I would assume that a full-disk encryption deployment would introduce additional writes each time the computer is booted up and shut down. Given that solid state disks are considered to have a lower average capacity for writes before failure, can a full-disk encryption solution lower the expected lifetime of the disk on which it is deployed?
If my assumptions are incorrect, then I suppose this is a moot point. Thanks in advance.
Answer
Think of encryption as an adapter. The data is simply encoded before being written or decoded before being read. The only difference is that a key is passed at some point (usually when the drive/driver is initialized) to be used for the encryption/decryption.
Here is a (rough) graphic I threw together to show the basic pattern:
As you can see, there is no need to perform extra reads or writes because the encryption module encrypts the data before the data is written to the platters and decrypts it before it is sent to the process that performed the read.
The actual location of the encryption module can vary; it can be a software driver or it can be a hardware module in the system (e.g., controller, BIOS, TPM module), or even in the drive itself. In any case, the module is “in the middle of the wire” between the software that performs the file operations and the actual data on the drive’s platters.
No comments:
Post a Comment