Arch Linux

hotcapy

Member

Registered: 2023-01-10

Posts: 3

[SOLVED] NVMe M.2 SSD + LUKS2 + Btrfs

Hello, dear Arch users!

My configuration is the following: NVMe M.2 SSD ("Samsung 970 EVO Plus 1TB"), LUKS2 full-disk encryption, Btrfs filesystem.

I want to enable continuous TRIM with Btrfs-specific "discard=async" mount option in /etc/fstab file.

Since GRUB bootloader image is a single unencrypted file on entire drive, I use my passphrase to unlock GRUB itself first, and then, when I choose menu entry with kernel, keyfile is used to unlock and mount root filesystem.

That way, and using sd-encrypt hook, I have encryption related settings in both /etc/default/grub and /etc/crypttab files:

# /etc/default/grub

GRUB_CMDLINE_LINUX_DEFAULT="rd.luks.name=*UUID*=linux rd.luks.key=*UUID*=/crypto_keyfile.bin root=/dev/mapper/linux"

# /etc/crypttab

linux UUID=*UUID* /crypto_keyfile.bin luks

According to Wiki, I set flags for my LUKS2 container to allow using discard:

# cryptsetup --allow-discards --perf-no_read_workqueue --perf-no_write_workqueue --persistent refresh linux

And now, from fully working system, here is an output of

# dmsetup table

command:

linux: 0 1953484800 crypt aes-xts-plain64 :64:logon:cryptsetup:*UUID*-d0 0 259:2 32768 3 allow_discards no_read_workqueue no_write_workqueue

So, here is my question: should I also set both "rd.luks.options=discard" in /etc/default/grub and "discard" in /etc/crypttab like Wiki mentions, or everything working already? To make it look like this:

# /etc/default/grub

GRUB_CMDLINE_LINUX_DEFAULT="rd.luks.name=*UUID*=linux rd.luks.key=*UUID*=/crypto_keyfile.bin rd.luks.options=discard root=/dev/mapper/linux"

# /etc/crypttab

linux UUID=*UUID* /crypto_keyfile.bin luks,discard

I am asking this because of three reasons:

1) Wiki tells to make this change only in single one of two files, not both. It does not mention what to do, if both files in use for the same purpose.

2) There is no Btrfs-specific "async" word in these options, and it is unclear, is it enough to mention it just in /etc/fstab file.

3) It is also unclear is it enough to just set persistent "allow-discards" flag to LUKS2 container & "discard=async" option to /etc/fstab file, or /etc/default/grub and /etc/crypttab changes are also required.

This is my first post on the forum and I tried my best to make both my end-purpose and question understandable at least a bit
Thank you for reading and for any answers in advance, as well as for any possible advices about working with NVMe drive on best speeds!

Last edited by hotcapy (2023-01-13 05:23:55)

Strike0

Member

From: Germany

Registered: 2011-09-05

Posts: 1,490

Re: [SOLVED] NVMe M.2 SSD + LUKS2 + Btrfs

Hi, great first post!
AFAIK, you now don't need more than the "discard=async" in /etc/fstab. As you wrote, the LUKS header carries the "allow_discards" flag across reboots, grub has no business with it anymore (at least for the encrypt hook, I can't tell now for the sd-encrypt one). You should see the btrfs is mounted with the option according to fstab automatically. If it is not, please post the relevant fstab/mount lines and check if the systemd journal has complaints about the device.

hotcapy

Member

Registered: 2023-01-10

Posts: 3

Re: [SOLVED] NVMe M.2 SSD + LUKS2 + Btrfs

Thank you for explanation!
Since my /etc/fstab mount options are applied correctly, then everything should work as expected, I believe. And it's awesome :-)
Thanks again for your time and answer, it was very helpful for me to know that there is nothing more to worry about.

Strike0

Member

From: Germany

Registered: 2011-09-05

Posts: 1,490

Re: [SOLVED] NVMe M.2 SSD + LUKS2 + Btrfs

You're welcome. By the way, another easy way to check trim support is to call

# fstrim -n /

which will execute a dry-run and error, if the mountpoint cannot be trimmed. This works regardless of whether an option is specified in /etc/fstab or not.