Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
[SOLVED] cryptsetup enable trim
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Installing Gentoo
View previous topic :: View next topic  
Author Message
haVok
n00b
n00b


Joined: 21 May 2013
Posts: 49

PostPosted: Sat Dec 28, 2013 6:01 pm    Post subject: [SOLVED] cryptsetup enable trim Reply with quote

per gentoo wiki on ssd's http://wiki.gentoo.org/wiki/SSD the proper way to to have trim forwarded is the kernel command line "root_trim=yes" wiki seemed a little outdated, and wondering if this is still relevant.

Last edited by haVok on Tue Dec 31, 2013 5:13 am; edited 1 time in total
Back to top
View user's profile Send private message
jpc22
Apprentice
Apprentice


Joined: 29 Jan 2012
Posts: 195

PostPosted: Sun Dec 29, 2013 5:34 am    Post subject: Reply with quote

Those are my two cents, i did research on ssd and encryption but never actually tried it on a ssd.
You probably already know that:

Encryption will be less secure if you enable trim since it will help reveal empty spots on your harddrive to a potential hacker , also you will likely write random data on your disk and trim would gradually make it less random.

There are commands to manually trim a disk that you could use periodically to maintain the performance of your ssd and then you could shred empty space to keep it secure.
You could even set a cron job every week or month.



Encryption is a lot of trouble and will be even more with a ssd that you wish to keep clean performance wise and cryptographically secure while managing its write cycles sparingly.

The command should probably work but it might not be the best way to trim a ssd that is encrypted.

You can always research deeper on the concerns i stated earlier and experiment carefully with your ssd if there is no critical data already written on it, but getting advice from people who actually experimented with encryption on ssd would be nice if you can find some.
Back to top
View user's profile Send private message
frostschutz
Advocate
Advocate


Joined: 22 Feb 2005
Posts: 2970
Location: Germany

PostPosted: Sun Dec 29, 2013 11:18 am    Post subject: Reply with quote

jpc22 wrote:
Encryption will be less secure if you enable trim since it will help reveal empty spots on your harddrive to a potential hacker


Yes, they can tell (or guess) how much data you have inside that encrypted container. If that's a problem for you personally, don't TRIM.

Security wise it should not be possible to exploit this, if your cipher is secure. So don't use this one: http://www.jakoblell.com/blog/2013/12/22/practical-malleability-attack-against-cbc-encrypted-luks-partitions/

In most setups, there are larger weak points elsewhere (tampering with initramfs and the like).

jpc22 wrote:
There are commands to manually trim a disk that you could use periodically to maintain the performance of your ssd and then you could shred empty space to keep it secure.


Trimming everything and then overwriting everything again is a waste of write cycles. Don't do it, especially not on a regular basis.

As for your original question, since I'm using a customized initramfs, I don't know about root_trim=yes. You can check if discaards are allowed though:

Code:
# dmsetup table | grep discard
luksSSD1: 0 125038592 crypt aes-xts-plain64 0 0 8:1 4096 1 allow_discards


If it says allow_discards for your encrypted container, the LUKS side of things is fine.
Back to top
View user's profile Send private message
haVok
n00b
n00b


Joined: 21 May 2013
Posts: 49

PostPosted: Mon Dec 30, 2013 7:56 pm    Post subject: Reply with quote

@frostschutz that command output nothing ?
Back to top
View user's profile Send private message
haVok
n00b
n00b


Joined: 21 May 2013
Posts: 49

PostPosted: Tue Dec 31, 2013 5:13 am    Post subject: Reply with quote

nevermind I'm a tard :lol:
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Installing Gentoo All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum