System76 Eyeing Disk Encryption By Default
Ubuntu-focused Linux PC vendor System76 who has also been working on their own Pop!_OS distribution is looking at enabling disk encryption by default.
System76 has shared another blog post highlighting their work on Pop!_OS. The latest is on their design work and installer. But what got me excited about this post is the mention of "Full disk encryption is seen as an important part of security and privacy and should be a default option...A hurdle for a privacy and security focused OEM like System76 is how to deliver a computer with the encryption provided by default."
For any production system and especially laptops, I certainly recommend using full disk encryption. I've been running with full-disk encryption on my primary production systems for many years. With modern processors thanks to AES-NI, solid-state drives and friends, the performance cost of full-disk encryption on modern hardware tends to be quite minimal unless you are daily running very I/O heavy workloads.
Ubuntu offers home directory encryption via their GUI installer, but doing full-disk encryption is less straightforward on their platform. Other distributions like Fedora do make full-disk encryption easier.
The prospects of system76 shipping future systems with full disk encryption by default or at least trivial to deploy is exciting and a first among Linux PC vendors. But that isn't without some challenges for ensuring the encryption key is unique since they simply can't image the disks the same, etc. It will be interesting to see what system76 comes up with for handling full-disk encryption.
System76 has shared another blog post highlighting their work on Pop!_OS. The latest is on their design work and installer. But what got me excited about this post is the mention of "Full disk encryption is seen as an important part of security and privacy and should be a default option...A hurdle for a privacy and security focused OEM like System76 is how to deliver a computer with the encryption provided by default."
For any production system and especially laptops, I certainly recommend using full disk encryption. I've been running with full-disk encryption on my primary production systems for many years. With modern processors thanks to AES-NI, solid-state drives and friends, the performance cost of full-disk encryption on modern hardware tends to be quite minimal unless you are daily running very I/O heavy workloads.
Fedora's full-disk encryption in Anaconda.
Ubuntu offers home directory encryption via their GUI installer, but doing full-disk encryption is less straightforward on their platform. Other distributions like Fedora do make full-disk encryption easier.
The prospects of system76 shipping future systems with full disk encryption by default or at least trivial to deploy is exciting and a first among Linux PC vendors. But that isn't without some challenges for ensuring the encryption key is unique since they simply can't image the disks the same, etc. It will be interesting to see what system76 comes up with for handling full-disk encryption.
24 Comments