Manjaro with Full Disk Encryption - how fast & how stable?

Nachlese · 24 March 2023 18:14

Adding to this:
the boot process takes longer only because of the amount of time Grub needs to decrypt and open the partition(s) / the encrypted container.
This can take a few seconds - maybe even 10s, depending on the power of the CPU - but once that is done, the impact of encryption is not noticeable.

Grub is not optimized to use multiple cores of a CPU - it only uses one.
That is why the process is so slow (… just a few seconds anyway).

You can cut down these initial few seconds by lowering the amount of iterations it will take Grub to open the encrypted container - but that will only save these few seconds on a fresh boot.
The fact that the system is encrypted will not (or only hardly) be noticeable during use.

… with an SSD hard drive I think it is quite a bit unusual to have a boot time of almost 1,5 minutes - for a spinning hdd this is to be expected
especially because Manjaro/Arch is a rolling release
lots of software gets updated pretty often - and that data gets written to different places on the spinning disk,
so: search and access times may suffer

This should not be an issue at all with SSD (non mechanical disks).

I know of no way to do that - someone who is logged in has access (with or without encryption).

You would need to move your data.
As for applications: no way around full encryption.

For your data: yes - but not for restricting someone running applications.

But once the system is up and running (the stuff is already decrypted/open) there is nothing you can do to prevent access through some kind of added encryption.

Stuff needs to be encrypted on the disk
else someone with physical access can just boot a live system or unplug/re-plug the drive - and voila:
there the data is

Not sure what scenario you want to be resilient against …

For me it would be:
my notebook sits there, powered off
in a hotel room - or when it might get stolen

I want to prevent access to whatever is on it.

The answer is: full encryption (or just the contents of $HOME)

I’m even confident to sell my (spinning) hard drive on eBay or whatever
just as it is right now - with everything on it

Someone would need to know my passkey to get access - … that is not going to happen during this lifetime by trial and error … aka:
brute force just will not work

ruziel · 24 March 2023 19:40

Thank you both for your comments, which are much appreciated. @jmagder I think I will follow your advice & stick with the default number of iterations. Hopefully the coders set it high enough, which I’m sure they did. I have a decent password.

@Nachlese Based on what you say, I think I made the right decision regarding full disk encryption. Although it takes a minute or so to boot, I can’t say I’m aware of it while I’m working.

More power to you both, Ruziel

Nachlese · 24 March 2023 19:59

yes, they did

If you want a faster boot process
you need to do some work (nothing terribly complicated)

If /boot is unencrypted
then the boot process will be as fast as … ever.
no noticeable delay

… not sure whether you’d want to go through the process of it all
(possibly takes hours)
just to save some 5 seconds on each boot.

But.
it’s not complicated - can be done rather easily.

… will take you hours, though

ruziel · 25 March 2023 10:09

Thanks for your comments. I like the fact that Manjaro offers full disk encryption at start-up. The fact that it takes longer to boot is no problem for me - security comes first on my laptop, as they are so much more prone to getting stolen.

This is the first time I’ve installed Manjaro in 5 years & I think the team have done a stellar job. The fact that one can choose between a minimal or full-blown installation is fantastic. It’s running beautifully, with no bloat.

More power to you & all on Manjaro!

Ruziel

varikonniemi · 25 March 2023 12:53

There is certainly something wrong if your machine takes 1m15s to boot. With your specs from bootloader engagement to login screen appearing should take no more than 15 seconds. FFS my pinephone manages to do that in 20 seconds

I had similar issue for more than a year on my machine, a zen2 system that sometimes booted in 10 seconds, but often it took a minute. Looking at logs nothing was printed, just huge delays during the initialization process off all hdd:s. Then completely unrelated one day i decided to upgrade the firmware on my unused SSD (contain my old OS from the time before switching to nvme drive). After that there has not been one boot taking more than 10 seconds.

ruziel · 25 March 2023 14:10

Thanks, I will time it again. It does seem rather long, that’s for sure.

system · 28 March 2023 04:11

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.