You are not logged in.

#1 2017-01-29 10:12:00

cb951303
Member
Registered: 2007-03-17
Posts: 92

SSD periodic trim on dm-crypt file system

According to Arch wiki there is 2 way of doing TRIM.

Performance wise it looks like doing a weekly trim is better. But wiki fails to mention that if fstrim service works also on dm-crypt file systems?
Should I just enable fstrim.timer and be done with it should I do some more work to enable it for dm-crypt?

Thanks

Offline

#2 2017-01-29 10:13:59

graysky
Wiki Maintainer
From: :wq
Registered: 2008-12-01
Posts: 10,719
Website

Re: SSD periodic trim on dm-crypt file system

Don't think dm-crypt or not matters... timer is my vote.

Offline

#3 2017-01-29 14:13:50

hexchain
Member
Registered: 2011-12-26
Posts: 19

Re: SSD periodic trim on dm-crypt file system

TRIMming on dm-crypt devices has security implications, and requires some configuration, as described by https://wiki.archlinux.org/index.php/Dm … _.28SSD.29

Last edited by hexchain (2017-01-29 14:14:10)

Offline

#4 2017-01-29 14:25:53

frostschutz
Member
Registered: 2013-11-15
Posts: 1,575

Re: SSD periodic trim on dm-crypt file system

crypt is the one storage layer that does not pass trim/discard by default and needs explicit allow-discards. Everything else (partitions, raids, lvms, loop devices, etc...) passes trim with no questions asked (and no way to turn it off).

security implications

Data is still fully encrypted. Free space will appear zeroed. Usually this is not an issue - most setups have glaring weakpoints elsewhere, hiding free space is far down the list / there's not much point to it - and you have the same "problem" with any file based encryption (ecryptfs, ext4-encryption, etc.) or even regular LUKS if you did not overwrite it entirely with random data first. If you did not overwrite old unencrypted data, trim will even help get rid of that for you, not to mention that there is no way to recover/undelete trimmed data, so there are also cases where it improves security... wink

Last edited by frostschutz (2017-01-29 14:26:33)

Offline

#5 2017-01-30 18:40:07

cb951303
Member
Registered: 2007-03-17
Posts: 92

Re: SSD periodic trim on dm-crypt file system

hexchain wrote:

TRIMming on dm-crypt devices has security implications, and requires some configuration, as described by https://wiki.archlinux.org/index.php/Dm … _.28SSD.29

From what I understand those configurations are for continous trimming which is not  something I want to do. What can I do for periodic trimming? That's why I specifically asked if the fstrim service mentioned in the arch wiki also work on dm-crypt. That's the only thing mentioned under "periodic trimming" title.

Last edited by cb951303 (2017-01-30 18:48:13)

Offline

#6 2017-01-30 18:50:10

frostschutz
Member
Registered: 2013-11-15
Posts: 1,575

Re: SSD periodic trim on dm-crypt file system

It works fine as long as allow-discards is set (you can check with dmsetup table | grep allow_discards).

Or the yes-Method to test trim through all storage layers: http://unix.stackexchange.com/a/85880/30851

Last edited by frostschutz (2017-01-30 19:13:12)

Offline

Board footer

Powered by FluxBB