# Do I lose TRIM under encrypted filesystem on SSD?

## mbar

My guess is yes, but I'd like to ask you anyway. The setup will be a SSD with partitions encrypted via dm-crypt (cryptsetup) and with ext4 on top of that. Does dm-crypt kill TRIM?

----------

## Sadako

TRIM command passthrough via dmcrypt is apparently being worked on, but yes you do lose TRIM with dmcrypt, at least for the moment.

There was a fairly long thread on the subject on the dmcrypt mailing list recently, you should check it out.

There seem to be some security concerns with the use of TRIM, some of it looks overly paranoid, but a few points make real sense.

----------

## mbar

Thanks.

----------

## ssteinberg

Bringing this back up.

What is the status at the moment? Getting some conflicting results from Google. I don't mind the security flaw of non-random data from free blocks. I do mind no-TRIM on my SSD. So, dm-crypt with ext4+discard. Possible?

----------

## ssteinberg

Surely this is a relevant topic to some of us. dm-crypt + TRIM on SSDs?   :Confused: 

----------

## lkraav

watching this as well. i'm not digging the massive performance drop, where, what layer exactly does this massive slowdown come from right now? is it fixable and to what extent?

----------

## Moriah

I too am watching this.  I am running dm-crypt with luks to encrypt the entire ssd in my laptop.  I boot from a usb stick using a pass phrase.  This gives me 2 factor authentication.  I run lvm on top of dm-crypt, then xfs on top of lvm.  I need lvm snapshots, but only in read-only mode.  This is for backup.  All dm-crypt and lvm runs on the same drive; there is usually opnly one drive in the laptop, although I have a second sata slot.  If I use the second sata slot, it is for a seperate removable drive, so lvm only applies to one drive at a time, as does dm-crypt.

I would like to change to ext4 and use trim, but I hear there are problems with lvm snapshots, and with dm-crypt.

What is the current status of all this?

----------

## lkraav

some reading from dm-crypt core dev in the meanwhile: http://asalor.blogspot.com/2011/08/trim-dm-crypt-problems.html

----------

## Moriah

That was a good and thought provoking article.    :Very Happy: 

What happens if a SSD is cleaned via data security erase (everything gets set to zero) and is then used with dm-crypt?  If I leave everything set to zeros, I start out with the same problem (almost) as when I use TRIM.  If I write random data to the disk, and fill it up, prior to using dm-crypt with a filesystem, then I have clobbered the free pool and destroyed my fast write time capability.  Is there a solution?

Perhaps SSD and full disk encryption were just not made for each other?    :Shocked: 

----------

## tholin

Cryptsetup+trim is supported in kernel-3.1 and cryptsetup built from repo. Use the --allow-discards argument when doing luksOpen.

----------

## Moriah

That is useful advice, but that doesn't answer the question about being able to see the sectors that are all zeros because they have been trimmed, nor the question about using up all the pre-erased free blocks by using dd to copy an image to the drive, or to copy /dev/random to the drive before setting it up for LUKS/dm-crypt.    :Sad: 

----------

