0

I have several non-boot NVMe disks whose data must be encrypted.

I have been running cryptsetup on the disks themselves without partitioning them, then making a filesystem on the devicemapper device.

Is there some reason that I should first be partitioning these disks (with one big partition over the whole disk) and running cryptsetup on the partition? These disks are strictly going to be part of a zpool, so I see no reason to partition them.

But I've heard that maybe this could cause the disk to experience more writes and a shorter lifespan.

Is there any merit to this claim?

tacos_tacos_tacos
  • 3,250
  • 18
  • 63
  • 100

1 Answers1

1

That claim doesn't make the slightest bit of sense.

The difference in number of writes is the LUKS header, which is a maximum of 16 MiB for the current LUKS 2. This is only written when the encrypted device is created, and when a key is added, changed or deleted.

So I guess it will shorten your drive's life by a few microseconds or less.

Whether you put the encrypted device in a partition or not is pretty much irrelevant to the drive life. Again, the difference is in a couple of writes (to the GPT and backup GPT) and you can measure the change in drive life in microseconds or less, in favor of not partitioning.

The difference is so minor that it's not even worth thinking about. Yet here we are...

That said, there are reasons to partition. For instance, some tools will think the disk is not being used for anything if it doesn't contain a partition table, and this can be confusing and lead to an admin accidentally overwriting the drive. You might also partition if only part of the drive is used for encrypted storage (e.g. the drive will contain a boot volume). There are probably other reasons I haven't recalled yet this morning...

Michael Hampton
  • 244,070
  • 43
  • 506
  • 972