You are not logged in.
- Topics: Active | Unanswered
Pages: 1
#1 2015-06-01 11:28:33
- OlaffTheGreat
- Member
- Registered: 2013-06-03
- Posts: 107
[solved] Arch Linux and SSD opal 2
Hi everyone,
First of all, I'd like to thank all of you to make such an efficient system with this forum. As I learn and go forward, I definitely improved my skills. Even I ran some crash and issues (rarely though), and I usually succeed to fix most of them without the need to post any thread for some time, since I find solutions here.
Ok, back to business.
I plan to buy a Thinkpad T450s, and search any information with the idea to install Arch on it. I already keep this kind of links. Even it is not the same model, there are many info already.
The constructor provide, for most of its models, SSDs with Opal 2 hard encryption functionality.
This thread mention this:
It is hard to find out if Opal drives support both versions
However the post is from 2013, perhaps more it is to say now.
First, I'd like to know if Arch Linux (or any Linux distro for that matter) can manage this Opal 2 functionality. And Since the technology is quiet recent, may we expect some bugs? Have any of you have some experience with it?
Second, would it make sence to add soft encryption such LUKS, which I use to that kind of hard encryption?
Since I don't *absolutely* need that kind of feature, I could also to buy a 500GB 7200rpm HD, and get later on, a classical SSD such as the one I use now. I am curious about your advices, ideas and opinions.
Last edited by OlaffTheGreat (2015-06-03 23:41:41)
Lenovo Thinkpad x230 i5-3320M 2.6GHz 250GB SSD (M4) 16GB
SSD | SeaBIOS | GPT | BTRFS | OpenRC | Xfce4 | Zsh | Tmux | Spacemacs
* "Aware Newbie" *
Ibus IM for language script support (e.g. 日本語 - 中文)
Offline
#2 2015-06-01 14:07:11
- ANOKNUSA
- Member
- Registered: 2010-10-22
- Posts: 2,141
Re: [solved] Arch Linux and SSD opal 2
First, I'd like to know if Arch Linux (or any Linux distro for that matter) can manage this Opal 2 functionality.
Self-encrypting disks are managed at the firmware level. The operating system has nothing to do with it. What matters is whether the machine itself can interface with it (by setting a password in the motherboard firmware menu). My T520 handles a Samsung 840 EVO self-encrypting drive just fine, so I imagine the T450s will as well. You could always contact Lenovo and ask.
Second, would it make sence to add soft encryption such LUKS I use to such an hard encryption?
No.
Offline
#3 2015-06-01 22:14:57
- OlaffTheGreat
- Member
- Registered: 2013-06-03
- Posts: 107
Re: [solved] Arch Linux and SSD opal 2
Thank you for your return.
In your opinion, would you have a preference for that hard encryption over provided by software?
Did you perform any particular setting in your system?
Lenovo Thinkpad x230 i5-3320M 2.6GHz 250GB SSD (M4) 16GB
SSD | SeaBIOS | GPT | BTRFS | OpenRC | Xfce4 | Zsh | Tmux | Spacemacs
* "Aware Newbie" *
Ibus IM for language script support (e.g. 日本語 - 中文)
Offline
#4 2015-06-03 14:01:37
- ANOKNUSA
- Member
- Registered: 2010-10-22
- Posts: 2,141
Re: [solved] Arch Linux and SSD opal 2
The are some small advantages to firmware-level encryption. Performance isn't affected, for one (though on an SSD that's negligible anyway). Security is slightly higher, since a) the drive cannot be altered in any way without the correct password or a hell of a lot of skill and very expensive specialized equipment; and b) a machine capable of utilizing firmware-level encryption won't even start up until the correct password has been entered. In all, though, there's really little difference between software-level and firmware-level encryption for the typical user. I just use the drive's encryption because it's there, and it's easier to set up than LUKS. (There's only one step: pick a password). 
Again, the operating system has nothing to do with this. The motherboard firmware menu (the BIOS) in the Thinkpad T series has the option to set a password in order to access the SATA ports. The user is prompted for the password before POST, so that the machine won't even initialize the hardware and try to boot a system until after the correct password has been entered. It's that setting that the drive's firmware interacts with. With normal drives, this just prevents that particular machine from accessing any disks. With a self-encrypting drive, setting a password activates the drive's internal encryption---making it inaccessible until the correct password is entered. Moving the drive to another machine, and the user will either be prompted for the same password by that machine, or the drive will just be unavailable. The OS won't even see it. Which can be a disadvantage, since forgetting your password means you lose your data and the drive.
Offline
#5 2015-06-03 15:29:23
- parchd
- Member
- Registered: 2014-03-08
- Posts: 421
Re: [solved] Arch Linux and SSD opal 2
I don't really know a lot about firmware-level encryption - it isn't something I've really come across in the real world - but I'd personally be suspicious of backdoors in something like firmware.
Then again, if the people after your data are the sort of people to be putting back doors into such things, you've probably got bigger problems.
Offline
#6 2015-06-03 23:40:43
- OlaffTheGreat
- Member
- Registered: 2013-06-03
- Posts: 107
Re: [solved] Arch Linux and SSD opal 2
Thank you for these clarifications.
This kind of encryption fits well into business world. And indeed, it seems much easy to set up than LUKS!
Lenovo Thinkpad x230 i5-3320M 2.6GHz 250GB SSD (M4) 16GB
SSD | SeaBIOS | GPT | BTRFS | OpenRC | Xfce4 | Zsh | Tmux | Spacemacs
* "Aware Newbie" *
Ibus IM for language script support (e.g. 日本語 - 中文)
Offline
Pages: 1