Re: making encrypted $HOME as easy and convenient as possible
Am 12.09.2011 12:55, schrieb Luca Capello:
> On Mon, 12 Sep 2011 10:54:00 +0200, Philipp Kern wrote:
>> On 2011-09-12, Luca Capello <email@example.com> wrote:
>>> On Mon, 12 Sep 2011 06:50:29 +0200, martin f krafft wrote:
> n>>> also sprach intrigeri <firstname.lastname@example.org> [2011.09.11.2246 +0200]:
>>>>> The d-i already supports easy *full* system encryption, swap
>>>> I think this is what people should be using, not a high-level hack
>>>> like ecryptfs.
>>> +1, but if you use dm-crypt I still have not understood if SSD TRIM
>>> could be supported or not:
>> Apparently it's merged into 3.1. You might need to use dmsetup in the meantime
>> to set allow_discard. (See the kernel documentation bits for dm-crypt and
> Thank you for the news!
> Something I completely forgot in my first email, which is the real
> question: are my data as much secure with SSD TRIM as without?
No, they're not. Milan Broz, upstream author of cryptsetup and linux
device-mapper/dm-crypt hacker wrote a very good article about that topic