wiki.ubuntuusers.de says if I want to use TRIM on an encrypted SSD, I need at least cryptsetup 1.4 and kernel 3.1. Do I need this, when creating the partitions and setting up encryption, or is upgrading afterwards enough?
wiki.ubuntuusers.de says if I want to use TRIM on an encrypted SSD, I need at least cryptsetup 1.4 and kernel 3.1. Do I need this, when creating the partitions and setting up encryption, or is upgrading afterwards enough?
Ubuntu 11.10 Oneiric does not ship with cryptsetup 1.4, although Precise does. I don't know whether cryptsetup can be upgraded on Oneiric or not. Since Precise will be released in a month, you can also wait for that release before considering TRIM with encrypted partitions. The kernel can always be upgraded afterwards.
From http://code.google.com/p/cryptsetup/wiki/Cryptsetup140:
Support --allow-discards option to allow discards/TRIM requests.
Since kernel 3.1, dm-crypt devices optionally (not by default) support block discards (TRIM) commands.
If you want to enable this operation, you have to enable it manually on every activation using --allow-discards
cryptsetup luksOpen --allow-discards /dev/sdb test_disk
WARNING: There are several security consequences, please read at least
http://asalor.blogspot.com/2011/08/trim-dm-crypt-problems.html
before you enable it.
As you can see, this feature is not enabled by default because of the degraded security as mentioned in the linked blog. So, if you use cryptsetup on kernel 3.0 (the one shipped with Precise), you won't have TRIM support on your encrypted partitions. After
upgrading to 3.1+, you still don't have unless you enable it.
To do so, you have to edit /etc/crypttab
after installation (not sure if it's possible during installation) and add the discard
option. See also crypttab(5).