Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 19 Mar 2013 09:17:46 +0100
From:      "Julian H. Stacey" <jhs@berklix.com>
To:        Thomas Steen Rasmussen <thomas@gibfest.dk>
Cc:        freebsd-fs@freebsd.org
Subject:   Re: When will we see TRIM support for GELI volumes ? 
Message-ID:  <201303190817.r2J8Hkdg052031@fire.js.berklix.net>
In-Reply-To: Your message "Tue, 19 Mar 2013 02:11:56 %2B0100." <5147BB5C.7020205@gibfest.dk> 

next in thread | previous in thread | raw e-mail | index | archive | help
Thomas Steen Rasmussen wrote:
> On 19-03-2013 01:02, kpneal@pobox.com wrote:
> > On Tue, Mar 19, 2013 at 12:03:48AM +0100, Thomas Steen Rasmussen wrote:
> >> Hello there,
> >>
> >> I was happy to see TRIM support in UFS and ZFS, however:
> >> I would really like to see TRIM support for GELI volumes.
> >>
> >> I finally got an SSD with TRIM support for the laptop, but I can't
> >> really use it with GELI disk encryption because the lack of TRIM
> >> support makes writing to the disk really slow after a while.
> >>
> >> I've been told this is not a huge job, but I wouldn't know.
> >>
> >> I can't understand why more people aren't asking for this.
> >> Do people not encrypt their laptops, or do they not use SSDs ?
> > Wouldn't that defeat the purpose somewhat? 
> >
> > With an encrypted disk an attacker who gets the disk does not know
> > which parts of the disk have valid data and which do not. But with
> > TRIM the drive does know where the valid data is, and so an attacker
> > knows as well. 
> >
> > Does it make sense to put a flashing neon sign up that says "secret data
> > right here!"?
> Hello,
> 
> This is a bit off topic, but I'll bite:
> 
> I suppose it depends on the use-case. personally I could care
> less if a thief who steals my laptop knows that the disk
> contains encrypted data. If I was hiding some top secret files
> from a government I might feel different, but I'm not so I don't.
> 
> I do feel though that in this day in age we should strive to encrypt
> everything, even data that is not secret. Network connections too.
> 
> Doing so protects your privacy, and more importantly, if one day
> you DO have something that is really secret, it doesn't stand out :)
> 
> Have you tried using an SSD without TRIM support ? It really is
> awfully slow, I'm talking 10-20-30 seconds freezes while the disk
> is writing. It is not usable - but neither is a laptop without disk
> encryption (to me) :)

My laptop has a hard disk with gbde encryption not geli. No big
pauses I've noticed.  
Maybe your pauses may come from something else ?
	( eg lack of RAM or CPU ? (in my case on a tower + X, my I
	see occasional nasty long pauses from bursts of background
	activity when crontab + fetchmail feeds occasional large
	files into procmail with 15,000 anti spam rules), yup, my own fault )

To find what's causing your pauses, ideas to be tried on similar load:
	top, iostat, (etc)
take out components to narrow down suspicion:
	try gbde instead for a while for comparison
	try a hard disk (*) for a while to see if its the SSD
		(*: internal or external boot via USB, OK, clunky,
		but only for a while for test).
Good luck

Cheers,
Julian
-- 
Julian Stacey, BSD Unix Linux C Sys Eng Consultant, Munich http://berklix.com
 Reply below not above, like a play script.  Indent old text with "> ".
 Send plain text.  No quoted-printable, HTML, base64, multipart/alternative.



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201303190817.r2J8Hkdg052031>