= System Wide Change: Enable TRIM pass down to encrypted disks = https://fedoraproject.org/wiki/Changes/EnableTrimOnDmCrypt Change owner(s): * Vratislav Podzimek <vpodzime AT redhat DOT com> * Ondrej Kozina <okozina AT redhat DOT com> Override kernel default for dm-crypt mappings of LUKS1 encrypted volumes via flag put in /etc/crypttab file. This change should affect only newly created encrypted storage based on LUKS1 format during installation. == Detailed Description == User base of Fedora distribution with SSDs grows steadily and while the argument for kernel default setting not to enable the discard is still strong one it doesn't change the fact that vast majority of users (with SSDs) doesn't want to sacrifice better performance of drive with discard/trim enabled for the sake of secrecy. We're not speaking encrypted data security here and double emphasize on it! Only the fact that blank filesystem on top of dm-crypt device with discard enabled may create well visible patterns in ciphertext device below on SSDs. For LUKS1 metadata format we don't have a space to store the new default in metadata and therefore we can't flip the default for new LUKS1 devices being formated via libcryptsetup or cryptsetup utility. Changing the kernel default is of the table due to risk of data corruption with some TrueCrypt configurations involving hidden volumes. For rotational devices the cost of enabled discard is negligible == Scope == * Proposal owners: This change despite being system wide change due to overriding legacy default is quite small and easy to manage. * Other developers: Very minor change in python-blivet. Basically we just need to store discard keyword in /etc/crypttab lines related to new partitions created during installation process. * Release engineering: N/A * List of deliverables: N/A * Policies and guidelines: Add short information in documentation we're changing long term default and copy the reasoning there. * Trademark approval: N/A -- Jan Kuřík Platform & Fedora Program Manager Red Hat Czech s.r.o., Purkynova 99/71, 612 45 Brno, Czech Republic _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
