I want to install Fedora 36 with full disk encryption on my 12 years old Lenovo ThinkPad X201.
A test without encryption was positive, it’s still performant and runs well.
Now I’m wondering which filesystem I should choose.
BTRFS would have the advantage, that I could do snapshots very quick by Timeshift. A long rsync process in the background would need too much performance and I need performance because I use my laptop at work and have to do presentations with projection and broadcasting over the internet at the same time.
I want to use Timeshift because I need to restore my laptop after a bad update as quick as possible because I need my laptop reliably at a certain time.
But is BTRFS reliable enough? How reliable is it compared to ext4? (I have a 7 or 8 years old Crucial SSD, if that matters…)
Ext4 is known as a very solid and reliable filesystem but sadly can’t do snapshots like BTRFS. So rsync would be needed and it would take a very long time to restore an old image and would need many more disk space.
What would you choose? BTRFS? Ext4? Something else?
I’ve been running btrfs on Fedora since about 2015 and never had an issue with it. Btrfs came out around the same time as ext4 and had many of the same devs working on both. My main work machine is a ThinkPad P14 running btrfs with luks encryption. It’s the default filesystem for a reason. The only real stability issue for btrfs is for RAID5, which you aren’t going to be doing on a ThinkPad, so it should be suitable for what you want to do.
A supplement I would like to add: check if your old notebook has an AES-NI (AES instruction set = hardware implementation for AES en-/decryption). You can find out with lscpu | grep aes → if this outputs you a list of the many instruction sets which includes “aes”, then you are fine and you can use the normal disk encryption (AES-XTS) which is also created by default by Anaconda when installing Fedora in the graphical interface (just enable the “encryption” button when configuring disks).
If lscpu | grep aes does not output anything, your machine seems to not have the AES instruction set. In this case, I suggest to use Adiantum (including XChaCha) instead of AES-XTS, not for security but for performance reasons: AES can be a burden for your system performance (which indirectly includes battery life) if there is no hardware acceleration. Adiantum is still LUKS2: this only changes the algorithm and its mode of operation in LUKS2.
The command to create an Adiantum disk is contained, including a benchmark that shows the performance difference to AES if a system has no AES-NI.
Automatically determining by default if an installation should use AES-XTS or Adiantum/XChaCha is not yet widespread among Linux distributions. We want to change that in Fedora, but it has not yet been implemented (I think we will be the first to do that, but I am not absolutely sure). So you will have to create the encrypted disk manually in advance to the installation if you want to use Adiantum.
If you have issues with creating that, feel free to open a new thread about it and mention my name @py0xc3 then I can help with creating the disk.