El 23/02/11 07:28, Lukas Czerner escribiÃ: > On Tue, 22 Feb 2011, Greg Freemyer wrote: > >> On Tue, Feb 22, 2011 at 6:09 PM, Cristian RodrÃguez >> <crrodriguez@xxxxxxxxxxxx> wrote: >>> Hi: >>> >>> I get the error message in $Subject if I try to use /sbin/fstrim on all >>> my filesystems BUT /boot which is the only one which is not encrypted. >>> >>> How am I supposed to "trim" dm-crypt/LUKS volumes on an SSD device ? >>> >>> Thanks. Lukas, thanks for your answer. > No NO NO! Big no to trimming encrypted filesystems! When you are > discarding blocks, the subsequent read from those blocks are usually "well > defined" and hence you are giving away useful information for attacker > trying to decrypt your filesystem. I understand that there might be security issues, but so far, for this scenario the only kind of attacker from which I need to protect my desktop is from low-funded regular thieves that may break into my home office, unlikely that will get pass the volume password prompt ;-) > Now, there might be some way around this to allow trimming encrypted > volumes without serious security issue, but this is rather question for > dm-crypt guys. Maybe making work the "discard" mount option ? -- To unsubscribe from this list: send the line "unsubscribe linux-ext4" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
