Ask Your Question
2

What is the correct way to setup the fstrim service on an encrypted SSD in Fedora 23?

asked 2015-12-04 00:12:38 -0500

this post is marked as community wiki

This post is a wiki. Anyone with karma >750 is welcome to improve it.

Hi Everyone, This is my first post. I've been using Linux on and off for several years now but am a newbie to Fedora.

I performed a fresh Fedora 23 install and partitioned using LVM and ext4. I used the default anaconda encryption during install. The computer has both an SSD (sda) and an HDD (sdb).

After reading different posts all over the internet offering advice on how to optimize an SSD, I'm starting to get more confused than clear on what needs to be done to correctly fstrim my encrypted ssd, especially with recent advances and using Fedora 23. I can really use your expert help.


  • Preliminary checks:

$ sudo blockdev --getalignoff /dev/sda I get a 0 (which as I understand confirms alignment)

$ su -c 'hdparm -I /dev/sda' | grep TRIM I get that TRIM is supported


My goal is to to use the fstrim.service to TRIM weekly and verify that it works. From my understanding (this may be wrong), before this will work correctly, I need to enable TRIM on all the filesystem layers (LVM, ext4, and crypt). To set this up, I edited as follows:


/etc/lvm/lvm.conf set issue_discards=1


/etc/crypttab

Tried three different ways to allow discard (none seem to work) by adding the following at the end of the lines in crypttab:

  1. ...none allow-discards
  2. ...none discard
  3. ...none luks,discard

Then trying both:

  • $ sudo dracut -f

and

  • $ sudo dracut -f -I /etc/crypttab

Then after reboot:

$ sudo cryptsetup status luks-e34...11 (for the sda) I get no flags showing discard enabled


  • I also read that I'm suppose to edit /etc/default/grub... I tried:
  1. rd.luks.allow-discards=e43...11

  2. rd.luks.options=discard

  3. both (1) and (2) together

followed each time with:

$ sudo grub2-mkconfig -o /boot/grub2/grub.cfg; reboot


Starting fstrim:

$ sudo systemctl enable fstrim.timer;

$ sudo systemctl start fstrim.service;

$ sudo systemctl status fstrim.service;

Gives: fstrim.service - Discard unused blocks Loaded: loaded (/usr/lib/systemd/system/fstrim.service; static; vendor preset: disabled) Active: inactive (dead)


  • Testing using:

$ sudo systemctl start fstrim

Gives nothing

$ sudo fstrim -all

Gives: fstrim: failed to parse length: 'l'

$ sudo fstrim -v /home

Gives: fstrim: /home: the discard operation is not supported

$ sudo lsblk -D

Does seem to show the appropriate DISC-GRAN (512B) and DISC-MAX (2G) for the ssd but shows DISC-ZERO to be 0. From my understanding, this is a sign that the command does not propagate.


Basically, when trying to test fstrim I get operation not supported. So, as you can see, I'm in need of help. Your feedback on how to correctly setup fstrim to TRIM weekly for an encrypted SSD in Fedora 23 will be greatly appreciated. Many thanks in advance.

edit retag flag offensive close merge delete

Comments

1

In your section Starting fstrim:, the command should be systemctl enable fstrim.timer, notenable fstrim.service.

florian gravatar imageflorian ( 2015-12-09 11:47:53 -0500 )edit

Yes. Thank you. I'll make the edit.

singlechair gravatar imagesinglechair ( 2015-12-09 16:07:30 -0500 )edit

Make sure you set issue_discards = 1, not issue_discards=1.

florian gravatar imageflorian ( 2015-12-10 09:55:11 -0500 )edit

1 Answer

Sort by ยป oldest newest most voted
3

answered 2015-12-08 15:53:46 -0500

Moofed gravatar image

updated 2015-12-10 10:52:09 -0500

First,

$ sudo fstrim -all

Gives: fstrim: failed to parse length: 'l'

That should be with double dashes:

$ sudo fstrim --verbose --all
/home: 157 GiB (168507719680 bytes) trimmed
/boot: 325.1 MiB (340918272 bytes) trimmed
/: 43.6 GiB (46845853696 bytes) trimmed

It seems like you have all the pieces, but maybe not all at the same time. My steps were:

In /etc/lvm/lvm.conf set issue_discards = 1

Add discard option to appropriate line in /etc/crypttab

$ sudo grubby --update-kernel=ALL --args=rd.luks.options=discard

$ sudo dracut -f

$ sudo reboot

I am not using discard in /etc/fstab and cryptsetup is showing a discards flag. My lsblk -D results are the same as yours both before and after enabling discards. I hope that helps.

edit flag offensive delete link more

Comments

Thank you for your response. I'm still missing something. Still does not work for encrypted mounts. Does not see discard... As a note, from your directions concerning grub, I did not get the rd.luks.options=discard at boot in grub configuration.

I added discard in /etc/crypttab -tried adding it to both drives and just to the ssd: luks-b88...c40 UUID=b88...c40 none discard luks-e35...db0 UUID=e35...db0 none discard

Edited /etc/default/grub. Now looks like: "rd.lvm.lv=fedora/root rd.luks.uuid=luks-e35...db0 rd.luks.options=discard rd.lvm.lv=fedora/swap rhgb quiet

fstrim works only for /boot

singlechair gravatar imagesinglechair ( 2015-12-09 10:43:35 -0500 )edit

I can confirm that the instructions from @Moofed work on a LVM2 (ext4) system (proven with sudo fstrim -v / and sudo fstrim -v /home).

One, thing I'd like to add from the manpage of crypttab: discard: Allow discard requests to be passed through the encrypted block device. This improves performance on SSD storage but has security implications.

florian gravatar imageflorian ( 2015-12-09 12:19:03 -0500 )edit

I have not been able to get the discard flag to show when I: sudo cryptsetup status luks-e35...db0

My crypttab file only includes the two drives:

luks-b88...c40 UUID=b88...c40 none discard

luks-e35...db0 UUID=e35...db0 none discard

Looks different than example in man crypttab (first column is not the name of the mount points eg: swap). Could this somehow be the problem? Computer boots up fine.

singlechair gravatar imagesinglechair ( 2015-12-09 15:04:00 -0500 )edit

That's fine. Your crypttab looks just as it's supposed to be.

Did you do this? sudo grubby --update-kernel=ALL --args=rd.luks.options=discard, sudo dracut -f, and then reboot?\

florian gravatar imageflorian ( 2015-12-09 16:51:12 -0500 )edit

Yes. Just tried it again and no discard flag appears when checking the status of cryptsetup and only the /boot partition is trimmed. I also tried $ sudo dracut -f -I /etc/crypttab with a reboot after editing crypttab.

Here is also what the linux command line looks in my /etc/default/grub:

GRUB_CMDLINE_LINUX="rd.lvm.lv=fedora/root rd.luks.uuid=luks-e35...db0 rd.luks.options=discard rd.lvm.lv=fedora/swap rhgb quiet"

Anything look strange here?

singlechair gravatar imagesinglechair ( 2015-12-09 20:08:49 -0500 )edit

Question Tools

3 followers

Stats

Asked: 2015-12-04 00:12:38 -0500

Seen: 13,761 times

Last updated: Dec 10 '15