alt Hacker NewsIt doesn't need to, if your disk supports OPAL2 - just set the password in BIOS and encrypt the drive, it's fully transparent to the OS and as a bonus, there's virtually no performance hit unlike software-based encryption like LUKS.
Replies
surajrmal • today at 2:55 AM
Luks can use hardware offload description via opal if configured accordingly. You are also at the vendors firmware implementation in terms of security.
udev4096 • today at 6:31 AM
The question is, does the stock SSD support OPAL2?
You are relying on every single ssd to have a secure implementation of encryption which is just never going to be true.
I’m not familiar with how the process works, but if you are setting the password somewhere, it’s exposed to being extracted. You want the password to be something you type in on boot.