Arch Linux

860lacov

Member

Registered: 2020-05-02

Posts: 489

[SOLVED]How to enable fstrim on encrypted device

I just noticed that my encrypted partition is not trimmed.
I have fstrim.timer enabled but it trims only my efi and Windows partiton.

During installation I did encryption this way:

cryptsetup luksFormat /dev/nvme...

Am I right that if I want to use fstrim on this device I should follow:
Discard/TRIM support for solid state drives (SSD)

And if my systemd boot entry looks like this:

title Arch Linux
linux /vmlinuz-linux
initrd /intel-ucode.img
initrd /initramfs-linux.img
options cryptdevice=UUID=0873c55d-c7ec-43b6-9cc7-c8411f7605b6:cryptroot root=/dev/mapper/cryptroot rootflags=subvol=@ rw

I should change it to this??:

...
options cryptdevice=UUID=0873c55d-c7ec-43b6-9cc7-c8411f7605b6:cryptroot:allow-discards root=/dev/mapper/cryptroot rootflags=subvol=@ rw

Last edited by 860lacov (2021-10-16 16:41:09)

Gregosky

Member

From: UK

Registered: 2013-07-26

Posts: 181

Re: [SOLVED]How to enable fstrim on encrypted device

It was long time ago when I was setting things up but at the time I have setup a systemd timer to do trim for me:

[Unit]
Description=Discard unused blocks once a week
Documentation=man:fstrim
ConditionVirtualization=!container
ConditionPathExists=!/etc/initrd-release

[Timer]
OnCalendar=weekly
AccuracySec=1h
Persistent=true
RandomizedDelaySec=6000

[Install]
WantedBy=timers.target

860lacov

Member

Registered: 2020-05-02

Posts: 489

Re: [SOLVED]How to enable fstrim on encrypted device

It was long time ago when I was setting things up but at the time I have setup a systemd timer to do trim for me:

[Unit]
Description=Discard unused blocks once a week
Documentation=man:fstrim
ConditionVirtualization=!container
ConditionPathExists=!/etc/initrd-release

[Timer]
OnCalendar=weekly
AccuracySec=1h
Persistent=true
RandomizedDelaySec=6000

[Install]
WantedBy=timers.target

I'm not sure if you understand my question.
Enabling or manual fstrim is not a problem. But as I read not long time ago, trimming is disabled by default on encrypted devices for security reasons.
I probably don't need the highest protection, so I wanted to enable it. I have fstrim.timer enabled, and it works for non encrypted partition (for efi and Windows partition)
There is an article on Arch wiki about this, but I wanted to be sure if I understand it correctly.

cloverskull

Member

Registered: 2018-09-30

Posts: 243

Re: [SOLVED]How to enable fstrim on encrypted device

I have trim enabled on my luks encrypted root partition. I accept the security risk and think it's pretty insignificant. I do constant trim (vs setting a timer) with the kernel command line, by adding 'discard'. I admit I'm also not 100% sure I know what you're asking

Ammako

Member

Registered: 2021-07-16

Posts: 267

Re: [SOLVED]How to enable fstrim on encrypted device

I believe the wiki is fairly straightforward about this