LUKS LVM XFS doesn't support TRIM with fstrim

Moriah · Last edited by Moriah on Sun Mar 31, 2024 5:04 pm; edited 1 time in total

I have my root filesystem, /, on an SSD that is whole disk encrypted with LUKS and uses LVM without a partiton table. I am told that XFS supports TRIM, but when I run fstrim on it, I get:

sdauth · Guru Joined: 19 Sep 2018 Posts: 569 Location: Ásgarðr

Probably not the case but I remember having this issue when my SSD (fde with luks, lvm) was connected to my SAS HBA adapter, the only way to make trim work was to connect it directly to a SATA3 port on the motherboard instead. The SAS HBA (my model!) doesn't handle trim command.

NeddySeagoon · Posted: Sun Mar 31, 2024 5:03 pm Post subject:

Moriah,

The default on LUKS is notrim. If you use trim, unallocated regions will be erased and no longer filled with random data.
This gives away the location of your encrypted data.

If you are aware of the security implications, its possible to enable trim on LUKS.
_________________
Regards,

NeddySeagoon

Computer users fall into two groups:-
those that do backups
those that have never had a hard drive fail.

Moriah · Posted: Sun Mar 31, 2024 5:12 pm Post subject:

@sdauth: The SSD is connected directly to a SATA3 port.

@neddy: Thanks, that makes good sense. I have been running SSDs without TRIM for years on this laptop. I recently decided to try using TRIM, and when it didn't work, I posted this question. I will continue to run without TRIM, as security is more important.

When I do a major upgrade, I usually bulk erase the SSD using its data security erase function, then copy the files I need to restore from my backup server. That does the equivalent of a TRIM, but I only do this maybe every couple of years.

I just replaced the SSD with a brand new drive and thought TRIM would be a good idea, but now I understand that TRIM is not a good idea combined with LUKS.

Thanks!

_________________
The MyWord KJV Bible tool is at http://www.elilabs.com/~myword

Foghorn Leghorn is a Warner Bros. cartoon character.

Hu · Moderator Joined: 06 Mar 2007 Posts: 21650

TRIM can be safe with LUKS, if your security model can tolerate the implications. As Neddy says, once a TRIM has run, anyone with read access to the drive can tell the difference between a sector containing nothing (TRIM erased it) versus a sector containing data (which, due to LUKS, will be encrypted data). If your security model calls for all the data sectors on the drive to appear to be completely random, then yes, TRIM is bad for your security model. If your security model allows an attacker to know how much data is on the drive, and you only care about preventing the attacker from understanding the contents, then TRIM making the empty sectors appear empty can be fine. A common corporate security use-case of LUKS has the goal that a lost/stolen drive does not allow the attacker to retrieve any company data. Such a policy holds that it is fine if the attacker knows your laptop holds 100GiB of company proprietary data, as long as the attacker cannot read even 1 byte of that proprietary data.

On the other end, you have the use case where even admitting the data is LUKS-encrypted could expose you to physical or legal consequences, and absolute deniability is necessary. For that case, you definitely want to disable TRIM. (Though personally, I find it hard to envision a plausible scenario where admitting to LUKS has consequences of that severity and the adversary will find it completely acceptable and believable that you are carrying a drive of purely random data. Adversaries that hate LUKS that much will likely assume that "random" data is just a LUKS container they have not yet broken, and penalize you as if you had admitted to it being LUKS.)

NeddySeagoon · Posted: Sun Mar 31, 2024 6:24 pm Post subject:

Moriah,

If your SSD is over provisioned, not doing trim may not be the speed penalty it once was.

The over provisioned space is known to the drive but hidden from the user. It takes part in wear levelling though.

The drive can do a 'quick erase' by swapping an erased block from the already erased over provisioned space into the user space. Then erasing that block later.
If the drive can do this or not depends on the firmware and that's a trade secret :)

Think of the over provisioned space being like spare sectors and tracks on a conventional HDD.
_________________
Regards,

NeddySeagoon

Computer users fall into two groups:-
those that do backups
those that have never had a hard drive fail.

Moriah · Posted: Sun Mar 31, 2024 7:31 pm Post subject:

Put me in that paranoid category of not wanting the attacker to make any sense of the drive at all. Since the drive is in a laptop, the possibility or a lost or stolen laptop must always be considered.

BTW I treat my large spinner backup server drives the same way. They are members of a 3-way RAID-1 mirror. I periodically (typially once per week) pull a drive from the array and air gap it for extra security. Less frequently, when the RAID get nearly full, I pull a drive and take it to the safe deposit box at the bank for long term archival. By having triple redundancy, I have double redundancy even when I pull and replace a drive while it is catching up.

Nobody but me (or maybe the NSA) can make any use of the data on these drives, either from the backup server, or from the laptop. You could say I do it that way because "I can", but I keep sensitive client files on my laptop, and it gets backed up to the backup server, so I need to protect their data in the best way that I can.

I have been running this way for about 16 years.
_________________
The MyWord KJV Bible tool is at http://www.elilabs.com/~myword

Foghorn Leghorn is a Warner Bros. cartoon character.

Zucca · Posted: Mon Apr 01, 2024 7:54 am Post subject: