SlackwareThis Forum is for the discussion of Slackware Linux.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I've got a laptop, and bought an intel ssd for it. On a mobile device encryption is a must. But what is the best option? Because when i use luks cryptsetup, trim of my ssd is no longer working which causes serious performance degradation.
I don't care much for alignment of the drive, but trim should work. I googled my ass of, and all i found that luks is not working well with trim support of the ssd's.
Is there another option to use full encryption of at least my home partition? Or should i just place back the original drive, and use the ssd for my desktop?
Click here to see the post LQ members have rated as the most helpful post in this thread.
Using trim would provide an attacker with information on which parts of the filesystem contain data and which are empty. I'm not a crypto expert, so I don't know how harmful this would be.
However, have you tried the `discard' option with ext4? I think if it doesn't work, it is due to device-mapper not supporting trim (in April, 2010 anyway). This may change in the future or might be different now.
Part of a performance hit may be due to the drive being prefilled with pseudo random data when creating the encrypted device, so until a delete, there are no discarded areas. The SSD drive doesn't have information on invalid regions of the filesystem. The purpose of trim is to tell it this after a delete.
As an experiment (if the discard option works) you could try filling much of the free space with a file (using dd) and then delete it.
to jschiwal: discard is not working, unfortunately.
to gorillus: i'm not really willing to use experimental patches, because everything with datastorage should be tested and stable, and this is not a testing environment. But really thanks for the reference.
Unfortunately we live in the present, as we always will. And in the present luks is a bitch, but i'll have to use it. I'll just accept the low performance in favor of security.
to gorillus: i'm not really willing to use experimental patches, because everything with datastorage should be tested and stable, and this is not a testing environment. But really thanks for the reference.
I was thinking the same, I wanted to mention it...
A lot of tips to speed up your ssd you can find in the Arch-Wiki by the way...
No, not yet, but looking at EncFS website, it seems perfect for me. So thanks! I only need to use very simple encryption of my home dir. Simply to defend my data in case of a theft of the laptop, not to defend against some secret agency or so.
I'll try to implement it and let you know the results.
Quote:
Originally Posted by GazL
Have you had a look at using either EncFS or ecryptfs? They're not quite the same thing as a block level encryption, but they might meet your needs.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.