When will we see TRIM support for GELI volumes ?

Julian H. Stacey jhs at berklix.com
Tue Mar 19 08:18:19 UTC 2013 

Thomas Steen Rasmussen wrote:
> On 19-03-2013 01:02, kpneal at pobox.com wrote:
> > On Tue, Mar 19, 2013 at 12:03:48AM +0100, Thomas Steen Rasmussen wrote:
> >> Hello there,
> >>
> >> I was happy to see TRIM support in UFS and ZFS, however:
> >> I would really like to see TRIM support for GELI volumes.
> >>
> >> I finally got an SSD with TRIM support for the laptop, but I can't
> >> really use it with GELI disk encryption because the lack of TRIM
> >> support makes writing to the disk really slow after a while.
> >>
> >> I've been told this is not a huge job, but I wouldn't know.
> >>
> >> I can't understand why more people aren't asking for this.
> >> Do people not encrypt their laptops, or do they not use SSDs ?
> > Wouldn't that defeat the purpose somewhat? 
> >
> > With an encrypted disk an attacker who gets the disk does not know
> > which parts of the disk have valid data and which do not. But with
> > TRIM the drive does know where the valid data is, and so an attacker
> > knows as well. 
> >
> > Does it make sense to put a flashing neon sign up that says "secret data
> > right here!"?
> Hello,
> 
> This is a bit off topic, but I'll bite:
> 
> I suppose it depends on the use-case. personally I could care
> less if a thief who steals my laptop knows that the disk
> contains encrypted data. If I was hiding some top secret files
> from a government I might feel different, but I'm not so I don't.
> 
> I do feel though that in this day in age we should strive to encrypt
> everything, even data that is not secret. Network connections too.
> 
> Doing so protects your privacy, and more importantly, if one day
> you DO have something that is really secret, it doesn't stand out :)
> 
> Have you tried using an SSD without TRIM support ? It really is
> awfully slow, I'm talking 10-20-30 seconds freezes while the disk
> is writing. It is not usable - but neither is a laptop without disk
> encryption (to me) :)

My laptop has a hard disk with gbde encryption not geli. No big
pauses I've noticed.  
Maybe your pauses may come from something else ?
	( eg lack of RAM or CPU ? (in my case on a tower + X, my I
	see occasional nasty long pauses from bursts of background
	activity when crontab + fetchmail feeds occasional large
	files into procmail with 15,000 anti spam rules), yup, my own fault )

To find what's causing your pauses, ideas to be tried on similar load:
	top, iostat, (etc)
take out components to narrow down suspicion:
	try gbde instead for a while for comparison
	try a hard disk (*) for a while to see if its the SSD
		(*: internal or external boot via USB, OK, clunky,
		but only for a while for test).
Good luck

Cheers,
Julian
-- 
Julian Stacey, BSD Unix Linux C Sys Eng Consultant, Munich http://berklix.com
 Reply below not above, like a play script.  Indent old text with "> ".
 Send plain text.  No quoted-printable, HTML, base64, multipart/alternative.

More information about the freebsd-fs mailing list