From: "Cristian Rodríguez" <crrodriguez@opensuse.org>
To: Lukas Czerner <lczerner@redhat.com>
Cc: Greg Freemyer <greg.freemyer@gmail.com>,
opensuse-factory <opensuse-factory@opensuse.org>,
ext4 <linux-ext4@vger.kernel.org>
Subject: Re: [opensuse-factory] /sbin/fstrim: /home: FITRIM ioctl failed: Operation not supported
Date: Wed, 23 Feb 2011 16:12:06 -0300 [thread overview]
Message-ID: <4D655C06.2080704@opensuse.org> (raw)
In-Reply-To: <alpine.LFD.2.00.1102231119580.2934@dhcp-27-109.brq.redhat.com>
El 23/02/11 07:28, Lukas Czerner escribió:
> On Tue, 22 Feb 2011, Greg Freemyer wrote:
>
>> On Tue, Feb 22, 2011 at 6:09 PM, Cristian Rodríguez
>> <crrodriguez@opensuse.org> wrote:
>>> Hi:
>>>
>>> I get the error message in $Subject if I try to use /sbin/fstrim on all
>>> my filesystems BUT /boot which is the only one which is not encrypted.
>>>
>>> How am I supposed to "trim" dm-crypt/LUKS volumes on an SSD device ?
>>>
>>> Thanks.
Lukas, thanks for your answer.
> No NO NO! Big no to trimming encrypted filesystems! When you are
> discarding blocks, the subsequent read from those blocks are usually "well
> defined" and hence you are giving away useful information for attacker
> trying to decrypt your filesystem.
I understand that there might be security issues, but so far, for this
scenario the only kind of attacker from which I need to protect my
desktop is from low-funded regular thieves that may break into my home
office, unlikely that will get pass the volume password prompt ;-)
> Now, there might be some way around this to allow trimming encrypted
> volumes without serious security issue, but this is rather question for
> dm-crypt guys.
Maybe making work the "discard" mount option ?
--
To unsubscribe from this list: send the line "unsubscribe linux-ext4" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
next prev parent reply other threads:[~2011-02-23 19:11 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <4D644245.9000809@opensuse.org>
2011-02-22 23:34 ` [opensuse-factory] /sbin/fstrim: /home: FITRIM ioctl failed: Operation not supported Greg Freemyer
2011-02-23 10:28 ` Lukas Czerner
2011-02-23 19:12 ` Cristian Rodríguez [this message]
2011-02-23 20:18 ` Lukas Czerner
2011-02-23 22:20 ` Milan Broz
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4D655C06.2080704@opensuse.org \
--to=crrodriguez@opensuse.org \
--cc=greg.freemyer@gmail.com \
--cc=lczerner@redhat.com \
--cc=linux-ext4@vger.kernel.org \
--cc=opensuse-factory@opensuse.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.