From: Andreas Hartmann <andihartmann@01019freenet.de>
To: "Lukáš Czerner" <lczerner@redhat.com>
Cc: Andreas Hartmann <andihartmann@01019freenet.de>,
util-linux@vger.kernel.org, Karel Zak <kzak@redhat.com>
Subject: Re: Questions concerning fstrim and online discard.
Date: Wed, 17 Oct 2012 19:28:16 +0200 [thread overview]
Message-ID: <507EEAB0.7060900@01019freenet.de> (raw)
In-Reply-To: <alpine.LFD.2.00.1210162056290.18184@localhost>
Lukáš Czerner wrote:
> On Tue, 16 Oct 2012, Andreas Hartmann wrote:
>
>> Date: Tue, 16 Oct 2012 18:28:05 +0200
>> From: Andreas Hartmann <andihartmann@01019freenet.de>
[...]
>>> Hi Andreas,
>>>
>>> I hope that you realize that using discard with dm_crypt is not
>>> safe.
>>
>> I know about this problem. My understanding is: trim usually writes 0 to
>> the free addresses, hence it is possible to see which addresses are used
>> and which are unused.
>
> This is not exactly right. TRIM does not write anything to the
> device, but you can read zeroes (or some other values, see bellow) when
> reading previously trimmed blocks. The reason being that when when
> it's tirmmed firmware does not actually need to read data from the flash.
>
>>
>> The SF-2281 controller seems not to write zero to the addresses, hence
>> the problem shouldn't be with this controller? Or did I got something wrong?
>>
>> cat /sys/block/sda/queue/discard_zeroes_data
>> 0
>
> That's just one case. IIRC the device can return zeores after trim (which
> will be advertised through sysfs interface), some other deterministic data
> or pseudorandom data. The device would not be able to always return what
> has been there before simply because those blocks might have already been
> reused in wear levelling process, so it has to be substituted. And when it
> comes to cryptography, all those options are bad.
I read a few articles about encryption with SSD. With linux / dm-crypt /
cryptseup luks, plausible deniability isn't given at all because of the
architecture of cryptsetup luks and the not completely crypted disk.
Are there any known successfully carried out attacks (= partition /
filesystem was decryptable by the attacker) on crypted partitions on
SSDs which would have been not successful without TRIM enabled or is it
(as of today :-)) more of theory?
Thanks,
kind regards,
Andreas Hartmann
next prev parent reply other threads:[~2012-10-17 17:28 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-10-04 4:47 Questions concerning fstrim and online discard Andreas Hartmann
[not found] ` <alpine.LFD.2.00.1210151649540.15261@dhcp-1-104.brq.redhat.com>
2012-10-16 16:28 ` Andreas Hartmann
2012-10-16 19:07 ` Lukáš Czerner
2012-10-17 17:28 ` Andreas Hartmann [this message]
2012-10-17 19:23 ` Milan Broz
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=507EEAB0.7060900@01019freenet.de \
--to=andihartmann@01019freenet.de \
--cc=kzak@redhat.com \
--cc=lczerner@redhat.com \
--cc=util-linux@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.