falls somewhere between a standalone RAID controller add-in card and software RAID. And it’s relatively cheap – about $130

WTF is the LSI 9212-4i HBA?

While tracking this down I encounter an unfamiliar acronym (initialism really but no one uses that word properly). HBA is short for Host Bus Adapter. It’s a way of splitting the RAID implementation across the motherboard and an add-in module without requiring a full standalone RAID controller add-in.

Great, Does it support TRIM?

According to the LSI website TRIM is supported for LSI HBAs using an IT firmware (as opposed to an IR firmware). 2 new unfamiliar acronyms:

  • IT – Initiator Target
  • IR – Integrated RAID

I have no idea what these mean – that’s a Wikipedia surf session for another time. Turns out that the LSI 9212-4i HBA supports BOTH!

Both? At the same time? How quantum mechanically confusing!

Does it support both at the same time? Or is it in one mode or the other? Does it support both for UEFI and traditional BIOS?

Apparently it ships with IR firmware (usually) but that can be overwritten with IT firmware by following these instructions.