archinstall icon indicating copy to clipboard operation
archinstall copied to clipboard

Published 20 hours ago verified publisher icon archlinux

[Request] Hardware Encryption Support

Open UtilFunction opened this issue 1 year ago • 2 comments

Cryptsetup has been supporting hardware encryption with TCG Opal-compliant drives since version 2.7.0. The forthcoming version 41 of the Fedora installer will also support this functionality. It is possible to utilise either hardware encryption only, or in conjunction with software encryption by incorporating a straightforward flag.

It would be nice to have this option within archinstall.

UtilFunction avatar Jul 23 '24 13:07 UtilFunction

Would this be something different to the HSM support we've had since v2.5.0?

Torxed avatar Jul 24 '24 08:07 Torxed

Yes, these two are not related. HSMs basically only deal with authentication and the handling of keys. Self encrypting drives perform encryption autonomously and hence without overhead on the host's CPU which is considerable even with AES-NI.

UtilFunction avatar Jul 24 '24 21:07 UtilFunction