Bug#954200: DI encrypted LVM, discard option crypttab file

To: submit@bugs.debian.org
Subject: Bug#954200: DI encrypted LVM, discard option crypttab file
From: john doe <johndoe65534@mail.com>
Date: Wed, 18 Mar 2020 11:27:37 +0100
Message-id: <[🔎] cae45241-22e1-46e3-79ef-f89f494c8ff5@mail.com>
Reply-to: john doe <johndoe65534@mail.com>, 954200@bugs.debian.org

Package: debian-installer
Version: debian-10.3.0-amd64-netinst.iso

After installing debian-10.3.0-amd64-netinst.iso with encrypted LVM, the
crypttab file is populated with the discard' option in the fourth field.

According to (1), the discard option has security implication:

"discard
Allow discard requests to be passed through the encrypted block device.
This improves performance on SSD storage but has security implications."


I would suggest that the debian-installer populates the first two
mandatory fields of '/etc/crypttab'.

1)  https://www.freedesktop.org/software/systemd/man/crypttab.html

--
John Doe

Reply to:

Follow-Ups:
- Bug#954200: DI encrypted LVM, discard option crypttab file
  - From: Ben Hutchings <ben@decadent.org.uk>

Prev by Date: Re: Install the GRUB boot loader on a hard disk
Next by Date: Re: Install the GRUB boot loader on a hard disk
Previous by thread: Re: Install the GRUB boot loader on a hard disk
Next by thread: Bug#954200: DI encrypted LVM, discard option crypttab file
Index(es):
- Date
- Thread