[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: making encrypted $HOME as easy and convenient as possible

Hey list,

Am 12.09.2011 12:55, schrieb Luca Capello:
> On Mon, 12 Sep 2011 10:54:00 +0200, Philipp Kern wrote:
>> On 2011-09-12, Luca Capello <luca@pca.it> wrote:
>>> On Mon, 12 Sep 2011 06:50:29 +0200, martin f krafft wrote:
> n>>> also sprach intrigeri <intrigeri+debian-devel@boum.org> [2011.09.11.2246 +0200]:
>>>>> The d-i already supports easy *full* system encryption, swap
>>>>> included.
>>>> I think this is what people should be using, not a high-level hack
>>>> like ecryptfs.
>>> +1, but if you use dm-crypt I still have not understood if SSD TRIM
>>> could be supported or not:
>>
>> Apparently it's merged into 3.1.  You might need to use dmsetup in the meantime
>> to set allow_discard.  (See the kernel documentation bits for dm-crypt and
>> [0]).
> 
> Thank you for the news!
> 
> Something I completely forgot in my first email, which is the real
> question: are my data as much secure with SSD TRIM as without?

No, they're not. Milan Broz, upstream author of cryptsetup and linux
device-mapper/dm-crypt hacker wrote a very good article about that topic
recently:

http://asalor.blogspot.com/2011/08/trim-dm-crypt-problems.html

Greetings,
 jonas
Reply to: