Announcement

Collapse
No announcement yet.

System76 Eyeing Disk Encryption By Default

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • #21
    Originally posted by elvis View Post

    "cryptsetup" (the binary that configures LUKS on disk for you) has a built in benchmark that runs a single-threaded test. Test it on your own machine to see how it performs.

    $ grep ^'model name' /proc/cpuinfo | head -1
    model name : Intel(R) Core(TM) i7-3632QM CPU @ 2.20GHz

    $ cryptsetup benchmark

    I didn't know this! Nice, and thanks. I have a v131 Vostro

    Comment


    • #22
      Originally posted by torsionbar28 View Post

      Show me a Lenovo laptop that comes with full Lenovo vendor support for Linux. Or any other OEM where all of the laptop's features and functions "just work" out of the box. Laptops are notoriously fickle when it comes to drivers, and the big OEM's are Windows vendors when it comes to consumer products. They support Linux only on their high end professional workstation models, and typically only corporate distros like RHEL and SLES. And find me one big OEM that is disabling ME by default. The fact is, you get a lot for your money when you buy from System76. If you want to be a self-support penny pincher, that's your prerogative, but it's poor form to badmouth a leading Linux hardware vendor, and even more so when you haven't even used their product.
      Actually my Lenovo worked out of the box with KDE Neon, including media keys, etc. All limitations of the hardware (e.g. auto screen rotation and touch gestures) are limitations of the DE or display server, not the hardware's failing to be compatible with linux. It's pretty easy to check the specs of potential hardware purchases to check linux compatibility.

      Also, it's pretty comical to call one a "self-support penny pincher" because they question why they would purchase inferior hardware at a significant price markup just for linux support. I'm not "badmouthing" system76--I'm just wondering why it costs so much to brand a Clevo unit and put (and support) linux on it. Does the cost come mainly from the support?

      Comment


      • #23
        Originally posted by M1kkko View Post
        Well, at least on my Lenovo laptop, full disk encryption is supported on hardware level, I don't need any of that OS level nonsense and also there is no performance penalty for enabling encryption.

        Basically when you power on the laptop, the first thing you see is a password prompt, and without entering the password there is no way to even find out what operating systems I have installed.

        https://support.lenovo.com/en/solutions/migr-69621
        I already replied to you, but this was just too much. Please don't trust Lenovo with encryption nor security.

        https://arstechnica.com/information-...print-manager/

        Comment


        • #24
          Ubuntu offers home directory encryption via their GUI installer, but doing full-disk encryption is less straightforward on their platform
          Where does that come from? On the exact same screen where you can pick home directory encryption, you can choose to encrypt the whole hard drive as easily. I see nothing new here. Did I miss something?

          Comment


          • #25
            Originally posted by Flaburgan View Post
            Where does that come from? On the exact same screen where you can pick home directory encryption, you can choose to encrypt the whole hard drive as easily. I see nothing new here. Did I miss something?
            Ubuntu offers two different types of encryption:

            1) Full disk encryption, via dm-crypt, cryptsetup and LUKS. This requires device manager to encrypt at the block level, with the file system on top. YOu choose this at disk setup/partitioning time (using the "encrypted LVM" option). This is only in the advanced/TUI/server installer, not in the GUI installer:
            https://en.wikipedia.org/wiki/Dm-crypt

            2) Home directory encryption, via ecryptfs, which allows a virtual encrypted container to live on top of the file system, and be mounted per-user as required. This is an option you choose after disk partitioning, but before install, and is available in the TUI andd GUI installers.
            http://ecryptfs.org/

            Comment

            Working...
            X