From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <mail@alexanderkoch.net>
Received: from mail.saout.de ([127.0.0.1])
 by localhost (mail.saout.de [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id h0Q-76oujCLF for <dm-crypt@saout.de>;
 Thu, 27 Oct 2011 15:39:52 +0200 (CEST)
Received: from vserver3082.vserver-on.de (vserver3082.vserver-on.de
 [109.73.50.87]) by mail.saout.de (Postfix) with ESMTP
 for <dm-crypt@saout.de>; Thu, 27 Oct 2011 15:39:51 +0200 (CEST)
Received: from [141.3.210.105] (scc-wkit-clx-210-105.scc.kit.edu
 [141.3.210.105])
 by vserver3082.vserver-on.de (Postfix) with ESMTPSA id A18EA14E1F8
 for <dm-crypt@saout.de>; Thu, 27 Oct 2011 15:34:13 +0200 (CEST)
Message-ID: <4EA95DAB.5020402@alexanderkoch.net>
Date: Thu, 27 Oct 2011 15:33:31 +0200
From: Alexander Koch <mail@alexanderkoch.net>
MIME-Version: 1.0
References: <4EA85582.3080904@redhat.com>
In-Reply-To: <4EA85582.3080904@redhat.com>
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Subject: Re: [dm-crypt] [ANNOUNCE] cryptsetup 1.4.0
List-Id: <dm-crypt.saout.de>
List-Unsubscribe: <http://www.saout.de/mailman/options/dm-crypt>,
 <mailto:dm-crypt-request@saout.de?subject=unsubscribe>
List-Archive: <http://www.saout.de/pipermail/dm-crypt>
List-Post: <mailto:dm-crypt@saout.de>
List-Help: <mailto:dm-crypt-request@saout.de?subject=help>
List-Subscribe: <http://www.saout.de/mailman/listinfo/dm-crypt>,
 <mailto:dm-crypt-request@saout.de?subject=subscribe>
To: dm-crypt@saout.de

Am 26.10.2011 20:46, schrieb Milan Broz:
> * Support --enable-discards option to allow discards/TRIM requests.
> 
>    Since kernel 3.1, dm-crypt devices optionally (not by default) support
>    block discards (TRIM) comands.
>    If you want to enable this operation, you have to enable it manually
>    on every activation using --enable-discards
> 
>           cryptsetup luksOpen --enable-discards /dev/sdb test_disk
> 
>    WARNING: There are several security consequences, please read at least
>             http://asalor.blogspot.com/2011/08/trim-dm-crypt-problems.html
>             before you enable it.

On Arch Linux, the package 'cryptsetup' contains
/lib/initcpio/hooks/encrypt, which provides a hook for mounting
encrypted volumes from initrd.

Does anyone know if there exists any effort on making this script accept
options for cryptsetup from kernel cmdline?
The current version only reads device and mapper-name, so one cannot
open an encrypted root device with discard enabled.

Looking at the code, I think this would not be so hard to implement
(maybe just an addidional ':'-separated field in the kernel cmdline for
options like --enable-discards), but If someone is already working on it
I won't start the hack ;)


Cheers,

lynix