General :: LUKS Encryption Affect TRIM? (SSD And System)
Mar 26, 2010
I'm moving over to Linux when the new SSD arrives. SSD gives increased performance, so I thought that I could encrypt everything.
But then I came to think about TRIM, and garbage collection on the drive. Will a LUKS encrypted drive affect the garbage collection system? (TRIM).
View 3 Replies
ADVERTISEMENT
Mar 20, 2011
Is LUKS the best data/system encryption? Or is there one that is even better and stronger?
View 1 Replies
View Related
Mar 12, 2011
I'm trying to install a luks enabled grub for full system encryption. What modules are required by grub to load a normal ubuntu linux system and what is the type to use?
View 2 Replies
View Related
Jul 3, 2011
I have set up a Linux software RAID5 on three hard drives and want to encrypt it with cryptsetup/LUKS. My tests showed that the encryption leads to a massive performance decrease that I cannot explain. The RAID5 is able to write 187 MB/s [1] without encryption. With encryption on top of it, write speed is down to about 40 MB/s.
The RAID has a chunk size of 512K and a write intent bitmap. I used -c aes-xts-plain -s 512 --align-payload=2048 as the parameters for cryptsetup luksFormat, so the payload should be aligned to 2048 blocks of 512 bytes (i.e., 1MB). cryptsetup luksDump shows a payload offset of 4096. So I think the alignment is correct and fits to the RAID chunk size.
The CPU is not the bottleneck, as it has hardware support for AES (aesni_intel). If I write on another drive (an SSD with LVM) that is also encrypted, I do have a write speed of 150 MB/s. top shows that the CPU usage is indeed very low, only the RAID5 xor takes 14%.
I also tried putting a filesystem (ext4) directly on the unencrypted RAID so see if the layering is problem. The filesystem decreases the performance a little bit as expected, but by far not that much (write speed varying, but > 100 MB/s).
Summary:
Disks + RAID5: good
Disks + RAID5 + ext4: good
Disks + RAID5 + encryption: bad
SSD + encryption + LVM + ext4: good
The read performance is not affected by the encryption, it is 207 MB/s without and 205 MB/s with encryption (also showing that CPU power is not the problem). What can I do to improve the write performance of the encrypted RAID?
[1] All speed measurements were done with several runs of dd if=/dev/zero of=DEV bs=100M count=100 (i.e., writing 10G in blocks of 100M).
Edit: If this helps: I'm using Ubuntu 11.04 64bit with Linux 2.6.38. Edit2: The performance stays approximately the same if I pass a block size of 4KB, 1MB or 10MB to dd.
View 1 Replies
View Related
May 9, 2011
first i make one partiton ten format it add mount point and fire luksopen command and create secert file and enter this in crypttab but when i rebbot it showes scert file not found and partion remain unlocked
View 1 Replies
View Related
Jun 17, 2010
1.) I am wondering how to enable the lock to an encrypted partition which has been unlocked, using luks? On boot, I am been asked automatically for the pass phrase to unlock my partitions. After doing a back up, I want lock the encrypted partition again, but I don't know the command?! I umounted the partition but after mounting it again, I was not asked for the pass phrase but had access to my data.
2.) How secure is the default fedora version of luks? Is truecrypt better?
View 2 Replies
View Related
Aug 5, 2010
I've got some old drives using pre-LUKS loopback encryption, and I'm having problems mounting them on OpenSUSE 11.3. What I expected to work, based on past experiences with other distributions, is something along the lines of:
mount -t ext3 /dev/sdc11 tmp -o loop=/dev/loop1,encryption=AES256. When I try this I'm asked for the password, but then get the message "ioctl: LOOP_SET_STATUS: Invalid argument". Anyone have a clue what could be going wrong, or how I can best access these drives from OpenSUSE?
View 5 Replies
View Related
Jan 8, 2010
When 10.04 is released I'll encrypt my /home partition using luks. I've read that xts is good for hard drive encryption and aes is good for cipher encryption. I'm looking for something that is fairly secure without sacrificing a lot of speed.
View 2 Replies
View Related
Oct 21, 2015
I would like to configure my Debian Jessie system in this way.
Two partitions:
1) /boot on /dev/sda1
2) everything else on /dev/sda2
I want to encrypt the second partition with LUKS. And then install over it a LVM volume. Inside the LVM volume i will create the / (root), /var, /opt and /home virtual partitions. In this way, i'll get asked only once for the password to decrypt all partitions. Because if i don't use LVM, then i'll get asked for the password for each encrypted partition.
I can follow and understand almost everything of this HOW-TO for Archlinux: [URL] ....
Only two passages are unclear to me:
1) Configuring mkinitcpio
I don't understand what i should do here in order to complete this. What should i do in Debian to configure "mkinitcpio"? what is the equivalent thing to do here?
I thought that the kernel would automatically recompile itself with all installed modules on the Debian system, once cryptosetup/LUKS or LVM2 get installed.
2) Configuring the boot loader
I don't understand what should i write in /etc/default/grub. Will GRUB automatically load the LUKS and LVM2 modules? Also, I don't think that i could boot the system in this way:
cryptdevice=/dev/sda2:LVM root=/dev/mapper/LVM-????
Actually the "root=" volume is the whole volume to mount as LVM. It isn't the final root partition.
View 5 Replies
View Related
Jul 19, 2010
I'm planning a fresh F13 install, with separate partitions for /boot, /home, /tmp, /, and swap. All but /boot will be logical volumes, and I'd like to encrypt all but boot. If I encrypt the underlying partitions, is there any reason to also encrypt the logical volumes themselves?
my system will be:
HP dv6-3040us Pavillion laptop
AMD Phenon II
4GB DDR3
View 3 Replies
View Related
Jun 20, 2010
I'd like to know if there's a simple way to create a LUKS encryption drive with different passwords? A real one that leads to one set of data, and another that leads to a whole different set of data. Is this even possible with LUKS?
View 1 Replies
View Related
Feb 14, 2010
I know how to mount it manually. I've seen a howto on how to mount it automatically by loging in with the user, you type your username and password and it mounts your encrypted partition. But that's not what I want. My idea is to call cryptsetup and mount on boot, AND ask me for passphrase like when its loading the system, then if I don't type the right password it shouldn't mount /home, even though i type the correct USER password later when the system is loaded(and then I'd have an empty /home since my home partition wasn't mounted due to wrong passphrase).
This is what I tried: I added the commands to rc.local and I don't even feel like it was executed, no passphrase was asked. As a test if commands there were being executed, I tried simple commands lile mkdir /test and it worked. So commands there are executed, yet, no passphrase was asked to me, I looked on dmesg for crypt and found nothing, I pressed alt+ctrl+F1 desiring to find a passprhase-ask and again, nothing.
View 2 Replies
View Related
Dec 6, 2010
I am compiling some software (JWM) and it says that I must install the "development headers" for X11 and Xlib.My main question is, how will installing those packages affect my system.My less main question is how do I install them?
View 1 Replies
View Related
Aug 5, 2011
Will deleting dev/sda partition table ( msdos ) affect my windows 7 system? I am trying to install Fedora 15 on Virtual Box.
View 1 Replies
View Related
Aug 16, 2011
I plan to use newsbeuter for console RSS reading.This program has a config text file where I need to store my Google account password,in order to access my Google reader.I don't feel easy at making my password readable to everyone.Is there anyway I can somehow encrypt this information ?
View 1 Replies
View Related
May 16, 2011
I would love to be able to use TrueCrypt consistently across all my machines, be they Windows or Linux. As it stands, I can do full-disk encryption with pre-boot authentication only on Windows.
I don't really understand why this is. Are there technical challenges specific to Linux/Mac that make full disk encryption harder? Does anyone know whether TrueCrypt will support this in the near future.
PS. yes, I'm aware that there are other options. My goal is to simplify my life here and use the one tool across all machines.
View 1 Replies
View Related
Feb 1, 2016
I have two basically identical harddrives that are encrypted with LUKS containing a complete debian installation:
Code: Select allroot@x200s:/home/b# lsblk --fs
NAME FSTYPE LABEL UUID MOUNTPOINT
sda
├─sda1 ext2 0b851969-281e-4db2-8a5b-3798e801711b /boot
├─sda2
└─sda5 crypto_LUKS cfcf63ef-448a-4f72-9f58-8f7731cf3dfc
└─sda5_crypt LVM2_member 21CS3f-SQeQ-XcMr-kyDs-OPtR-egmT-HkvJAu
[Code] ....
sda is what I currently run to write this text, sdb is my former harddrive, connected via USB.
I want to access the root partition on sdb.
The problem is:
Code: Select allcryptsetup luksOpen /dev/sdb5 oldhd
Enter passphrase for /dev/sdb5:
root@x200s:/home/b# ls /dev/mapper/
control oldhd sda5_crypt x200s--vg-root x200s--vg-swap_1
root@x200s:/home/b# mount /dev/mapper/oldhd /mnt/
[b]mount: unknown filesystem type 'LVM2_member'[/b]
[Code] ..
Before all this, both sda and sdb where in the same volume group. I renamed the volume group of sdb to "oldDisk"
using
Code: Select allvgrename <UUID> oldDisk
How I can access the data on the root filesystem of my sdb..
View 2 Replies
View Related
May 25, 2011
I added a directory to the $PATH variable in /etc/profile. This works for my user account but not for root. It's easy to add it to my /root/.bashrc but I would like to understand whats's wrong. It's a widely unmodified Debian 6 so I think my changes should do the trick.
Here is what my /etc/profile looks like:
# /etc/profile: system-wide .profile file for the Bourne shell (sh(1))
# and Bourne compatible shells (bash(1), ksh(1), ash(1), ...).
if [ "`id -u`" -eq 0 ]; then
[code]....
Edit: The path I added is the distcc-stuff. Here is what echo $PATH tells me:
$ echo $PATH
/usr/lib/distcc/bin:/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games
# echo $PATH
/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
View 1 Replies
View Related
Mar 29, 2011
There are not SSDs with TRIM support available in my region that fit into my laptop (1.8", IDE, ZIF). I'm running Ubuntu 10.10.
Most articles (or questions on superuser) I've come across concering TRIM (or the lack thereof) date back to 2009, when not many SSDs with TRIM support were available and OS support was still very fresh.
I'm interested in the current situation, but I couldn't find too much information about it.
What are currently the "best practices" for using an SSD without TRIM under Linux?
I've read about the wiper script included with hdparm. Do I understand correctly that I could use this to free unused blocks, e.g. by running it once a month?
Some sources state that HFS+ (the default-filesystem of Mac OS X) doesn't suffer as badly from lack of TRIM as other filesystems. How about linux filesystems? Are there filesystems that are better suited for SSDs without TRIM than others?
View 1 Replies
View Related
Jul 8, 2011
My partition /dev/sda3 on an SSD drive doesn't contain any filesystem, but it contains garbage. How do I do a TRIM/DISCARD operation on the whole partition?
View 2 Replies
View Related
Nov 27, 2010
A while back I installed Dreamlinux 3.5 Gnome edition using ext2. When I attempted to use the email address books I imported from the Dreamlinux3.5 XFCE edition, which had been ext3, I discovered that none of the email addresses could be mailed to. I had to manually type in the addresses.
When I reinstalled Dreamlinux 3.5 Gnome using ext3, the same backup files that did not work in ext2 now work just fine. The question is, was this a "broken data" problem caused by the switch to ext2 file system or something else? Has anyone else experienced this?
The mail program is Thunderbird.
View 2 Replies
View Related
Mar 23, 2011
I have a bunch of files (around 900) that have some special characters. Some of the files contains example, and quoting "[useless] filename (something)"so what I want is just to strip the brackets and parenthesis, some are folders, others are text files
View 1 Replies
View Related
Jul 9, 2011
I wrote this script which works but it should run automatically about once per week. I hunted and experimented with KDE Task Scheduler (no dice and no help anywhere) and cron (confusing instructions and cannot edit crontab -e with vim, and cannot enter cron folders/files). I would settle for a desktop shortcut to run the script but found no for that.
Script:
Code:
#!/bin/bash
xterm -hold -e fstrim -v /
Machine:
OS: openSUSE 11.4 x86_64
[code].....
View 13 Replies
View Related
Jan 21, 2009
I need a FREE solution that can image an entire Luks system encrypted volume and the rest of the used HDD, the MBR and /boot partition. Note: MBR and /boot are not encrypted. Note 2: I want to be able to restore entire drive from image with only a couple of steps. Note 3: Destination HDD space is a factor. Image file must be compressed and the image file must be around 40 to 50 GB or less. The smaller the image the better.
I have used clonezilla live cd before but not for encrypted volumes. I know you can install it in Linux. But, I don't know how to configure it after installation. I would be very happy if someone could tell me how to configure clonezilla in Fedora. How to guides are also welcome. I have one more question. If I image the encrypted volumes and all the stuff I mentioned above while logged in to Fedora, and I restore the drive from the image, will the recovered drive still be encrypted?
View 8 Replies
View Related
Oct 11, 2010
Does anyone know any software for whole system drive encryption for Linux, I used to use truecrypt for windows, but truecrypt doesnt support system/OS partition/drive encryption....
View 4 Replies
View Related
Nov 21, 2010
i have hd encryption activated on my swap and home disks. now every 20 min or so (not really periodic but definetly reproduceable) my system hangs completely for about 4 - 10 sec while the hd led is on. i have a dual core cpu which makes this even more odd. could this be a side effect of hd encryption especially on the swap partition?
View 3 Replies
View Related
May 30, 2011
I'm trying to write a GUI text encryption application. I wrote the encryption system in a No GUI application like this::
[Code]...
Now I'm trying to write a GUI version, using the same algorithm. Here goes a rough image of my main window code. If you scroll down you'll observe a coloured part. As you see, the text in the first textbox gets copied into clipboard. That is the part where my encryption system should encrypt the data in the clipboard, and copy it again, and later on the new data will be pasted. How am I supposed to write that? If I have to use another signal, what is the receiver of that signal?
[Code]...
View 5 Replies
View Related
Jun 26, 2011
how to implement a password login system that both sends passwords over the internet in an encrypted form (so my users don't get that annoying message saying "this web site is about to send your password in an unsafe form..." and stores its user data in a MySQL database? This seems to need a combination of mod_auth_digest and mod_auth_mysql.
View 1 Replies
View Related
Jun 14, 2011
Kernel 2.6.21.5, Slackware 12.0
KDE 3.5.7
(Mozilla) Firefox 2.0.0.4
Do color settings in the desktop environment affect color in the web browser? Thanks.
View 2 Replies
View Related
May 16, 2011
I need to move a LUKS encrypted partition to the end of a harddrive to expand another partition. Does anyone know how to do this?
Is it possible to do this with other partition editing programs?
Gparted doesnt support LUKS/LVM
View 1 Replies
View Related