Am Donnerstag, 3. November 2016, 01:03:49 schrieb Yamaban:
[...] Many wearleveling optimisations from the linux side will not (fully) work with encrypted fs or encrypted partitions, e.g. TRIM. [...]
TRIM does work with DMCrypt since Kernel 3.1. But there are theoretical security implications: https://gitlab.com/cryptsetup/cryptsetup/wikis/DMCrypt | allow_discards: Allow block discard requests (a.k.a. TRIM) for the crypt device. | The default is to ignore discard requests. | Assess the specific security risks carefully before enabling this option. For example, allowing discards on encrypted devices may lead to the leak of information about the ciphertext device (filesystem type, used space etc.) if the discarded blocks can be located easily on the device later. | Available since: 1.11.0 (kernel 3.1) man crypttab (Leap 42.1) | discard | Allow discard requests to be passed through the encrypted block device. This improves performance on SSD storage but has security implications. About hardware full disk encryption (FDE): http://security.stackexchange.com/questions/134564/how-secure-is-hardware-fu... IMHO using hardware FDE is better than nothing and will prevent a common thief from reading the disk of your laptop. Gruß Jan -- He who hesitates is sometimes saved. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org