On Thu, Dec 12, 2013 at 11:32:41 -0800, "Wolfgang S. Rupprecht" <wolfgang.rupprecht@xxxxxxxxx> wrote:
I've got a standard consumer Intel 520 SSD, which claims to do hardware based AES disk encryption with no speed penalty. It sounds like a useful way to protect laptop data if the laptop is ever stolen. Has anyone tried to do hardware-based full disk encryption with Fedora? Does one need to boot from a live usb or something in order to get to an environment where one can even enter the AES key for the disk decryption? Google is failing me here due to search spam for LUKS which doesn't appear to be capable of *full* *disk* encryption. It only seems to encrypt individual partitions.
It can do full encryption of block devices. If you aren't booting of the SSD you could encrypt the whole drive. The luks header will still be on the SSD. If you didn't want that either, you could do some trickiness with dm to have the header on a different physical device. This is all going to need manual setup, as it isn't the normal case. (For most people leaking the partition information isn't a significant risk and encrypting by partition is simpler.)
-- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
