I’ve been contemplating on getting a SSD for my desktop. At the same time, I’ve been meaning to once again get my entire system partition encrypted (for now, I’ve only encrypted a directory within my home directory). I used to run an entirely encrypted system from a traditional hard disk, but I know an SSD is a different beast.<\/p>\n
According to Wikipedia, when software-based disk encryption (such as dm-crypt) is used, using the TRIM command reveals information about which blocks are in use<\/a>. This means you either have to disable TRIM and risk performace degradation to gain security, or keep TRIM and risk exposing information about your data.<\/p>\n And at least according to one user on StackExchange, even enabling TRIM won’t help protect the drive’s performance due to how software encryption works<\/a>.<\/p>\n So my best bet would be hardware-based encryption such as the one offered by the Kingston SSDNow V+ 100E Series. According to Kingston’s FAQ, the encryption on their disks utilizes the hard disk password feature of the BIOS<\/a>. From what I gather, that password is used as the encryption key, which means unauthorized access cannot be gained by simply bypassing the disk’s locking mechanism, unlike in drives with no built-in encryption. (It also means once you lose the password, there’s no way to recover your data<\/a>, as it should be in a truly secure system.)<\/p>\n