Comment by stavros
1 day ago
Hm yeah, I always think of encryption at rest as "the drive handles encryption itself", rather than "we encrypted these archives before we wrote them", but fair enough.
1 day ago
Hm yeah, I always think of encryption at rest as "the drive handles encryption itself", rather than "we encrypted these archives before we wrote them", but fair enough.
Not necessarily the drive, but yeah, where standards mandate encryption at rest you need to have the files on the live disk encrypted.
Usually it's much less of a headache to luks/bitlocker/SED the whole drive so that you don't have to worry about swap files and logs