3

My desktop machine is running Ubuntu 12.04 (and will probably stay with it until the next LTS). I've got a new 120GB SSD on the way as my existing 420GB spinning disk. If it makes any difference I'll be dual-booting with Windows 7 across both disks too.

I've read some helpful answers here about /home setup and enabling TRIM, which I intend to follow. So most of my /home will be on the SSD, with only photos, videos and music on the spinning disk.

The question is, when I reinstall Ubuntu from CD or USB, whether I should encrypt the SSD?

Specifically:

  1. I'm reading that drive wear isn't much of an issue with modern SSDs as they last decades even if you spam them. Is this true?
  2. How big a performance reduction will encrypting cause (I have an i7 Sandybridge, so I guess it can cope)?
  3. Is it more important from a security point of view to encrypt an SSD? I think I read somewhere that it may be hard to reliably wipe data.

By all means answer even if you only know about one of those things.

Community
  • 1
James Bradbury
  • 325

1 Answers1

4

Answer to question #1

According to this article the ssd's seem to have quite good reliability and operational times before they blow up. To quote it:

Lifespan: The longevity of SSDs, or lack of, as the case may be, is blown way out of proportion. Most will probably be surprised to hear NAND memory actually has a higher MTBF (Mean Time Before Failure) than DRAM. How often does your DRAM fail once you've passed the 3 month mark with it? Most SSDs have a MTBF of about 1 million hours plus (it's actually 1 million writes). Has anyone actually done the math on that? It works out to be over 20 yrs of continuous use; 24/7. This assumes adequate "free" space. A "full" drive (using more than 85% of its usable space) has very few (in the number of storage locations), blocks/pages/cells to work with in its normal day to day operations. This forces the SSD to use and reuse the same cells over and over again. The algorithm used for wear leveling goes to hell when the drive doesn't have enough free space for moving data. The cells that comprise the free space end up being used over and over, and will fail much sooner than those on the rest of the drive.

A lot (some say most) of the longevity of a drive actually has to do with the amount of "over provisioning" on the drive. Over provisioning is like spare parts for the drive (actually spare NAND). Artificial numbers, but say you buy a 128GB SSD. That SSD may actually contain up to 10% (12GB) of additional NAND that is not calculated into the drive size stated by the manufacturer.

NAND memory can/and does go bad, it's a fact of NAND life. The cells of NAND are little electronic traps, that trap electrons with "gate" technology (although not exactly the same), just like the gates of a transistor that runs your CPU. These "gates" over time can leak, be susceptible to leakage from adjacent cells, or just plain fail, among other things that render their use as problematic.

When an SSD's controller (firmware) determines that a cell is no longer performing like it should, it will replace the data location with one of the over provisioned blocks/pages, and no longer use the "defective" location. Depending on the firmware's coding, this is usually done on a "page" level (4 Kilobytes of space). It is basically the same as when a magnetic HDD marks a sector of its spinning platter as "bad"; although the HDD doesn't have the "spare parts" to replace the bad sector.

[EDIT]: According to this AskUbuntu Question too, Ubuntu has support for TRIM since version 10.10 Maverick Meerkat, so this should help the drive stay healthy and do a good job prolonging its lifespan.

Answer to question #2

The SandyBridge processors and later have built in processor extensions for handling encryption faster. This feature is called AES instruction set. From wikipedia:

The purpose of the instruction set is to improve the speed of
applications performing encryption and decryption using the Advanced
Encryption Standard (AES).

And some instructions as an example:

 - AESENC -> Perform one round of an AES encryption flow
 - AESKEYGENASSIST -> Assist in AES key round generation

Answer to question #3

You have to understand that you do not encrypt the device itself, but the data it contains. The ssd is just another hard disk. Is the information contained encryption worthy? And more importantly, is it worth to have a performance hit everytime you want to do something? (be it negligible or not, it still will be there, and my guess is it will show when there are great amounts of data to be read or written)

Community
  • 1
NlightNFotis
  • 2,500
  • 1
  • 16
  • 26
  • Thanks. Looks like TRIM+encryption needs more setup, discussed here. – James Bradbury Sep 13 '12 at 08:50
  • If this answered your question, please consider marking it as the accepted answer so that future readers can see what was the answer to your question. You can do so, by clicking the tick below the voting mechanism next to the answer. – NlightNFotis Sep 13 '12 at 08:52
  • @JamesBradbury I see that you are new here, so this might help you: http://askubuntu.com/faq#howtoask – NlightNFotis Sep 13 '12 at 08:54
  • Re 3. I understand and I'm keen to encrypt my data, just because it has emails, Firefox bookmarks and history, etc. – James Bradbury Sep 13 '12 at 08:54
  • 1
    Thanks, this is a helpful answer (and I've added feedback to say so), but I'll wait and see what else comes up before selecting a "winner". :) – James Bradbury Sep 13 '12 at 08:57
  • Highly recommended further reading: http://code.google.com/p/cryptsetup/wiki/FrequentlyAskedQuestions#5._Security_Aspects – Takkat Sep 13 '12 at 10:55