[TRIM] (was: [ltp] X60s/200s with SSD, encrypted disk)

Luca Fornasari linux-thinkpad@linux-thinkpad.org
Sun, 21 Jun 2015 11:36:06 +0200


--001a11c29f1aed5e78051903e24c
Content-Type: text/plain; charset=UTF-8

On Sat, Jun 20, 2015 at 10:43 PM, Fabrice Bellet <fabrice@bellet.info>
wrote:

>  - issue_discards needs to be enabled in /etc/lvm/lvm.conf for LVM,
>  - and allow-discard in /etc/crypttab is needed for dm-crypt.
>
> dm-crypt developpers were reluctant about providing this discard option
> due to information disclosure problem, because discarded blocks can be
> blanked by the hardware (this was the case with my Intel SSD), which
> reveals information about which blocks are encrypted, and which blocks
> are not, without having to know the encryption key.
>

dm-crypt does not always honor discard option ... it depends on distros; as
an example Red Hat do not support it
______________
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Storage_Administration_Guide/ch-ssd.html
21.1 Deployment Consideration
The only DM targets that do not support discards are dm-snapshot, dm-crypt,
and dm-raid45
-------------------------

Cheers,
Luca

--001a11c29f1aed5e78051903e24c
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr"><div class=3D"gmail_extra"><br><div class=3D"gmail_quote">=
On Sat, Jun 20, 2015 at 10:43 PM, Fabrice Bellet <span dir=3D"ltr">&lt;<a h=
ref=3D"mailto:fabrice@bellet.info" target=3D"_blank">fabrice@bellet.info</a=
>&gt;</span> wrote:<br><blockquote class=3D"gmail_quote" style=3D"margin:0p=
x 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">=
=C2=A0- issue_discards needs to be enabled in /etc/lvm/lvm.conf for LVM,<br=
>
=C2=A0- and allow-discard in /etc/crypttab is needed for dm-crypt.<br>
<br>
dm-crypt developpers were reluctant about providing this discard option<br>
due to information disclosure problem, because discarded blocks can be<br>
blanked by the hardware (this was the case with my Intel SSD), which<br>
reveals information about which blocks are encrypted, and which blocks<br>
are not, without having to know the encryption key.<br></blockquote><div><b=
r></div><div>dm-crypt does not always honor discard option ... it depends o=
n distros; as an example Red Hat do not support it<br>______________<br><a =
href=3D"https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Li=
nux/7/html/Storage_Administration_Guide/ch-ssd.html">https://access.redhat.=
com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Storage_Administrat=
ion_Guide/ch-ssd.html</a><br></div><div>21.1 Deployment Consideration<br> T=
he only DM targets that do not support discards are dm-snapshot, dm-crypt, =
and dm-raid45 <br>-------------------------<br><br></div><div>Cheers,<br></=
div><div>Luca<br></div><div><br></div></div></div></div>

--001a11c29f1aed5e78051903e24c--