Announcement

Collapse
No announcement yet.

Linux Full Disk Encryption Performance For The AMD Ryzen 7 PRO / HP Dev One

Collapse
X
Collapse
 
  • Page of 3
  • Filter
  • Time
  • Show
Clear All
new posts
Previous 1 2 3 template Next
  • #1

    Linux Full Disk Encryption Performance For The AMD Ryzen 7 PRO / HP Dev One

    Phoronix: Linux Full Disk Encryption Performance For The AMD Ryzen 7 PRO / HP Dev One

    One of the great defaults when installing Pop!_OS or receiving a pre-loaded laptop/desktop from System76 or the new HP Dev One is that it encourages full-disk encryption by default and prominently shown during the install process. I highly recommend full-disk encryption especially for laptops. As it's been a few years since running benchmarks looking at the overhead of LUKS encryption, here are some benchmarks of Pop!_OS 22.04 on the HP Dev One with the full disk encryption enabled and then a fresh install without encryption.

    Linux Full Disk Encryption Performance For The AMD Ryzen 7 PRO / HP Dev One - Phoronix
    https://www.phoronix.com/vr.php?view=31237
    Phoronix, Linux Hardware Reviews, Linux hardware benchmarks, Linux server benchmarks, Linux benchmarking, Desktop Linux, Linux performance, Open Source graphics, Linux How To, Ubuntu benchmarks, Ubuntu hardware, Phoronix Test Suite
    Tags: None
  • #2
    I haven’t looked into FDE for a few years now, but I recall there being something about trim on SSDs. Can you run fstrim with FDE?
    • Likes 1

    Comment

    • #3
      Nice to see a recent run of benchmarks for FDE. The Pop!_OS installer is really nice. Not only is encryption on by default, but it uses the same password you set up for your user so there aren't any extra setup steps that add friction for newcomers. It's obvious that System76 is one of the few Linux companies that actually give a shit about the experience for desktop users.
      • Likes 3

      Comment

      • #4
        What parameters were used to encrypt the disk? Just the Pop! _OS defaults, or did you choose a particular cipher?
        • Likes 3

        Comment

        • #5
          Originally posted by Espionage724 View Post
          I haven’t looked into FDE for a few years now, but I recall there being something about trim on SSDs. Can you run fstrim with FDE?
          Yes, it's been possible for ages even if you use LVM. I wouldn't use it otherwise.
          • Likes 4

          Comment

          • #6
            Originally posted by Espionage724 View Post
            I haven’t looked into FDE for a few years now, but I recall there being something about trim on SSDs. Can you run fstrim with FDE?
            I'm quite sure you can do trim nowadays. But be aware that trim gives away information to a possible attacker - like patterns where data is located on the disk. It might also make "plausible deniability" impossible.
            • Likes 2

            Comment

            • #7
              Originally posted by mazumoto View Post

              I'm quite sure you can do trim nowadays. But be aware that trim gives away information to a possible attacker - like patterns where data is located on the disk. It might also make "plausible deniability" impossible.
              Yeah that sounds familiar; can anything be done to decrypt or bypass the encryption with trim in that case? I don’t necessarily mind attackers knowing the drive is encrypted.
              • Likes 3

              Comment

              • #8
                Originally posted by johncall View Post
                What parameters were used to encrypt the disk? Just the Pop! _OS defaults, or did you choose a particular cipher?
                Pop defaults
                Michael Larabel
                https://www.michaellarabel.com/
                • Likes 3

                Comment

                • #9
                  Originally posted by Espionage724 View Post

                  Yeah that sounds familiar; can anything be done to decrypt or bypass the encryption with trim in that case? I don’t necessarily mind attackers knowing the drive is encrypted.
                  Nothing that I'm aware of.
                  • Likes 2

                  Comment

                  • #10
                    Does the PSP/CCP of Ryzen work on mobile devices? Theoretically it could be used as an accelerator for different crypto algorithms. I was pretty much out of luck with the driver claiming "ccp: unable to access the device: you might be running a broken BIOS." on a 3900X and a 5900X w/ the GB X570 Aorus Pro r1.0 with every BIOS up to AGESA 1.2.0.3C
                    • Likes 1

                    Comment

                    Previous 1 2 3 template Next
                    Working...
                    X