Full disk encryption with Ubuntu

Keith keithw at caramail.com
Sat Jan 28 18:29:41 UTC 2023 

On 1/28/23 12:31 AM, Jared Norris wrote:
> Hi all,
> 
> Long story short, I had a hard drive fail under warranty that I couldn't 
> claim on. They wanted me to return the disk via post with no promises of 
> secure destruction and as the failure mode meant the data was read only 
> and couldn't be formatted/encrypted so I didn't take them up on the offer.
> 
> I'm trying to do better this time and have purchased a new HDD (Crucial 
> P5 Plus - M2) and it has encryption capabilities built in. I generally 
> run a full Ubuntu disk and only run other OS's inside virtual machines 
> so no need to worry about multiple OS's.
> 
> I'm trying to decide on the best approach, from what I can see the main 
> options include
> 1 - hardware based SED - 
> https://www.crucial.com/support/articles-faq-ssd/overview-hardware-encryption <https://www.crucial.com/support/articles-faq-ssd/overview-hardware-encryption>
> 2 - Ubuntu installer based LVM/LUKS - encryption option offered during 
> installation
> 3 - Ubuntu software based full disk encryption - 
> https://help.ubuntu.com/community/Full_Disk_Encryption_Howto_2019 
> <https://help.ubuntu.com/community/Full_Disk_Encryption_Howto_2019>
> 
> I'm leaning towards 1 to remove any possible performance impact and also 
> because I have no experience of either options 2 or 3. Option 2 looks 
> relatively straightforward and option 3 looks incredibly painful. My 
> main concerns with option 1 is that I'm worried what happens whenever I 
> get a new PC and want to move the HDD.
> 
> Does anyone have any experience with the options (or can suggest 
> another) have a preferred approach?
> 

I think before deciding on option 1, I would investigate what's going to 
be involved in getting your SED to work with linux. A cursory search 
indicates it to be just as complicated as option 3 - maybe more so. 
Crucial doesn't seem to have any support using linux with their hardware 
on their website. The only support pages I found explained how to use 
the SED with Windows Bitlocker.

What information there is for getting SED's with option 1 to work in 
linux all detail a number of manual steps you'll need to perform 
including using utilities that are not found in any of the Ubuntu/Debian 
repos.

Here's a Dell support page that's on point with using a SED with Ubuntu, 
but I'm not sure it covers using a SED as a boot drive, though.

https://www.dell.com/support/kbdoc/en-us/000132842/encrypting-your-ubuntu-operating-system-using-a-sed-hard-drive

-- 
Keith

More information about the ubuntu-users mailing list