From: Milan Broz <mbroz@redhat.com>
To: Richard Zidlicky <rz@linux-m68k.org>
Cc: dm-crypt@saout.de, Felix Blanke <felixblanke@gmail.com>
Subject: Re: [dm-crypt] LUKS - SSD trim
Date: Fri, 23 Apr 2010 13:46:33 +0200 [thread overview]
Message-ID: <4BD18899.7080700@redhat.com> (raw)
In-Reply-To: <20100423111337.GA26121@linux-m68k.org>
On 04/23/2010 01:13 PM, Richard Zidlicky wrote:
> On Fri, Apr 23, 2010 at 10:49:23AM +0200, Milan Broz wrote:
>> The same logic - should I ban old ciphers and weak IV because they are insecure?
>> Nope, it is not dm-crypt level decision.
>
> these are useful only in case someone has such an obsolete volume. But you would not
> seriously consider implementing new known weak features just on the ground that the user
> can choose some workaround?
That's why there are safe defaults in cryptsetup (userspace).
I just said that dm-crypt should be able to process it - where it should be configurable
is another question.
> I am not against having the possibility to pass through ata trim but it is debatable
> whether this should be the default behaviour.
Currently core device-mapper doesn't support TRIM at all. There must be
per dm target implementation - so we can selectively disable that anyway.
So yes, kernel module option and/or optional mapping table parameter can be added.
Well, no problem, already two requests for that:-)
If the default should be reject it - I am really not sure...
We have already this situation:
- zeroed disk (not randomised) and encryption.
You easily see which blocks were written and which are unused.
- almost the same if you can snapshot underlying device in time (ciphertext only).
It is not new problem IMHO. TRIM makes it only worse.
Milan
next prev parent reply other threads:[~2010-04-23 11:48 UTC|newest]
Thread overview: 22+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-04-21 22:48 [dm-crypt] LUKS - SSD trim Felix Blanke
2010-04-21 23:00 ` Milan Broz
2010-04-21 23:03 ` Felix Blanke
2010-04-22 2:17 ` Arno Wagner
2010-04-22 8:42 ` mark
2010-04-22 9:37 ` Milan Broz
2010-04-22 20:12 ` Felix Blanke
2010-04-22 22:20 ` Richard Zidlicky
2010-04-22 22:22 ` Richard Zidlicky
2010-04-23 8:49 ` Milan Broz
2010-04-23 10:20 ` Mikko Rauhala
2010-04-23 11:13 ` Richard Zidlicky
2010-04-23 11:46 ` Milan Broz [this message]
2010-04-23 20:09 ` Richard Zidlicky
2010-04-23 20:45 ` Milan Broz
2010-04-23 22:59 ` Richard Zidlicky
2010-04-24 15:59 ` Arno Wagner
2010-04-24 16:44 ` Richard Zidlicky
2010-04-24 17:01 ` Arno Wagner
2010-04-22 6:17 ` Heinz Diehl
2010-05-14 7:35 ` JG
-- strict thread matches above, loose matches on Subject: below --
2010-05-27 13:14 Christoph Anton Mitterer
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4BD18899.7080700@redhat.com \
--to=mbroz@redhat.com \
--cc=dm-crypt@saout.de \
--cc=felixblanke@gmail.com \
--cc=rz@linux-m68k.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.