[TRIM] (was: [ltp] X60s/200s with SSD, encrypted disk)

Fabrice Bellet linux-thinkpad@linux-thinkpad.org
Sat, 20 Jun 2015 22:43:21 +0200

On Sat, Jun 20, 2015 at 10:19:09PM +0200, Uwe Brauer wrote:
>    > Hi,
>    > On Fri, Jun 19, 2015 at 07:38:33PM +0200, Bjørn Mork wrote:
>    > Not _exactly_ on my X220. The password you choose in the BIOS is
>    > somewhat "mangled" before being sent to the disk, with the ATA password
>    > mechanism (ATA Security Feature Set). I remember some information,
>    > explaining that _what_ is sent to the disk is somehow related to the
>    > keycodes of the keyboard.
>    > The consequence is that, when the disk is locked in this way, it cannot
>    > be unlocked on another computer (it would probably work with a same
>    > model). Which could be an important feature to recover data when the
>    > hardware needs to be serviced...
> Thanks for your information, maybe you find the following useful
> https://github.com/jethrogb/lenovo-password

oh thanks, very interesting information!

>    > For this reason, I reverted back to dm-crypt software encryption,
>    > because I want to be the owner of my encryption key, and I want
>    > to able to unlock my disk everywhere :)
> Do you mean LMV and dm-crypt. BTW does TRIM work in this setting?

yes, trim/discard is transmitted down the stack.
 - issue_discards needs to be enabled in /etc/lvm/lvm.conf for LVM,
 - and allow-discard in /etc/crypttab is needed for dm-crypt.

dm-crypt developpers were reluctant about providing this discard option
due to information disclosure problem, because discarded blocks can be
blanked by the hardware (this was the case with my Intel SSD), which
reveals information about which blocks are encrypted, and which blocks
are not, without having to know the encryption key.