Full disk encryption is a security measure that involves encrypting the entire contents of a computer’s hard drive or storage device. This includes the operating system, system files, application data, and user files.
Especially at work, having such protection in place provides so many benefits it’s a no-brainer wanting to have it enabled everywhere! Full disk encryption ensures that even if someone gains unauthorized access to the physical device or its storage media, they won’t be able to read the stored data without the correct decryption key.
Think of GDPR or HIPAA regulations and their strict privacy requirements and think of hybrid working environments (or full remote) where having access to a device is easier that in other settings, Full Disk Encryption make your device as usuful as a brick.
But is has a major disadvantage: performances.
In case you are using LUKS on a Solid State Drive, there is a nice trick that could be used to improve performances: adding no-read-workqueue
and/or no-write-workqueue
to /etc/crypttab
flag section.
These flags disable forcing each read and write operation going through Kernel queues. Originally on spinning hard drives having ordered reads or writes was a performance optimization but nowdays SSDs are snappier when doing random accesses to the disk, making these optimization actually hurt performances. If you have I/O intensive workloads you can benefit by disabling the queues.
Source for this is the ever awesome Arch Linux Wiki, which provides further links to learn more about where those flags come from.