I’ve been contemplating on getting a SSD for my desktop. At the same time, I’ve been meaning to once again get my entire system partition encrypted (for now, I’ve only encrypted a directory within my home directory). I used to run an entirely encrypted system from a traditional hard disk, but I know an SSD is a different beast.
According to Wikipedia, when software-based disk encryption (such as dm-crypt) is used, using the TRIM command reveals information about which blocks are in use. This means you either have to disable TRIM and risk performace degradation to gain security, or keep TRIM and risk exposing information about your data.
And at least according to one user on StackExchange, even enabling TRIM won’t help protect the drive’s performance due to how software encryption works.
So my best bet would be hardware-based encryption such as the one offered by the Kingston SSDNow V+ 100E Series. According to Kingston’s FAQ, the encryption on their disks utilizes the hard disk password feature of the BIOS. From what I gather, that password is used as the encryption key, which means unauthorized access cannot be gained by simply bypassing the disk’s locking mechanism, unlike in drives with no built-in encryption. (It also means once you lose the password, there’s no way to recover your data, as it should be in a truly secure system.)
: My ASUS M4A78-EM doesn’t seem to support setting a HD password, so it looks like I’m out of luck until I upgrade my motherboard. :(
: I flashed the mobo with ATA Security eXtension -enabled BIOS and now I can haz hdd passwords.