Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
SSD, dmcrypt, pam_mount, allow-discards
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Other Things Gentoo
View previous topic :: View next topic  
Author Message
porgy
n00b
n00b


Joined: 08 Dec 2011
Posts: 4

PostPosted: Thu Dec 08, 2011 7:32 pm    Post subject: SSD, dmcrypt, pam_mount, allow-discards Reply with quote

Hello,

I finally managed to get my encrypted ssd partition mounted via pam_mount. There is only one thing missing: the new discard-option which was introduced in kernel 3.1 and cryptsetup 1.4.

I can successfully use that manually but didn't find any way to use in pam_mount.
Code:
cryptsetup luksOpen --allow-discards /dev/sdaX <MAPPERDEV>


Is there any way to do that in /etc/security/pam_mount.conf.xml or where do I need to edit?

Thanks and best regards
porgy
Back to top
View user's profile Send private message
krinn
Watchman
Watchman


Joined: 02 May 2003
Posts: 7470

PostPosted: Fri Dec 09, 2011 3:28 pm    Post subject: Reply with quote

You are aware encrypting datas is not compressing datas ?
Because most (i won't say all, but i think that) encryption higher the datas size, and any bit change in datas will trigger re-encryption of datas.

Using encryption with SSD is then an action that should only be made by crazy users, or rich ones.


I'm sorry i don't have your answer for your question, but if i could let you save some bucks.
Back to top
View user's profile Send private message
porgy
n00b
n00b


Joined: 08 Dec 2011
Posts: 4

PostPosted: Fri Dec 09, 2011 4:06 pm    Post subject: Reply with quote

Thanks for your concern. As far as I know, cryptsetup has TRIM support since V1.4.
Bad thing on using TRIM on encrypted SSD is about possible footprints (discarded sectors) which might lead to decreased security [1]

See also Do I lose TRIM under encrypted filesystem on SSD?.

[1] http://asalor.blogspot.com/2011/08/trim-dm-crypt-problems.html
Back to top
View user's profile Send private message
czernitko
n00b
n00b


Joined: 06 Jun 2012
Posts: 2

PostPosted: Sat Jan 12, 2013 3:16 pm    Post subject: Reply with quote

I know that I am posting to an old thread, but since I am solving the same issue, this might help someone:
http://sourceforge.net/tracker/?func=detail&aid=3475297&group_id=41452&atid=430596
According to the author of this patch for pam_mount module, TRIM should be enabled simply by passing discard mount option.
Code:
<volume user="user" mountpoint="/home" path="/dev/sda3" fstype="crypt"
        options="defaults,noatime,discard,space_cache,ssd_spread,inode_cache,recovery,compress=lzo"
/>

This should be sufficient - if pam_mount detects the "discard" option, it should add --allow-discards to cryptsetup call.
PS: this is for really simple use case of having sda3 with LUKS/AES-XTS/Btrfs partition containing my user folder. I am the only user of this laptop, so this is the most appropriate scenario for me.
PS2: The patch was commited in January 2012 (after this thread was started), but I am not sure since which version of pam_mount the patch is incorporated.
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Other Things Gentoo All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum