HACKER Q&A
📣 sebastian_z

Does full disk encryption impact functionality of a developer machine?


I am interested in learning about any practical experiences, for example, certain programs no longer working or reduced performance.

  👤 simonblack Accepted Answer ✓
As Devil's Advocate here, I will pose this question: "What benefits are there in Full Disk Encryption?"

I see the use of Full Disk Encryption as being akin the problems faced by users when their disks are encrypted by Ransomware Hackers.

Do we really need Security by Obfuscation for 99.999% of machines? How many of us really need our disk drives to be encrypted?

I have looked at this question often. My verdict is that the potential problems of My Own Access to My Own Data and being locked out of it due to Full Disk Encryption are more of a pain than the minute possibility that some nasty 'other' person might make off with my data.

👤 smoldesu
LUKS and APFS volume encryption seem to be seamless in my experience. I've heard mixed things about Bitlocker, but as long as you aren't on Windows everything should run smoothly.
👤 LinuxBender
no longer working or reduced performance

I am assuming Linux. Some of this is also true for Mac.

Reduced performance, battery life for sure. If one has enough ram they can work around this by doing builds in a ram disk e.g. /dev/shm and then committing artifacts to the encrypted disk. Along that same line, if one is using tmpfs such as /dev/shm to do ephemeral work in ram then be sure that swap is either encrypted or disabled as tmpfs is swap-backed and one could leak sensitive information into unencrypted swap. MacOS by default does not or did not have a ram disk but you can manually mount one.

Performance impact can be somewhat mitigated by ensuring the encryption used is AES and that the CPU supports the AES-NI instruction set and a modern kernel is being used. Really old kernels had a single encryption write thread.

    lscpu | grep --color -i aes # or
    grep --color -i aes /proc/cpuinfo
Some proprietary encryption software can set exclusive locks on disks or files so unless you are using dm-crypt/LUKS2 that would be something to research ahead of time in the event you need direct-io access such as a database and even in those cases there is usually a configuration work-around.
👤 eimrine
My assumption is that battery life definitely will decrease, probably some cashing might work not as great as without encryption. Performance will be the same only if your CPU has hardware cryptography for the algorithm you choose but hardware cryptography does not save you from faster throttling then without encryption.
👤 PaulHoule
I spent a year developing an A.I. search engine on a machine with full disk encryption. I don't believe the performance was any worse.