PGP Disk Encryption Safe for Solid State Drives

After slapping an Intel X25-M solid state drive in my MacBook Pro I received a few inquiries from readers asking if it was safe to use PGP Whole Disk Encryption with SSDs being known for having limited lifespans. I reviewed PGP WDE for OS X two months ago and fell in love with it; utter simplicity, trusted security and it doesn't affect system performance. However, a common misconception is that there is a lot of encryption happening in the background that puts undue stress on the hard drive, and as such, would be risky to employ on a solid state drive.

I contacted PGP about this concern and here's what Jon Callas (Cofounder, CTO, and CSO of the PGP Corporation) had to say:

The short answer is that it doesn't have an effect on life. Encrypting the disk is going to do a sweep across the disk reading and writing all the blocks. The disk is rated for many reads and writes. This is just one. After the disk is encrypted, it works just like it did, except that the data is encrypted before it is written. For any block B of data, the write is of E(B). That's it.

The longer answer is that while the short answer is true, there are some more issues that no one can give you a definitive answer on, because there is none.

All flash systems have wear leveling in them. Wear leveling operates below the main drive and makes sure that repeated writes to a "physical" block are actually spread out across the flash.

Wear leveling systems are not only proprietary, but constantly changing. The same core flash system from different providers will have different wear leveling systems, and a single manufacturer is constantly updating their own wear-leveling systems. (A similar thing goes on in rotating media, where different revisions of firmware on a spindle might have a completely different encoding system.)

We could also debate about whether or not the wear leveling would leave plaintext in some nook or cranny. My answer is probably not -- since the WDE process is doing a sweep across the drive, it has to hit every sector. But of course, there are extra sectors for bad block replacement as well. We quickly get into the area where there's no possible definitive statement.

However, if one is really paranoid, it should be obvious that it is better to encrypt the disk before you put sensitive data on it, because that will always be protected. So, for example, if you got a brand new MacBook Air, encrypt the thing before you migrate.

I attended a talk this year on flash systems, and learned a lot about the internals of flash disks, but that was months ago. The bottom line is that because the encrypt is one sweep across the disk, it's minimal in effect.

Let me add one more thing that you likely didn't know: once you start running WDE, you will actually improve the life of your SSD boot drive. The reason for this is "safesleep." Safesleep is what the modern Macs use for sleeping.

There are really two types of sleeping, "suspending" and "hibernating." In suspend, the machine is running and powered, but in a low-activity state. In hibernate, the contents of memory is written out to disk and then the running system is restored from there.

Safesleep does both. It both writes all of memory out to disk (in /var/vm/sleepimage), and then suspends the system. If you pop the battery (for example), it will restart from the sleepimage.

When you set up WDE, we disable the hibernation. There are a number of reasons for that. One is that actually, based on the way we do the EFI Boot, Apple disables the hibernation, not us. But if they didn't, we would. Hibernate images are dangerous things because they contain all of memory, including crypto keys. (I find it amusing to worry about coldboot attacks, myself. Hibernation is much more dangerous. I leave the effect of sleepimage on the FileVault as an exercise for you to think about.) We do not yet have a good way to safely do hibernation. What I mean by safe includes both making sure the system boots correctly and without errors, and making sure that the sleepimage is properly encrypted. We hope to have a solution soon, we just don't have one now.

Nonetheless, if you're using an SSD, it's writing all of memory out every time you close the lid on your laptop. With WDE, you are not. Therefore there's less wear on your disk. (By the way, there are other ways to disable hibernation -- I once saw a control panel to do it. I don't meant to imply that this is the only way, just that if you install WDE and do nothing else, you will lower the wear on your SSD.)

Jon touched on how OS X systems with PGP WDE do not use hibernation anymore, something I wrote about last December as a way of quickly sleeping your MacBook. If you're not in using that already, I highly suggest it:

sudo pmset -a hibernatemode 0

I just installed PGP Whole Disk Encryption on my X25-M and imported my previously created encryption keyring files. The encryption process took a bit longer than an hour, compared to the 2-3 hours it took on my MacBook Air.

Thanks for the reply Jon!

Have you begun encrypting personal files since my WDE review?