On 05/30/14 18:10, Heinz Diehl wrote: > On 30.05.2014, Thomas Bastiani wrote: > >> On SSD's though, this would prevent TRIM from functioning properly >> and make the SSD appear as full to the controller which would >> hurt performance. > > If you e.g. do a "dd if=/dev/urandom of=bigfile" to a SSD drive > until the partition is fully overwritten, simply deleting "bigfile" > followed by a "fstrim" should restore performance to the same level as > is was before. What am I missing? > Your first step is to dd if=/dev/urandom of=/dev/sd<x> or an equivalent operation. This is before you even create an encrypted container and definitely below your file system... It may be that files that you create and then delete will trigger a TRIM operation if dm-crypt (and eventually LVM) are configured to pass TRIM through. But the rest of your "securely erased" drive is still not TRIM-ed. And also it doesn't make sense to configure dm-crypt to pass TRIM (with --allow-discards) if you've written random data to your drive at creation time because then you introduce another different type of side-channel leak. Does that make sense? -- Thomas _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt
