Hi, On 2021-06-11 12:31 a.m., David Wright wrote: > I'm about to install buster or bullseye on a newly acquired laptop > with an SSD (a first for me). I'm intending to clean (zero or > randomise) the entire drive with dd before I start, and am > interested in any pitfalls with that. > > I will also encrypt the new /home partition, but for the remaining > partitions I need to decide whether to add mount's discard option, > or use a weekly systemd trim, or leave it entirely up to the garbage > collection in the SSD device itself (which is an nvme THNSN5512GPUK > TOSHIBA, presumably an OEM model supplied for this HP Spectre). > > The machine has 16GB of memory, so I wasn't intending to use swap. > (It won't have to hibernate, and if push came to shove, there's > always the possibility of setting up a swapfile or a ramdisk.) > > Background: > > The July 2017 system was pre-installed with Windows 10. > > I have copied the entire disk to external spinning rust, and can > mount partitions from this image. It's difficult to foresee my ever > wanting to reload and run this Windows system. > > The drive has unencrypted information on it, either in existing files, > or in deleted/overwritten/whatever ones (though I think that is > irrelevant to the method for erasing them). > > I don't work for the CIA, so "basic" erasure methods are sufficient, > ie so-called logical and digital sanitisation, but not analogue > sanitisation/purging. I'm just encrypting stuff like personal bank > records etc, and not looking for anything like plausible deniability. > > Cheers, > David. > Why do you really want so much encryption level (swap with discard, encrypted swap, encrypted all the partition, etc). Other than your user data and possibly some config files, not much use to encrypt everything. Do you have such a high risk of security breach that it's worth the speed lost imposed by encryption ? Because yes there's a cost and it's speed. -- Polyna-Maude R.-Summerside -Be smart, Be wise, Support opensource development
Attachment:
OpenPGP_signature
Description: OpenPGP digital signature