SSD in notebook: Partitioning, LUKS/dm-crypt, LVM, swap

[qsuscs]

Hi there,

so I bought a new SSD for my notebook, a Crucial M500 CT240M500SSD1. Since a notebook is way easier to steal than a desktop (which has just plain ext4 on GPT), I want to encrypt the file system while being as SSD-friendly as possible.

• Partitioning: Is it enough to start on sector 2048 and align the Partitions to Mebibytes?
  
• LUKS/dm-crypt: Is there a good list/comparision of available ciphers? I didn’t manage to find one. Also, the Intel Core i5-520M has AES extensions, so that should be quite fast, shouldn’t it?
  I know that leaving the free space free is a security decrease, but improves SSD lifetime, how do I set that?
  
• LVM: Same thing, are the volumes by default aligned on MiB boundaries?
  Do I want that “thin” stuff?
  
• ext4: Is -o discard enough or should I enable other tweaks?
  
• swap: It is required for hibernate, but swapping to the SSD is to be avoided. Is it enough to set vm.swappines=0?

[szatox]

if you haev hardware support for AES, it's a no-brainer, just use it.
Also, if you encrypt your partitions, don't forget to encrypt swap as well.
Setting swappiness to 0 means "don't use swap unless you run out of RAM space", so yeah, it's pretty much enough.
Do you have any reason to use LVM? You only have a single SSD, right?

I think LUKS doesn't write random stuff to empty space itself, and you have to initialize it yourself if you want to have it randomized. Reffer to the manual to make sure though

[Hu]

Writing noise to the empty space can be useful to combat certain classes of cryptanalytic attacks. However, if your concern is only that you want to block the typical thief, encrypting the filesystems with a secure password should be sufficient.

[qsuscs]