SSD TRIM/discard on Fedora 17 with encypted partitions

I have not blogged for a while, now that I am on summer holiday and got a new laptop I finally have something to blog about. I got a Thinkpad T430 and installed a Samsung SSD 830 myself. The 830 is not actually the best choice for a Linux user because you can only download firmware updates with a Windows tool. The tool does let you make a bootable FreeDOS USB disk with which you can apply the update, so you can use a Windows system to download the update and apply it just fine on a Linux system. The reason I got this SSD is that it is 7 mm in height and fits into the T430 without removing any spacers.

I installed Fedora 17 on the laptop and selected drive encryption in the Anaconda installer. I used ext4 and did not use LVM, I do not think it would be of much use on a laptop. After the installation I discovered that Fedora 17 does not enable SSD TRIM/discard automatically. That is probably a good default, apparently all SSDs do not support it. When you have ext4 partitions encrypted with LUKS as Anaconda does it, you need to change two files and regenerate your initramfs to enable TRIM.

First, edit your /etc/fstab and add discard to each ext4 mount. Here is an example of my root mount:
/dev/mapper/luks-secret-id-here / ext4 defaults,discard 1 1

Second, edit your /etc/crypttab and add allow-discards to each line to allow the dmcrypt layer to pass TRIM requests to the disk. Here is an example:
luks-secret-id-here UUID=uuid-here none allow-discards

You need at least dracut-018-78.git20120622.fc17 for this to work, which you should already have on an up-to-date Fedora 17.

Third, regenerate your initramfs by doing dracut -f. You may want to take a backup of the old initramfs file in /boot but then again, real hackers do not make backups 😉 .

Fourth, reboot and check with cryptsetup status luks-secret-id-here and mount that your file systems actually use discard now.

Please note that apparently enabling TRIM on encrypted file systems may reveal unencrypted data.


Posted

in

by

Tags:

Comments

5 responses to “SSD TRIM/discard on Fedora 17 with encypted partitions”

  1. Erinn Looney-Triggs avatar

    Well thanks for that I have been wondering how to enable trim support for a while.

    -Erinn

  2. lurker avatar
    lurker

    So you don’t need an SSD spacer to install an Samsung 830 series SSD in the T430? I bought my T430 with a regular HDD but want to upgrade to an SSD, but I have trouble finding the spacers in my area, which has put me off. Care to clarify?

  3. Ville-Pekka Vainio avatar

    lurker: Sorry for the late answer. I used the spacer from the original HDD, it seemed to fit fine.

  4. abb avatar

    Thanks, interesting info. But perhaps “enabling TRIM on encrypted file systems may reveal unencrypted data.” is an overstatement. It mere leaks information about what blocks are unused which in turn can break plausible deniability, that’s all. There is no risk of revealing unencrypted data I believe.

  5. Jeff avatar
    Jeff

    You would think TRIM would be more beneficial to speed increases, but for regular end users, the differences are very little. thx for the write-up either way!

Leave a Reply

Your email address will not be published. Required fields are marked *