My laptop isn’t under my supervision most of the time. And I’d hate it if someone were to steal my SSD, or whole laptop even, when I’m not around. Is there a way to encrypt everything, but still keep the device in sleep, and unclock it without much delay. It’s a very slow laptop. So decryption on login isn’t viable, takes too long. While booting up also takes forever, so it needs to be in a “safe” state when simply logged out. Maybe a way that’s decrypt-on-demand?

I’m on Arch with KDE.

  • UnRelatedBurner@sh.itjust.worksOP
    link
    fedilink
    arrow-up
    1
    ·
    4 months ago

    Is your idea to do the easier decrypt on boot, and optimize the boot times?

    I could probably do that, but someone else said that there is a decrypt on hibernate, seems better.

    • bloodfart@lemmy.ml
      link
      fedilink
      arrow-up
      3
      ·
      edit-2
      4 months ago

      Yeah im thinking do “normal” decrypt on boot. It’ll be easier to troubleshoot and recover from if something goes wrong and there’s fewer pitfalls to deal with.

      I also suspect that theres a problem with your computer because boot times have been pretty fast for many years now.

      E: I just now saw that you’re using an eighth generation intel processor, plenty of ram and an ssd.

      I have the same situation but a much older processor and my boot times from button press to desktop are ~10 seconds.

      Unless your expectations for boot times are way out of line, you ought to have no problem using decrypt on boot.

      One possibility is that your ssd has aged and is having to read those old system file blocks hundreds of times to get it right. Badblocks -n or spinrite level 2 or 3 scan fixes this problem.

      • UnRelatedBurner@sh.itjust.worksOP
        link
        fedilink
        arrow-up
        1
        ·
        4 months ago

        I bought it used, so I’m interested in your last point. I’ve reinstalled it - first thing I did. Do SSDs slow down overtime? And there is a linux command to fix that? Sound crazy, can you elaborate?

        • bloodfart@lemmy.ml
          link
          fedilink
          arrow-up
          1
          ·
          4 months ago

          Yeah badblocks -n /dev/your_target_device launched from a different boot device.

          You can’t run it from your install because it’s gonna read every block into memory and then write some crap to it and read it back to make sure the block works then write what was originally there back to it.

          It’s really important that you check yourself before you wreck yourself with the badblocks command because you can destroy data if you use the wrong flags.

          Another program that fixes that problem is spinrite. It costs money but it’s very useful and has a lot of good documentation.

          Each cell in the ssd isn’t a digital “1” or “0” but a charge coupled device that stores a voltage. Over time that potential changes in a way that’s directly proportional to the number of read cycles and age of the data from first write. When it changes enough, the controller has to try to read it many times to get a sane result it can send down the bus.

          That results in your ssd seeming slow.

          How long does it take to boot though, and what do you expect?