On Thursday, August 23, 2018 at 10:30:17 AM UTC-4, Jonathan Seefelder wrote: > If you keep wear-leveling in mind, and encrypt the ssd before you fill > it with sensitive data, id suggest an ssd. Ideally, you should encrypt > /boot also.
I've posted recommendations on how to add hardware drive encryption on top of Qubes' software encryption on this list before, so I won't repost that. In summary, Use an SSD that supports T13 ATA SANITIZE and TCG OPAL, and also remember to enable trim in dom0 ( https://www.qubes-os.org/doc/disk-trim/ ). Enable HW encryption (but also enable QUBES' software encryption). Bonus: using SSDs with the above features, when you are done with the system you can instantly (< 2s) erase all user data on the SSD by issuing either an ATA SANITIZE - CRYPTO SCRAMBLE EXT command or an OPAL PSID REVERT command (the latter requires the code printed on the drive label). Brendan -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/ab04c288-57ac-483b-ac8e-7ebbe6888a90%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.