disk encryption for Ubuntu 20 LTS
Paul Smith
paul at mad-scientist.net
Fri May 21 17:01:32 UTC 2021
On Fri, 2021-05-21 at 12:39 +0200, Liam Proven wrote:
> [1] Don't. IMHO it's a massive pain in the backside and it reduces
> performance. I am a 30Y Unix veteran and 25Y on Linux. It took me 3
> days to get full-disk encryption working well and I'll never do it
> again.
When I got my work laptop I installed Ubuntu 18.04 and checked "full
disk encryption". It worked perfectly and I've been using it for 3
years and have not had any problems. During that time I've upgraded
(in-place upgrade, not re-install) to Ubuntu 20.04, installed multiple
firmware updates, etc.
I do software development (C++ mostly) so I do a LOT of compiling and
linking of large software. I also work on an application that does a
lot of disk IO and test it constantly on my laptop.
Before recommending this configuration to developers we tested with FDE
on and off and the difference in speed was hardly noticeable.
Backups are always a good idea. The sophistication of your backup
process should be proportional to the cost of losing the data (backup
and restore have costs as well). Whether FDE is enabled or not is not
very relevant to this calculation.
> I know a lot of the Linux nerds love encryption, but in my expert
> professional opinion it's a huge waste of time, effort and
> performance.
An expert or professional should not give advice without first
understanding the use case. Evil maid IS a real thing and can be a
high risk depending on various factors. The XKCD comic is funny but if
you are compromised it will almost certainly be done clandestinely, as
an opportunity crime, not via wrench-enabled espionage.
More information about the ubuntu-users
mailing list