On Wed, 23 Feb 2011, Cristian RodrÃguez wrote: > El 23/02/11 07:28, Lukas Czerner escribiÃ: > > On Tue, 22 Feb 2011, Greg Freemyer wrote: > > > >> On Tue, Feb 22, 2011 at 6:09 PM, Cristian RodrÃguez > >> <crrodriguez@xxxxxxxxxxxx> wrote: > >>> Hi: > >>> > >>> I get the error message in $Subject if I try to use /sbin/fstrim on all > >>> my filesystems BUT /boot which is the only one which is not encrypted. > >>> > >>> How am I supposed to "trim" dm-crypt/LUKS volumes on an SSD device ? > >>> > >>> Thanks. > > Lukas, thanks for your answer. > > > No NO NO! Big no to trimming encrypted filesystems! When you are > > discarding blocks, the subsequent read from those blocks are usually "well > > defined" and hence you are giving away useful information for attacker > > trying to decrypt your filesystem. > > I understand that there might be security issues, but so far, for this > scenario the only kind of attacker from which I need to protect my > desktop is from low-funded regular thieves that may break into my home > office, unlikely that will get pass the volume password prompt ;-) > > > > Now, there might be some way around this to allow trimming encrypted > > volumes without serious security issue, but this is rather question for > > dm-crypt guys. > > Maybe making work the "discard" mount option ? > -- This is really a question for dm-crypt/block layer guys. Adding linux-fsdevel@xxxxxxxxxxxxxxx into cc. > To unsubscribe from this list: send the line "unsubscribe linux-ext4" in > the body of a message to majordomo@xxxxxxxxxxxxxxx > More majordomo info at http://vger.kernel.org/majordomo-info.html >
