Ask Your Question

What are the security implications of enabling TRIM on a LVM2 volume?

asked 2015-12-09 14:08:54 -0500

florian gravatar image

updated 2015-12-09 14:56:00 -0500

What are the security implications of enable TRIM on a LVM2 volume?

On the manpages of crypttab I read the following regarding discard option:

Allow discard requests to be passed through the encrypted block device. This improves performance on SSD storage but has security implications.

What exactly does that mean? How severe? Do you still enable TRIM?

edit retag flag offensive close merge delete

1 Answer

Sort by ยป oldest newest most voted

answered 2015-12-14 15:33:12 -0500

The warning just want to say, that if you enable the discard option, the firmware of your SSD will zero out the unused blocks on your drive. And these zeroed blocks can be easily identified and analyzed for a pattern.

So the zeroed blocks will show where the unused space is, an to gahter information about the disk an attacker cares about the used space. Such information leaking can help to guess the filesystem type and parameters, and may crack the encryption.

The Author only want to inform you, that with not enabling this feature you have better security, because you give less information about your disk than with discard enabled. This should not mean the encryption is weak, but we can not know how much information is needed to break an encryption.

So yes, I use Trim.

edit flag offensive delete link more

Question Tools

1 follower


Asked: 2015-12-09 14:08:54 -0500

Seen: 270 times

Last updated: Dec 09 '15