On Mon, Aug 2, 2021, at 22:07, Richard Brown wrote:
On Mon, 2021-08-02 at 21:34 +0200, Syds Bearda wrote:
Hi all,
I’ve been thinking about a while now about a conversation I had with Richard about encryption with MicroOS with a SSD.
Due to the immutable nature of MicroOS trimming would not work on a encrypted SSD.
And over time the SSD would become slower and slower and slower.
Is there any way we could mitigate this? As I’m running MicroOS on my business laptop I feel really weird having client data on my machine. I’ve already changed to Leap/SLED/Tumbleweed because of this, but MicroOS always lures me back in, and then I feel weird about it.
Best, Syds
Trimming can work on an encrypted SSD
cat /etc/crypttab cr_ata-LITEON_CV3-8D512-41_SATA_512GB_SED_TW0MN0K7LOH006CM02TL-part2 /dev/disk/by-id/ata-LITEON_CV3-8D512- 41_SATA_512GB_SED_TW0MN0K7LOH006CM02TL-part2 none discard
https://wiki.archlinux.org/title/Dm-crypt/Specialties#Discard/TRIM_support_f...)
Works' a treat, at the cost of some security implications - https://asalor.blogspot.com/2011/08/trim-dm-crypt-problems.html
So it can never be a default, but can easily be chosen.
Also none of this is anything to do with MicroOS or immutable systems in general and apply equally to any encrypted Tumbleweed/Leap.
I totally remember our conversation different, happy to hear it does work, I’ll go reinstall tomorrow with encryption enabled. Was the security implication the reason you said it shouldn’t be used as I remember the slower (and therefore unusable) over time clearly.. To be honest you were working with SUSE week and started to write the new first boot script which enables flathub for gnome. Best, Syds
Regards,
-- Richard Brown Linux Distribution Engineer - Future Technology Team Phone +4991174053-361 SUSE Software Solutions Germany GmbH, Maxfeldstr. 5, D-90409 Nuernberg (HRB 36809, AG Nürnberg) Geschäftsführer: Felix Imendörffer