My DYI edition framework 13 will be arriving later today (AMD 7040 series).
I’m planning to install Fedora 39 on it, and in terms of storage options I got a Samsung 990 Pro SSD, which supports OPAL 2.0 self-encryption.
The question now is, should I rather go with the OPAL hardware encryption, or with the encryption Fedora offers at install (LUKS)? From what I’ve seen so far, the opinions seem pretty mixed:
Software-based encryption requires more processor work, slowing down the system (and therefore possibly draining more battery?).
Hardware-based encryption seems to avoid this problem, but there’s a lot of discussions over both hardware and software based encryption being possibly unsecure under certain circumstances. Software based via LUKS would be open source though, while the hardware based encryption is not. So now I’m unsure which to pick.
Any advice on which one you’d recommend for me? Thanks in advance!
OPAL Hardware based encryption is a lot better than nothing but these days the performance and battery drawbacks of real software based encryption has become so small you might as well just use that.
Unless your workload contains some absolutely brutal disk io where every extra mb/s counts I vote software based.
I will do the same and will use OPAL. The question is, what is your threat level? If someone steals your laptop, he will not try to decrypt it, your data is safe. If your threat level is the intelligence service, forget it: xkcd: Security
Samsungs OPAL is proven to be secure it latest generations. There are some hypothetical attacks, which required the laptop to be on. No thief will ever try to decrypt it. With OPAL you have the benefits of high speeds and decreased CPU load.