| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 23 Feb 2011 11:28:32 +0100 (CET) From: Lukas Czerner <lczerner@...hat.com> To: Greg Freemyer <greg.freemyer@...il.com> cc: Cristian Rodríguez <crrodriguez@...nsuse.org>, opensuse-factory <opensuse-factory@...nsuse.org>, ext4 <linux-ext4@...r.kernel.org> Subject: Re: [opensuse-factory] /sbin/fstrim: /home: FITRIM ioctl failed: Operation not supported On Tue, 22 Feb 2011, Greg Freemyer wrote: > On Tue, Feb 22, 2011 at 6:09 PM, Cristian Rodríguez > <crrodriguez@...nsuse.org> wrote: > > Hi: > > > > I get the error message in $Subject if I try to use /sbin/fstrim on all > > my filesystems BUT /boot which is the only one which is not encrypted. > > > > How am I supposed to "trim" dm-crypt/LUKS volumes on an SSD device ? > > > > Thanks. No NO NO! Big no to trimming encrypted filesystems! When you are discarding blocks, the subsequent read from those blocks are usually "well defined" and hence you are giving away useful information for attacker trying to decrypt your filesystem. And I do not think dm-crypt guys will ever allow this. wiper.sh might work, however you can as well give up on using encrypted filesystem. Now, there might be some way around this to allow trimming encrypted volumes without serious security issue, but this is rather question for dm-crypt guys. Thanks! -Lukas > > First, trim is a nicety, not a 100% requirement. The FITRIM ioctl was > just introduced in 2.6.37 and it does NOT work in all environments. > ie. I don't think LVM / mdraid are supported either. But they may > just silently drop the trim commands in the block stack. > > The main solution prior to 2.6.37 was wiper.sh from the hdparm > package. But it to had known limitations similar to those above. > > As to your real question > I suspect that is a question you need to take to lkml or one of its > sub-mailing lists. > > linux-fsdevel@...r.kernel.org, > linux-ext4@...r.kernel.org > > I monitor the ext4 one and have not seen any discussion related to > trimming dm-crypt/LUKS protected volumes that I recall. > > I also wonder if wiper.sh from hdparm would work with your > filesystems. Trouble is a failure may cause major data loss. I have > no idea of the odds, I'm just very nervous about unintentionally > trimming the wrong sectors. > > Mark Lord is the maintainer of hdparm. I've found him to be pretty > responsive to questions about wiper.sh, so if you can't tell from the > release notes, etc. I'd send him a email. > > Greg > -- > To unsubscribe from this list: send the line "unsubscribe linux-ext4" in > the body of a message to majordomo@...r.kernel.org > More majordomo info at http://vger.kernel.org/majordomo-info.html > --
Powered by blists - more mailing lists