[NCLUG] linux laptop

Stephen Warren swarren at wwwdotorg.org
Thu Mar 17 10:33:03 MDT 2011 

On 03/17/2011 12:01 AM, Kevin H. Olson wrote:
> On 3/16/2011 11:59 PM, Michael Milligan wrote:
>> Degutan White wrote:
>>> I've heard Zareason:  http://zareason.com/shop/Laptops/
>>> System76 (local to denver)  http://www.system76.com/index.php?cPath=28
>>> and Lenovo for a linux laptop.
>>>
>>> Thanks for all the comments.  I still need to investigate the PGP full disk encryption.  Let me know if any of you have tried that on ubuntu.
>> Haven't tried that, but Ubuntu can do native full-disk encryption, but a
>> bit tricky to setup.  Google is your friend.
>>
>
> I would recommend investigating a hardware based encryption over
> software. The speed difference can be substantial. I have an IBM Laptop
> with a hardware encrypted hard drive that works great, and I definitely
> recommend it.

Personally, I'd recommend strongly against HW encryption on any modern 
system.

On my older 4-5 year old laptops, SW encryption had a very significant 
speed hit; it made almost everything noticeably slower even to people 
who didn't know to look for a speed difference, i.e. my wife.

However, on the new laptops we recently purchased (a low end mobile core 
i3 and high end mobile core i7) I basically see absolutely zero 
performance impact with FDE, either in day-to-day use, or even a kernel 
compile performance benchmark (which was CPU limited on both those 
systems). I use the i7 laptop for SW development work now.

Another advantage of regular Linux SW encryption is that you can pull 
the disk out and throw it in any other Linux system to rescue your data 
if your system or disk controller dies; the same advantage of Linux SW 
RAID over HW RAID controllers.

To address the difficulty to set this up: There are different Ubuntu 
installers (desktop, alternative, server). IIRC, in the most recent 
Ubuntu releases, the desktop installer is more oriented to using 
eCryptFS for just your home directory and requires use of the advanced 
partitioning dialog to set up full disk encryption, so you need to know 
how to layer FDE on top of the physical disk, LVM on top of that, etc. I 
think this advanced partitioning dialog is the default for the other 
installer versions. So, there's no simple checkbox for FDE. Still, it 
isn't that complex to set up, and plenty of people at NCLUG or hacking 
society could walk you through it.

More information about the NCLUG mailing list