A portable computer must use encryption. I notice that the default install does not use any, I also tried the Manjaro image (works great!) and it also comes without full disk encryption. Is there a proven method to get an encrypted install going?
I installed eCryptFs so my files in home are “a little bit” more secure than before and i can use the default image (A04 here).
1 Like
One thing to remember is that SD/TF cards are not as durable as regular SSDs, which are again not as durable as HDDs. The lifetime of your cards could suffer due to the larger and more numerous writes from encryption. Additionally, it will be slower disk I/O with a higher CPU burden.
1 Like
There should be no write amplification, either in number of writes or amount of data written, with any sane disk encryption scheme. If it’s compressing the data first - which is not recommended from a security perspective - it will actually reduce the number of blocks written.
The exception to the rule: SSDs with compression-based wear reduction in their controllers, like selected SandForce controllers, where it expects a certain amount of possible compression which is unachievable with encrypted data. I know of no SD Cards that use internal compression for wear reduction, though, so my point still stands.
1 Like
That depends upon what you mean. If you mean encryption of used disk space, then this is true. If, OTOH, you mean full disk encryption which is what I thought was meant, then that’s wrong. The entire disk (including free space) is encrypted which means more writes.
To the best of my knowledge - with the caveat that I haven’t played with full-disk encryption in a fair few years now - the most common Linux full-disk encryption packages do not encrypt free space, but users have the option to fill the drive with random data manually first before creating the encrypted device.
The disk encryption built into Windows and macOS can encrypt free space, but you’re not likely to be running either of those on your DevTerm.