Date: Thu, 10 Jul 2014 00:46:28 +0100 From: RW <rwmaillists@googlemail.com> To: freebsd-hackers@freebsd.org Subject: Re: geli+trim support Message-ID: <20140710004628.0b3deade@gumby.homeunix.com> In-Reply-To: <20856DE3-6622-455D-9B15-B4723D75B0DB@gmail.com> References: <alpine.BSF.2.00.1407020036280.4507@wojtek.tensor.gdynia.pl> <7E2718485A3E405D89E5EAB331E9ED70@multiplay.co.uk> <53B6427D.1010403@gooch.io> <60445.1404461976@critter.freebsd.dk> <53B750C1.8070706@gooch.io> <43222.1404549367@critter.freebsd.dk> <20856DE3-6622-455D-9B15-B4723D75B0DB@gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 9 Jul 2014 10:22:20 -0600 Warner Losh wrote: > > On Jul 5, 2014, at 2:36 AM, Poul-Henning Kamp <phk@phk.freebsd.dk> > wrote: > > > In message <53B750C1.8070706@gooch.io>, Jesse Gooch writes: > > > >>> If you TRIM, your old sector is still unchanged somewhere in > >>> flash, but if you're lucky for slightly less time. > >> > >> Perhaps I misunderstand TRIM, isn't the point of TRIM that it > >> zeroes out the sector ahead of time so it doesn't have to re-do it > >> again when it stores more data in that sector later? > > The only way to be sure the data is gone is a secure erase. I think the issue that Jesse Gooch was referring to is not about data being erased, it's really about the trim being detectable. When you create an encrypted partition, it's considered good practice to fill the underlying partition with random contents to make it harder to infer the layout of data in the file-system. With trim, deleting files incrementally reveals where the data isn't. If nothing else it leaks an upper limit for the total amount of data stored in the file-system. In the worst case scenario, a sophisticated attacker could read-out all the internal data on an SSD, so I think it's inevitable that trim would make geli a bit easier to attack. OTOH an attacker still has to break strong cryptography in order to actually read the contents. I think quite a lot of people would rather have trim support than give the NSA a bit more inconvenience. It would be nice to have it as an option.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20140710004628.0b3deade>