You are not logged in.
Hi,
I'm planning to upgrade my system with a SSD in a few weeks and I'm thinking about the best way (for me) how to encrypt it.
As far as the Wiki says, TRIM is still not supported by device-mapper (Any updates on that? Couldn't find more up to date information about it).
So I'm thinking about using ecryptfs instead of dm-crypt. Since it seems to encrypt each file individually, TRIM should be working with it - is this correct?
As a downside, everyone would be able to retrieve the number of files existing in my $HOME and their size. Is there any other downside i havn't considered?
Let me know what you think, thank you in advance
VR
Offline
This might not account for directories like /tmp or /var/tmp. There are probably other places in the filesystem that could contain sensitive information as well.
On my OpenBSD laptop, I use softraid to encrypt the entire disk except the root partition. This isn’t portable to Linux though. (You can read about it here.)
Offline
I spent some time today researching on the web, but did not find anything conclusive. One poster though said he read a commit to kernel 2.6.38 that looked like device-mapper will get trim support.
Did you consider truecrypt? How does that work in regards to fstab? I only found manuals for writing scripts for Truecrypt 5.x.
Or is there a way to manually trim a luks partition? A script you can put in a cron job?
Offline
Truecrypt also doesn't provide TRIM support - except for system-encryption-level devices that are available for windows only
Offline
a slightly OT question: how do you mount all partitions the best way on a ssd-only laptop anyway?
Can you trim (discard) swap space? If you leave /boot on extra ext2 partition, does is just not matter if you trim that portion?
If dev-mapper supports trim at one point, who is trimming then? The filesystem (btrfs,ext4) or dev-mapper? Would dev-mapper trim a partition if then formated with i.E. reiserfs?
Last edited by satchmosgroove (2011-03-11 19:24:01)
Offline