On Sat, May 9, 2020 at 1:42 PM Nikolay Kichukov <hijacker@xxxxxxxxx> wrote: > > Hello Chris, > > On Sat, 9 May 2020 09:45:13 -0600 > Chris Murphy <lists@xxxxxxxxxxxxxxxxx> wrote: > > > On Sat, May 9, 2020 at 8:28 AM Nikolay Kichukov <hijacker@xxxxxxxxx> > > wrote: > > > > > > Hello folks, > > > > > > Recently, I upgraded to LUKS2 on a NVME SSD disk and noticed that > > > fstrim does not work. Surely it was running fine with LUKS1. > > > > ... > > > > > dmsetup table /dev/mapper/root | grep allow > > > 0 947028136 crypt capi:rfc7539(chacha20,poly1305)-random > > > :32:logon:cryptsetup:6ae40ec7-1b4c-40ea-871b-d13c9ae66b92-d0 0 > > > 254:0 0 2 allow_discards integrity:28:aead > > > > Was the original luksFormat command combined with --integrity option? > > yes > > > From man cryptsetup: Since dm-integrity doesn't support discards > > (TRIM), dm-crypt device on top of it inherits this, so integrity > > protection mode doesn't support discards either. > > Thanks for the direction! It seems like, this is in the pipeline for > dm-integrity, which is to arrive in version 1.6.0 in kernel 5.7: > > "allow_discards > Allow block discard requests (a.k.a. TRIM) for the integrity device. > Discards are only allowed to devices using internal hash. > The default is to ignore discard requests. > Available since: 1.6.0 (kernel 5.7)" > > source: https://gitlab.com/cryptsetup/cryptsetup/-/wikis/DMIntegrity > > Does mine use an internal hash? I'm not certain, but I suspect yes. Offhand I don't see a way to have a separate/external hash device via cryptsetup. If you setup the integrity device separately, before using cryptsetup, it looks like '--data-device' provides a way to have data and hashes separate. -- Chris Murphy _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx https://www.saout.de/mailman/listinfo/dm-crypt
