A new proposal to have optional support for native hardware encryption (TCG OPAL2 standard)

  • unskilled5117
    link
    fedilink
    English
    arrow-up
    7
    ·
    4 months ago

    Some SATA and NVMe devices support hardware encryption (TCG OPAL2 standard) and with the latest cryptsetup LUKS devices can be configured to use hardware encryption to encrypt the data either by itself or together with the existing dm-crypt software encryption. Support for this feature was added in the latest cryptsetup upstream release and we’d like to provide an option for users to use this feature when installing Fedora with disk encryption.

    As this is an expert option, it will be available only through the kickstart interface. […] There will be two new options to select either hardware encryption only or hardware encryption in combination with software encryption (analogous to the --hw-opal-only and --hw-opal options used when configuring hardware encryption with cryptsetup).

      • devfuuu@lemmy.world
        link
        fedilink
        arrow-up
        4
        ·
        4 months ago

        I wouldn’t trust any drive that offers the feature. We already know that those that have that thing to delete files or wtv it is called doesn’t work well, I would not touch with a foot long stick anything related to crypto on the hardware level.

        • 4am@lemm.ee
          link
          fedilink
          arrow-up
          2
          ·
          4 months ago

          For a drive with throwaway data where performance might be a concern but data protect is a nice-to-have it’s fine. Think games or a cache disk for art workstations