Linux

54627 readers

539 users here now

From Wikipedia, the free encyclopedia

Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).

Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.

Rules

Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.
No misinformation
No NSFW content
No hate speech, bigotry, etc

Related Communities

Community icon by Alpár-Etele Méder, licensed under CC BY 3.0

founded 6 years ago

MODERATORS

[email protected]

Full Disk Encryption on SSD (Debian) (feddit.org)

submitted 2 weeks ago* (last edited 2 weeks ago) by [email protected] to c/[email protected]

11 comments fedilink hide all child comments

Hi everyone,

as my thread from yesterday about shredding SSD's the right way already was very helpful, another follow-up topic came to my mind, which may also be interesting for me and maybe others too.

Since many PC's often use SSD's and less harddrives nowadays it may be interesting to discuss the full-disk encryption of it.

First of all some questions, which came to my mind:

Does the encryption of a SSD decrease its performance (read/write-speed) significantly?
How does the encryption affect the wear-leveling of the SSD and what should be considered to ensure a safe encryption?
Will functionalities like hibernation still work? Are maybe other functionalities affected in a negative way?

I already successfully full-disk encrypted my old laptop (harddrive) with the instructions from StackExchange. My computer has a 1TB SSD + 1TB harddrive and I wish to encrypt completely everything, that's not technically necessary. I want to use Debian as my distro. Could this instruction work the same way as with harddrives?

I'm interested in your knowledge about this.

~sp3ctre

you are viewing a single comment's thread
view the rest of the comments

[–] [email protected] 11 points 2 weeks ago

It should work almost exactly the same as hard drive encryption. In my experience, the read/write overhead from encryption is negligible. Encryption shouldn't affect wear-leveling, and it's still possible to TRIM the drive to discard any unused blocks (although TRIM may leak some filesystem metadata).

If you want to ensure any previous unencrypted is erased on the SSD, consider formatting and trimming it before encryption (using something like blkdiscard). Hibernation should still work, it will just prompt you for your encryption passphrase then resume your session. I'm not sure about any lost functionality, but it's been seamless for me.

Depending on your threat model, keep in mind that full disk encryption typically leaves the boot partition (usually containing the kernel, initrd, and bootloader) unencrypted since it's needed to boot the system. This can leave you susceptible to evil maid attacks or modifications from another operating system (if dual booting). For most people though I assume this shouldn't be an issue.