Debian, dmcrypt and SSD TRIMming
Spent an hour or so this morning wondering how to get my Debian initramfs to activate my LUKS-encrypted partition with --allow-discards. I know it's less secure, but as long as wrenches are still cheap I'm fine with sub-standard security if it means my hardware will perform better for longer. :-)
The trick is to add a flag "discard" to your crypttab, like this:
And then of course rebuild your initramfs (update-initramfs -u) and reboot, etc.
You do need cryptsetup 1.4 or higher for this to work. I had to manually install that package (only twenty or so days old) from sid on my testing laptop.
The trick is to add a flag "discard" to your crypttab, like this:
CODE:
wilmer@peer:~$ cat /etc/crypttab
sda2_crypt /dev/sda2 none luks,discard
sda2_crypt /dev/sda2 none luks,discard
And then of course rebuild your initramfs (update-initramfs -u) and reboot, etc.
You do need cryptsetup 1.4 or higher for this to work. I had to manually install that package (only twenty or so days old) from sid on my testing laptop.
Trackbacks
No Trackbacks
Comments
Display comments as Linear | Threaded
Wildy on :
Wilmer on :
I'd still guess that dm-crypt can keep up with average SSDs throughput-wise on a recent machine?
Bob on :
One question though: is it sufficient to have "discard" in your crypt-tab or does the creation of the encrypted volume need to be made with --allow-discards?
In other words, I installed debian on a crypt volume, and then added "discard" to my crypttab. Am I trimming or not?
Wilmer on :
IIRC I've verified that this works with mke2fs and/or lvremove, which reported success (while the ioctl previously failed).
I do hope that, if --allow-discards is necessary as well, the ioctl would keep failing.