Does LUKS encryption affect TRIM? (SSD and linux)

ssd linux trim luks

I'm moving over to Linux when the new SSD arrives. SSD gives increased performance, so I thought that I could encrypt everything.

But then I came to think about TRIM, and garbage collection on the drive. Will a LUKS encrypted drive affect the garbage collection system? (TRIM).


I emailed them. And TRIM will not work. Because the OS doesn't know where files are stored. Only the encrypted system knows it. Due to the fact that the encryption comes first. I'll use truecrypt instead. On top of the file system for my home folder.


No. An empty block will still be listed as empty and thus be TRIMed.

Even if your drive is encrypted, the drive itself knows nothing of the encryption, just where which data is (and which space isn't used at the moment). So it'll be fine.

As for the performance, I don't know how the impact might be. It would seem that certain optimizations in the SSD might not work, but I cannot figure which ones require knowledge about the actual data so there will probably be no impact from a storage point of view.
Note that encryption requires extra CPU cycles, so the impact might be noticeable there.


From man 5 crypttab:

Options

discard

Allow using of discards (TRIM) requests for device.

WARNING: Assess the specific security risks carefully before enabling this option. For example, allowing discards on encrypted devices may lead to the leak of information about the ciphertext device (filesystem type, used space etc.) if the discarded blocks can be located easily on the device later.

Kernel version 3.1 or more recent is required. For older versions is the option ignored.


Most of the tutorials I've read about setting up LUKS drives ask you to badblocks the entire drive with random data first. This way an attacker cannot know which sectors contain data and which ones haven't been used yet. This information could be used to discover things about the data and correlate with other time-based information which could lead to a compromise.

So, even if the LUKS modules supported sending groups of unused blocks to TRIM, you wouldn't want to do it anyway.


Yes for the latest Fedora 17 with test updates

http://vpv.kapsi.fi/blog/2012/07/ssd-trimdiscard-on-fedora-17-with-encypted-partitions/

Related

Is there a keyboard shortcut in Outlook to revert back to the default font?
Windows 7 can't sleep (It locks instead)
Virtualizing Windows Home Server
Single HTML+CSS+JS+images file
How do I create a Macro/short cuts in Eclipse?
Is there a way to have shared control tmux session?
Where should I put system-wide scripts in *nix system?
How much hard drive space should I give my Windows 7 Virtual Machine?
Is there a way to remove/rename the Chrome "Other Bookmarks"?
How can I interrupt emacs opening a large file?
How to disable HTML paste in Microsoft Office Communicator
What's the difference between GeForce and Quadro?