Little introduction.
AlmaLinux 9 as a server from less than a year and I’m trying to make the default Linux distro for my main laptop workstation. At the moment I have Fedora, because I have an Asus ROS gaming laptop (not used for gaming…) and there are some packages wrote specifically for that distro, also from the kernel 6.1.x, it contains a specific patches for working. But the rolling release nature of Fedora, give me a lot of instability of the system. I need something more stable, so I thought to move on Ubuntu LTS, when I understand that Alma Linux 10 works with Kernel 6.12.x, so I think I could get the laptop working with the native kernel patches, running on Alma.
End of introduction.
My laptop SSD is encrypted with sedutil because it is Opal (hardware encryption; SED). So, not like classic LUKS, were the password is prompted before the grub, I have the annoying thing to start the machine, boot the sedutil prompt, enter password, reboot the machine and only than the bios/uefi found the grub on the file system. This is becase I want the maximum lifespan (less write operations) and performance of the disk (with classic LUKS software the performances drop around 35/40%).
Now I know, LUKS is capable to handle the Opal hardware encryption system. Do you know if it could be possible to format the partitions enabling it, during the installation process?
Hi there
I never use encryption on my system disks as i like you want maximum disk performance for the system.
Instead i encrypt a Data partition with VeraCrypt for all sensitive data… and i never save passwords in the browser or other system apps.
I do have KeypassXC, but the database file is located on the encrypted partition.
So if i get my computers stolen… it has no personal data on my system disk… and for my web browser bookmarks… i dont care if anyone see them as the browser it self dont contain any usernames or passwords.
So maybe my solution might be a solution for you too.
but I experienced the software encryption of VeraCrypt is a lot slower than Luks.
I have a second disk, a 990 pro, having top performance (4~5 GB/s average r/w speed) and with VeraCrypt (single AES encryption and XFS) the average transfer speed using rsync was about 100~200 MB/s (drops to 15~30MB/s for small files), so I formatted it to XFS and lock it using Luks, the average speed goes up to 1 GB/s
Now, that kind of PRO disks, are designed for maximum writes of 1200 TB total. So it could be a good thing to check every 4-5 months the total count of written data, so it could be easly to do a customized lifespan data and prediction.
