View previous topic :: View next topic |
Author |
Message |
mbar Veteran
Joined: 19 Jan 2005 Posts: 1990 Location: Poland
|
Posted: Wed Apr 28, 2010 6:37 am Post subject: Do I lose TRIM under encrypted filesystem on SSD? |
|
|
My guess is yes, but I'd like to ask you anyway. The setup will be a SSD with partitions encrypted via dm-crypt (cryptsetup) and with ext4 on top of that. Does dm-crypt kill TRIM? |
|
Back to top |
|
|
Sadako Advocate
Joined: 05 Aug 2004 Posts: 3792 Location: sleeping in the bathtub
|
Posted: Wed Apr 28, 2010 12:17 pm Post subject: |
|
|
TRIM command passthrough via dmcrypt is apparently being worked on, but yes you do lose TRIM with dmcrypt, at least for the moment.
There was a fairly long thread on the subject on the dmcrypt mailing list recently, you should check it out.
There seem to be some security concerns with the use of TRIM, some of it looks overly paranoid, but a few points make real sense. _________________ "You have to invite me in" |
|
Back to top |
|
|
mbar Veteran
Joined: 19 Jan 2005 Posts: 1990 Location: Poland
|
Posted: Wed Apr 28, 2010 12:47 pm Post subject: |
|
|
Thanks. |
|
Back to top |
|
|
ssteinberg Apprentice
Joined: 09 Jul 2010 Posts: 206 Location: Israel
|
Posted: Wed Feb 02, 2011 9:04 am Post subject: |
|
|
Bringing this back up.
What is the status at the moment? Getting some conflicting results from Google. I don't mind the security flaw of non-random data from free blocks. I do mind no-TRIM on my SSD. So, dm-crypt with ext4+discard. Possible? |
|
Back to top |
|
|
ssteinberg Apprentice
Joined: 09 Jul 2010 Posts: 206 Location: Israel
|
Posted: Fri Feb 04, 2011 12:20 pm Post subject: |
|
|
Surely this is a relevant topic to some of us. dm-crypt + TRIM on SSDs? |
|
Back to top |
|
|
lkraav Tux's lil' helper
Joined: 13 Oct 2004 Posts: 129 Location: Estonia
|
Posted: Fri Apr 08, 2011 10:25 pm Post subject: |
|
|
watching this as well. i'm not digging the massive performance drop, where, what layer exactly does this massive slowdown come from right now? is it fixable and to what extent? |
|
Back to top |
|
|
Moriah Advocate
Joined: 27 Mar 2004 Posts: 2365 Location: Kentucky
|
Posted: Thu Sep 08, 2011 1:04 am Post subject: |
|
|
I too am watching this. I am running dm-crypt with luks to encrypt the entire ssd in my laptop. I boot from a usb stick using a pass phrase. This gives me 2 factor authentication. I run lvm on top of dm-crypt, then xfs on top of lvm. I need lvm snapshots, but only in read-only mode. This is for backup. All dm-crypt and lvm runs on the same drive; there is usually opnly one drive in the laptop, although I have a second sata slot. If I use the second sata slot, it is for a seperate removable drive, so lvm only applies to one drive at a time, as does dm-crypt.
I would like to change to ext4 and use trim, but I hear there are problems with lvm snapshots, and with dm-crypt.
What is the current status of all this? _________________ The MyWord KJV Bible tool is at http://www.elilabs.com/~myword
Foghorn Leghorn is a Warner Bros. cartoon character. |
|
Back to top |
|
|
lkraav Tux's lil' helper
Joined: 13 Oct 2004 Posts: 129 Location: Estonia
|
|
Back to top |
|
|
Moriah Advocate
Joined: 27 Mar 2004 Posts: 2365 Location: Kentucky
|
Posted: Mon Sep 12, 2011 3:48 pm Post subject: |
|
|
That was a good and thought provoking article.
What happens if a SSD is cleaned via data security erase (everything gets set to zero) and is then used with dm-crypt? If I leave everything set to zeros, I start out with the same problem (almost) as when I use TRIM. If I write random data to the disk, and fill it up, prior to using dm-crypt with a filesystem, then I have clobbered the free pool and destroyed my fast write time capability. Is there a solution?
Perhaps SSD and full disk encryption were just not made for each other? _________________ The MyWord KJV Bible tool is at http://www.elilabs.com/~myword
Foghorn Leghorn is a Warner Bros. cartoon character. |
|
Back to top |
|
|
tholin Apprentice
Joined: 04 Oct 2008 Posts: 203
|
Posted: Wed Sep 14, 2011 6:20 pm Post subject: |
|
|
Cryptsetup+trim is supported in kernel-3.1 and cryptsetup built from repo. Use the --allow-discards argument when doing luksOpen. |
|
Back to top |
|
|
Moriah Advocate
Joined: 27 Mar 2004 Posts: 2365 Location: Kentucky
|
Posted: Wed Sep 14, 2011 6:35 pm Post subject: |
|
|
That is useful advice, but that doesn't answer the question about being able to see the sectors that are all zeros because they have been trimmed, nor the question about using up all the pre-erased free blocks by using dd to copy an image to the drive, or to copy /dev/random to the drive before setting it up for LUKS/dm-crypt. _________________ The MyWord KJV Bible tool is at http://www.elilabs.com/~myword
Foghorn Leghorn is a Warner Bros. cartoon character. |
|
Back to top |
|
|
|