Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
Do I lose TRIM under encrypted filesystem on SSD?
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Kernel & Hardware
View previous topic :: View next topic  
Author Message
mbar
Veteran
Veteran


Joined: 19 Jan 2005
Posts: 1952
Location: Poland

PostPosted: Wed Apr 28, 2010 6:37 am    Post subject: Do I lose TRIM under encrypted filesystem on SSD? Reply with quote

My guess is yes, but I'd like to ask you anyway. The setup will be a SSD with partitions encrypted via dm-crypt (cryptsetup) and with ext4 on top of that. Does dm-crypt kill TRIM?
Back to top
View user's profile Send private message
Sadako
Advocate
Advocate


Joined: 05 Aug 2004
Posts: 3753
Location: sleeping in the bathtub

PostPosted: Wed Apr 28, 2010 12:17 pm    Post subject: Reply with quote

TRIM command passthrough via dmcrypt is apparently being worked on, but yes you do lose TRIM with dmcrypt, at least for the moment.

There was a fairly long thread on the subject on the dmcrypt mailing list recently, you should check it out.
There seem to be some security concerns with the use of TRIM, some of it looks overly paranoid, but a few points make real sense.
_________________
"You have to invite me in"
Back to top
View user's profile Send private message
mbar
Veteran
Veteran


Joined: 19 Jan 2005
Posts: 1952
Location: Poland

PostPosted: Wed Apr 28, 2010 12:47 pm    Post subject: Reply with quote

Thanks.
Back to top
View user's profile Send private message
ssteinberg
Apprentice
Apprentice


Joined: 09 Jul 2010
Posts: 206
Location: Israel

PostPosted: Wed Feb 02, 2011 9:04 am    Post subject: Reply with quote

Bringing this back up.
What is the status at the moment? Getting some conflicting results from Google. I don't mind the security flaw of non-random data from free blocks. I do mind no-TRIM on my SSD. So, dm-crypt with ext4+discard. Possible?
Back to top
View user's profile Send private message
ssteinberg
Apprentice
Apprentice


Joined: 09 Jul 2010
Posts: 206
Location: Israel

PostPosted: Fri Feb 04, 2011 12:20 pm    Post subject: Reply with quote

Surely this is a relevant topic to some of us. dm-crypt + TRIM on SSDs? :?
Back to top
View user's profile Send private message
lkraav
Tux's lil' helper
Tux's lil' helper


Joined: 13 Oct 2004
Posts: 121
Location: Estonia

PostPosted: Fri Apr 08, 2011 10:25 pm    Post subject: Reply with quote

watching this as well. i'm not digging the massive performance drop, where, what layer exactly does this massive slowdown come from right now? is it fixable and to what extent?
Back to top
View user's profile Send private message
Moriah
Veteran
Veteran


Joined: 27 Mar 2004
Posts: 1913
Location: Kentucky

PostPosted: Thu Sep 08, 2011 1:04 am    Post subject: Reply with quote

I too am watching this. I am running dm-crypt with luks to encrypt the entire ssd in my laptop. I boot from a usb stick using a pass phrase. This gives me 2 factor authentication. I run lvm on top of dm-crypt, then xfs on top of lvm. I need lvm snapshots, but only in read-only mode. This is for backup. All dm-crypt and lvm runs on the same drive; there is usually opnly one drive in the laptop, although I have a second sata slot. If I use the second sata slot, it is for a seperate removable drive, so lvm only applies to one drive at a time, as does dm-crypt.

I would like to change to ext4 and use trim, but I hear there are problems with lvm snapshots, and with dm-crypt.

What is the current status of all this?
_________________
The MyWord KJV Bible tool is at http://www.elilabs.com/~myword

Foghorn Leghorn is a Warner Bros. cartoon character.
Back to top
View user's profile Send private message
lkraav
Tux's lil' helper
Tux's lil' helper


Joined: 13 Oct 2004
Posts: 121
Location: Estonia

PostPosted: Thu Sep 08, 2011 8:29 am    Post subject: Reply with quote

some reading from dm-crypt core dev in the meanwhile: http://asalor.blogspot.com/2011/08/trim-dm-crypt-problems.html
Back to top
View user's profile Send private message
Moriah
Veteran
Veteran


Joined: 27 Mar 2004
Posts: 1913
Location: Kentucky

PostPosted: Mon Sep 12, 2011 3:48 pm    Post subject: Reply with quote

That was a good and thought provoking article. :D

What happens if a SSD is cleaned via data security erase (everything gets set to zero) and is then used with dm-crypt? If I leave everything set to zeros, I start out with the same problem (almost) as when I use TRIM. If I write random data to the disk, and fill it up, prior to using dm-crypt with a filesystem, then I have clobbered the free pool and destroyed my fast write time capability. Is there a solution?

Perhaps SSD and full disk encryption were just not made for each other? 8O
_________________
The MyWord KJV Bible tool is at http://www.elilabs.com/~myword

Foghorn Leghorn is a Warner Bros. cartoon character.
Back to top
View user's profile Send private message
tholin
n00b
n00b


Joined: 04 Oct 2008
Posts: 50

PostPosted: Wed Sep 14, 2011 6:20 pm    Post subject: Reply with quote

Cryptsetup+trim is supported in kernel-3.1 and cryptsetup built from repo. Use the --allow-discards argument when doing luksOpen.
Back to top
View user's profile Send private message
Moriah
Veteran
Veteran


Joined: 27 Mar 2004
Posts: 1913
Location: Kentucky

PostPosted: Wed Sep 14, 2011 6:35 pm    Post subject: Reply with quote

That is useful advice, but that doesn't answer the question about being able to see the sectors that are all zeros because they have been trimmed, nor the question about using up all the pre-erased free blocks by using dd to copy an image to the drive, or to copy /dev/random to the drive before setting it up for LUKS/dm-crypt. :(
_________________
The MyWord KJV Bible tool is at http://www.elilabs.com/~myword

Foghorn Leghorn is a Warner Bros. cartoon character.
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Kernel & Hardware All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum