On Wed, Jun 18, 2014 at 11:33:47AM +0200, Lukáš Czerner wrote: > Except when it does not. Looking at the mmc driver I can see that we > have already some devices where secure trim is broken. > > /* > * On these Samsung MoviNAND parts, performing secure erase or > * secure trim can result in unrecoverable corruption due to a > * firmware bug. > */ The bug IMHO is that the eMMC driver is falling back to discard, instead of returning EOPNOTSUPP. The question of whether we should fall back to discard or not should be made at a level much higher up than the MMC device driver.... > And I have no illusion that those are the only ones that does not > work. This hardware can not be trusted and this must not be > advertised as a security feature. There's always crappy hardware out there. If that's true, should then not call ATA Secure Erase by that term because somewhere out there, there will be an incompetently implemented SSD that doesn't do the right thing with ATA Secure Erase? I just don't think that's particularly useful. If the command is called "secure erase" or "secure discard" in the specification, then that's what we should use, just to avoid confusion if nothing else. Now, if the spec explicitly disclaims correct behavior, in the case of discard and discard zeros data, that's a different matter. But I don't think that is what's going on here. The MMC specification makes certain guarantees; there is no "the drive is allowed to disregard the discard command if it's too busy to attend to it mealy-mouthed language", as there is in the ATA discard specification. The fact that there happens to be buggy hardware out there, is just the natural state of affairs. But that's what black lists are for. - Ted -- To unsubscribe from this list: send the line "unsubscribe linux-ext4" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html