Date: Mon, 13 Jul 2015 17:31:46 +0200 From: Pawel Jakub Dawidek <pjd@FreeBSD.org> To: RW <rwmaillists@googlemail.com> Cc: freebsd-geom@freebsd.org Subject: Re: RFC: Pass TRIM through GELI Message-ID: <20150713153146.GA1984@garage.freebsd.pl> In-Reply-To: <20150711141553.3fcf91f4@gumby.homeunix.com> References: <20150308000131.GP1742@over-yonder.net> <20150324021924.GQ52331@over-yonder.net> <20150502125220.GS78376@over-yonder.net> <20150629013841.GO50491@over-yonder.net> <20150710200055.GB1270@garage.freebsd.pl> <20150710222837.GE96394@over-yonder.net> <20150711141553.3fcf91f4@gumby.homeunix.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--17pEHd4RhPHOinZp Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Sat, Jul 11, 2015 at 02:15:53PM +0100, RW via freebsd-geom wrote: > On Fri, 10 Jul 2015 17:28:37 -0500 > Matthew D. Fuller wrote: >=20 >=20 > > 2) Security. For whatever your threat model is, leaking the "how much > > space is in use" datum is unacceptable.=20 >=20 > It's not about how much space is free, it's about giving away which > blocks do and don't contain data. >=20 > Perhaps more importantly TRIM breaks plausible deniabily, which was > the the point of allowing the geli metadata to be store separately. You > can't argue that a partition has been wiped with 'dd if=3D/dev/random ...' > if the the partition has been subsequently trimmed. Yes, you are right. I even suggest in man page to overwrite providers with random data before using them. So what do you guys think about implementing trim support this way: geli -d <trim|overwrite|ignore> 'overwrite' may be implemented later and 'trim' would be the default? This option bascially defines how BIO_DELETE should be handled. --=20 Pawel Jakub Dawidek http://www.wheelsystems.com FreeBSD committer http://www.FreeBSD.org Am I Evil? Yes, I Am! http://mobter.com --17pEHd4RhPHOinZp Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBCgAGBQJVo9niAAoJEJVLhSuxKFt1vRoQAJMVEsKgE8n4C6sGmEXI0sSe 3A73GwHIXzVAnaMP2I99QrJ8imwOdsJbG+T0DD88VZ+O4mt0k7tnSgdAhyFCMN9i uIjPQwAzGhzBgwQersIEg0GsY6VHr6IkrpzP88YPDah+M9h5kx/cuDRvLYXFNC91 a1zL7EbOw5XaggCIFC2Br9p3m2nTlf+PHa2yjFASM6WQa3grtBFsov/8fWnCjk3J z33UvHNLQPJRYB9+f65SW2zGtP8302LDu4z23hU+11UrS0wr/fSEMDLwJAghqcW5 1e8kW0srwaCCFHe0ILkJNCM/+jSX3caKIhFMk3JJXv6owxdi+KjObRQkxEE4sWCP RaFIc5XFoRXqKIsFJ0kaHqe7FxKI/pg7vjkpExADI0f1XV5qHpcOphsTUzxIVwM4 WVBFGbojP6Yk2Q/i9ZAOQailR86hty+kJsyBzPw9eWv6YsL5U4VZp/iQSvSPa7CV SU316AXp8+pDPn1bchG+wuA4jIgyuo5HXLWgHh3fqxuTXMSNPqC6d023RLWFT65l ZMGRPN9ugq4io/O9/O9GcvJh/C38riBwD5JUr+PkySRKTQettXYFSb475YROc5ID Mqg88wosa/+6lnc5cI2EcQDiG2GGynCTLwDTyGOnkHchO7oM1rSjdh6OkJRNMjCi ERAHBbjz5zMX0Gd+dZaw =1fSN -----END PGP SIGNATURE----- --17pEHd4RhPHOinZp--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20150713153146.GA1984>