Full disk encryption with Ubuntu
J.Witvliet at mindef.nl
J.Witvliet at mindef.nl
Sun Jan 29 22:32:29 UTC 2023
From: "Jared Norris" <jrnorris at gmail.com<mailto:jrnorris at gmail.com>>
Date: Saturday, 28 January 2023 at 07:33:39
To: "ubuntu-users at lists.ubuntu.com" <ubuntu-users at lists.ubuntu.com<mailto:ubuntu-users at lists.ubuntu.com>>
Subject: Full disk encryption with Ubuntu
Hi all,
Long story short, I had a hard drive fail under warranty that I couldn't claim on. They wanted me to return the disk via post with no promises of secure destruction and as the failure mode meant the data was read only and couldn't be formatted/encrypted so I didn't take them up on the offer.
I'm trying to do better this time and have purchased a new HDD (Crucial P5 Plus - M2) and it has encryption capabilities built in. I generally run a full Ubuntu disk and only run other OS's inside virtual machines so no need to worry about multiple OS's.
I'm trying to decide on the best approach, from what I can see the main options include
1 - hardware based SED - https://www.crucial.com/support/articles-faq-ssd/overview-hardware-encryption
2 - Ubuntu installer based LVM/LUKS - encryption option offered during installation
3 - Ubuntu software based full disk encryption - https://help.ubuntu.com/community/Full_Disk_Encryption_Howto_2019
I'm leaning towards 1 to remove any possible performance impact and also because I have no experience of either options 2 or 3. Option 2 looks relatively straightforward and option 3 looks incredibly painful. My main concerns with option 1 is that I'm worried what happens whenever I get a new PC and want to move the HDD.
Does anyone have any experience with the options (or can suggest another) have a preferred approach?
Regards,
Jared Norris
Just a quick thought…
What is the point of having all and everything encrypted?
/home: ofcource, and perhaps /var, and /etc.
But why all regular binaries?
Dit bericht kan informatie bevatten die niet voor u is bestemd. Indien u niet de geadresseerde bent of dit bericht abusievelijk aan u is toegezonden, wordt u verzocht dat aan de afzender te melden en het bericht te verwijderen. De Staat aanvaardt geen aansprakelijkheid voor schade, van welke aard ook, die verband houdt met risico's verbonden aan het elektronisch verzenden van berichten.
This message may contain information that is not intended for you. If you are not the addressee or if this message was sent to you by mistake, you are requested to inform the sender and delete the message. The State accepts no liability for damage of any kind resulting from the risks inherent in the electronic transmission of messages.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/ubuntu-users/attachments/20230129/4fcaf1ac/attachment-0001.html>
More information about the ubuntu-users
mailing list