[Bug 866751] New: SATA TRIM / discard does not work on encrypted LUKS devices
https://bugzilla.novell.com/show_bug.cgi?id=866751 https://bugzilla.novell.com/show_bug.cgi?id=866751#c0 Summary: SATA TRIM / discard does not work on encrypted LUKS devices Classification: openSUSE Product: openSUSE 13.1 Version: Final Platform: x86-64 OS/Version: openSUSE 13.1 Status: NEW Severity: Normal Priority: P5 - None Component: Basesystem AssignedTo: bnc-team-screening@forge.provo.novell.com ReportedBy: myemailu@gmail.com QAContact: qa-bugs@suse.de Found By: --- Blocker: --- User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:27.0) Gecko/20100101 Firefox/27.0 When booting a openSUSE 13.1 system with encrypted disks, the SATA-TRIM command ("discard") is always disabled root partition, because /lib/mkinitrd/scripts/boot-luks.sh (file is part of cryptsetup-mkinitrd-0_201307311719-2.1.2.x86_64 ) invokes the cryptsetup command without the --allow-discards option Note: this option does not automatically enable discards, but only if the file system supports it. However, omitting the option (as it is currently done) disables discards. There is no way to enable this feature for the root file system of a running system. Suggestion: replace "cryptsetup --tries=1" by "cryptsetup --allow-discards --tries=1" in boot-luks.sh Reproducible: Always Steps to Reproduce: 1. 2. 3. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=866751
https://bugzilla.novell.com/show_bug.cgi?id=866751#c
zhang jiajun
https://bugzilla.novell.com/show_bug.cgi?id=866751
https://bugzilla.novell.com/show_bug.cgi?id=866751#c1
--- Comment #1 from Ludwig Nussel
WARNING: This command can have a negative security impact because it can make filesystem-level operations visible on the physical device. For exam- ple, information leaking filesystem type, used space, etc. may be extractable from the physical device if the discarded blocks can be located later. If in doubt, do no use it.
So this cannot be enabled unconditionally or by default. looks like systemd understands a 'discard' option in crypttab. So setup-luks.sh could read that and export to boot-luks.sh. I'm a bit busy with other stuff and mkinitrd is dead anyways. If you send me a patch I'd be happy to integrate though. https://github.com/openSUSE/boot.crypto -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=866751
https://bugzilla.novell.com/show_bug.cgi?id=866751#c2
Ludwig Nussel
https://bugzilla.novell.com/show_bug.cgi?id=866751
https://bugzilla.novell.com/show_bug.cgi?id=866751#c3
Tim Hardeck
participants (1)
-
bugzilla_noreply@novell.com