README_CRYPT.TXT does not mention discard for ssd's with LVM option
by deNiro from LinuxQuestions.org on (#5EAMP)
This is just some extra info on "Combining LUKS and LVM", and perhaps a suggestion:
If one follows the README_CRYPT.TXT, which is pretty good and clear document, on the slackware disk/mirror, and chose the option to use "Combining LUKS and LVM", you will have problems using fstrim later. And since there will be no "/etc/crypttab" using this option, you can not specify it there either.
Now I know trim is a possible security issue with luks. but I think that most SSD owners will probably want to have the option to use trim.
Perhaps this README_CRYPT.TXT can be changed a bit, so it mentions how to enable trim for this option. There are several ways to do it. During creation, or during opening it once with the persistent option
Without trim enabled (this is how it is explained in README_CRYPT.TXT)
# cryptsetup luksOpen /dev/sdx2 lukssdx2
With trim enabled (perhaps this could be added)
# cryptsetup --allow-discards --persistent open /dev/sdx2 luksssdx2
The above will persistently set the Flags to "allow-discard)
And obviously, since it is the lvm option, you also have to edit the /etc/lvm/lvm.conf, and change the "issue_discards" value to 1
Because I realized, this after the installation, that there was no /etc/crypttab, I used the slackware install usb stick, and opened the encrypted volume once manually with the --allow-discards --persistent options, and then rebooted. So I can now use fstrim.
edit: this was done on slackware current with luks2
If one follows the README_CRYPT.TXT, which is pretty good and clear document, on the slackware disk/mirror, and chose the option to use "Combining LUKS and LVM", you will have problems using fstrim later. And since there will be no "/etc/crypttab" using this option, you can not specify it there either.
Now I know trim is a possible security issue with luks. but I think that most SSD owners will probably want to have the option to use trim.
Perhaps this README_CRYPT.TXT can be changed a bit, so it mentions how to enable trim for this option. There are several ways to do it. During creation, or during opening it once with the persistent option
Without trim enabled (this is how it is explained in README_CRYPT.TXT)
# cryptsetup luksOpen /dev/sdx2 lukssdx2
With trim enabled (perhaps this could be added)
# cryptsetup --allow-discards --persistent open /dev/sdx2 luksssdx2
The above will persistently set the Flags to "allow-discard)
And obviously, since it is the lvm option, you also have to edit the /etc/lvm/lvm.conf, and change the "issue_discards" value to 1
Because I realized, this after the installation, that there was no /etc/crypttab, I used the slackware install usb stick, and opened the encrypted volume once manually with the --allow-discards --persistent options, and then rebooted. So I can now use fstrim.
edit: this was done on slackware current with luks2