Encrypted SSD+HDD for Win/Linux

Looking for friendly advice on setting up a computer that will have full system encryption and also access to both Windows (for games, gpu intensive) and Ubuntu (for work, cpu intensive). I currently have a dual boot system with no SSD and no encryption. I want to move to encryption and SSDs are getting affordable, so it's really tempting to grab that upgrade at the same time.

I'm ok with fully reinstalling both OS's. My MB is a GA-Z68XP-UD3 (http://tinyurl.com/75hepdy) and I have 3 HHDs, although I may drop one. I have 8GB of ram. I'd probably stick with Windows 7.

As far as I could see after looking into it, it looks like I have a few options:

(1) A single SSD with Windows and essential programs installed, with Ubuntu running in a VirtualBox VM. Encryption from Truecrypt.

(2) A single SSD, partitioned, with Windows, Ubuntu and essential programs installed. System encryption from Truecrypt with Linux encryption from LUKS. Basically following this guide: http://tinyurl.com/mxmv6ya

(3) A single SSD with Windows and essential programs, with Ubuntu on one of the HHDs. Encryption from Truecrypt for Windows and Linux encryption from LUKS.

(4) Two SSDs, with Windows+programs on one and Ubuntu on the other (which could be smaller). Encryption from Truecrypt for Windows and Linux encryption from LUKS.

 

Is anyone running any of these setups?

(1) is the cheapest and easiest for encryption, but I've never run a VM before so I'm not sure it will be as good as a dual boot. (4) is clearly expensive, and (3) wouldn't have SSD benefits for Linux.. (2) Seems ok but I don't know if will be too difficult to get working.

I'd really appreciate any comments or words of advice on the various setups! Having trouble deciding what would be best. Also curious if the system encryption would cause any issue in any of these setups.

Thanks!

 

For the best performance in two environments.  Install Ubuntu on the SSD encrypt with TrueCrypt then run Windows in a KVM with virt-manager and lib-vrt.  You can use PCI-e passthrough on the KVM to give Windows access to the GPU.  Set up Ubuntu to only use the iGPU.

https://help.ubuntu.com/community/KVM/CreateGuests

http://ubuntuforums.org/showthread.php?t=1293199

http://askubuntu.com/questions/288246/installing-windows-7-kvm-guest-on-ubuntu-12-04-headless-server-via-command-line

Is there a particular reason for wanting to use TrueCrypt? Why not use device block encryption instead, especially that there is such a feature directly in the linux kernel?

https://wiki.archlinux.org/index.php/Disk_encryption

That's one of the best tutorials about encryption that I have found.

For example, I have my entire disk encrypted, except a 1 GB boot partition, and I have used custom encryption options. If you decide to go with dm-crypt, you can find the fastest encryption options by running from the terminal "cryptsetup benchmark". I have verified the results that were given for my setup (by using dd to copy 10 GB of data on a partition encrypted with different ciphers) and they seem accurate.

Truecrypt, while it's been leaked that the NSA (so possibly all government does) has a passthrough it's still an awesome encryption software for those of us that just don't want some dickhead that steals our computer to have access to the drive.

Cool, thanks for the other options!

I hadn't thought about running Windows in a VM under Ubuntu.. can it really be as fast with games as native?

Where did you read that Truecrypt had a backdoor? I found these articles: http://tinyurl.com/m6actds and http://tinyurl.com/n3s6uux but I didn't find anything about a backdoor in Truecrypt specifically...

TrueCrypt is advertised as "open source", but it really isn't.  There is a campaign right now for TruCrypt to be audited.  It is very possible that there is a NSA backdoor in it.

If you want something open source try AESCrypt or EncFs.

http://istruecryptauditedyet.com/

It would be really fast running Windows uner KVM on Ubuntu.  Widnows will have full access to your hardware.  Just remember to use PCI passthrough.

Awesome, thank you for the link, I have heard rumors and concerns about TrueCrypt, but never had the time to search for information about this.

Damn, the VM in Ubuntu with PCI passthrough was sounding pretty fantastic, until... my cpu is an i5-2500K, which apparently doesn't provide VT-d (only VT-x). VT-d was only on the non-K version. :(

 

 

Yes, it is a complete mystery to me why Intel does that (especially when you get all the features with AMD's CPUs). That's why when people ask about intel I try to point this out.

Sorry for resurrecting a week old thread, but I wondered if anyone could comment on using BitLocker to directly use the SSD's hardware encryption, like:

http://www.anandtech.com/show/6891/hardware-accelerated-bitlocker-encryption-microsoft-windows-8-edrive-investigated-with-crucial-m500

Are there any concerns about the security? Would it  be hopeless with a Z68 MB? It looks like there's an updated firmware for my MB BIOS that offers UEFI, so in principle, I think this should be possible.

This seems like a good way to run Windows with Linux in a VM.