geli+trim support
Jesse Gooch
lists at gooch.io
Sat Jul 5 01:11:38 UTC 2014
Hi,
On 04/07/14 01:19 AM, Poul-Henning Kamp wrote:
> In message <53B6427D.1010403 at gooch.io>, Jesse Gooch writes:
>
>> IIRC, TRIM is bad for encryption anyway. You want everything to be
>> random noise, even the empty sectors. TRIM defeats this.
>
> The problem is that there is nothing you can do.
>
> If you overwrite, your old sector is still unchanged somewhere in flash.
>
> If you TRIM, your old sector is still unchanged somewhere in flash, but
> if you're lucky for slightly less time.
Perhaps I misunderstand TRIM, isn't the point of TRIM that it zeroes out
the sector ahead of time so it doesn't have to re-do it again when it
stores more data in that sector later?
> Doing both just means that you have both the original and the overwritten
> content lingering in flash.
>
> GBDEs scheme with per sector PRNG keys is marginally better than
> GELIs, in that the chances that both the sector and its key survives
> is only 3/4 of the chance that the sector survives.
>
> Without access to and control over the Flash Adaptation Layer,
> encrypting SSDs so they are safe against hardware access is impossible.
>
> For the paranoid: ... and a hostile FTL can make it much harder.
>
More information about the freebsd-hackers
mailing list