I am an Ubuntu user and want my SSD (Samsung EVO 850) to be fully encrypted. The problem is that my BIOS does not support the ATA password for some reason. I do not want to lose performance using software-based encryption. Do I have any alternatives to the ATA password in this case?
Add a comment
|
2 Answers
ATA passwords do not necessarily provide encryption – more often they just act like a lock which can be bypassed. And when a disk does support encryption internally, you still can't know whether it's as good as claimed; in the past, various HDs have been found to have utterly incompetent implementations.
However, any modern CPU that's fast enough to keep up with an SSD will also support hardware acceleration for AES encryption (aka "AES-NI"), and likewise most modern software encryption tools will make use of it automatically.
So your best option might be to simply use LUKS from within Ubuntu itself. (Use the default aes-xts cipher.) You'll get the best of both worlds.
First check cryptsetup benchmark and compare the results with Samsung EVO 850's maximum read speed of 540 MB/s. (For example, my i7 can decrypt at ~2100 MB/s, so worst case it'd need just 25% of a single core.)
Generally, ATA Security has nothing to do with TCG Opal (your SSD implements encryption in conformance with the latter). You can manage the encryption using appropriate software such as sedutil. Some BIOSes/UEFIs can do that too.