El 23/02/11 07:28, Lukas Czerner escribió:

On Tue, 22 Feb 2011, Greg Freemyer wrote:

...

On Tue, Feb 22, 2011 at 6:09 PM, Cristian Rodríguez <crrodriguez@opensuse.org> wrote:

...

Hi:

I get the error message in $Subject if I try to use /sbin/fstrim on all my filesystems BUT /boot which is the only one which is not encrypted.

How am I supposed to "trim" dm-crypt/LUKS volumes on an SSD device ?

Thanks.

Lukas, thanks for your answer.

No NO NO! Big no to trimming encrypted filesystems! When you are discarding blocks, the subsequent read from those blocks are usually "well defined" and hence you are giving away useful information for attacker trying to decrypt your filesystem.

I understand that there might be security issues, but so far, for this scenario the only kind of attacker from which I need to protect my desktop is from low-funded regular thieves that may break into my home office, unlikely that will get pass the volume password prompt ;-)

Now, there might be some way around this to allow trimming encrypted volumes without serious security issue, but this is rather question for dm-crypt guys.

Maybe making work the "discard" mount option ? -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org