Date: Tue, 19 Mar 2013 09:17:46 +0100 From: "Julian H. Stacey" <jhs@berklix.com> To: Thomas Steen Rasmussen <thomas@gibfest.dk> Cc: freebsd-fs@freebsd.org Subject: Re: When will we see TRIM support for GELI volumes ? Message-ID: <201303190817.r2J8Hkdg052031@fire.js.berklix.net> In-Reply-To: Your message "Tue, 19 Mar 2013 02:11:56 %2B0100." <5147BB5C.7020205@gibfest.dk>
next in thread | previous in thread | raw e-mail | index | archive | help
Thomas Steen Rasmussen wrote: > On 19-03-2013 01:02, kpneal@pobox.com wrote: > > On Tue, Mar 19, 2013 at 12:03:48AM +0100, Thomas Steen Rasmussen wrote: > >> Hello there, > >> > >> I was happy to see TRIM support in UFS and ZFS, however: > >> I would really like to see TRIM support for GELI volumes. > >> > >> I finally got an SSD with TRIM support for the laptop, but I can't > >> really use it with GELI disk encryption because the lack of TRIM > >> support makes writing to the disk really slow after a while. > >> > >> I've been told this is not a huge job, but I wouldn't know. > >> > >> I can't understand why more people aren't asking for this. > >> Do people not encrypt their laptops, or do they not use SSDs ? > > Wouldn't that defeat the purpose somewhat? > > > > With an encrypted disk an attacker who gets the disk does not know > > which parts of the disk have valid data and which do not. But with > > TRIM the drive does know where the valid data is, and so an attacker > > knows as well. > > > > Does it make sense to put a flashing neon sign up that says "secret data > > right here!"? > Hello, > > This is a bit off topic, but I'll bite: > > I suppose it depends on the use-case. personally I could care > less if a thief who steals my laptop knows that the disk > contains encrypted data. If I was hiding some top secret files > from a government I might feel different, but I'm not so I don't. > > I do feel though that in this day in age we should strive to encrypt > everything, even data that is not secret. Network connections too. > > Doing so protects your privacy, and more importantly, if one day > you DO have something that is really secret, it doesn't stand out :) > > Have you tried using an SSD without TRIM support ? It really is > awfully slow, I'm talking 10-20-30 seconds freezes while the disk > is writing. It is not usable - but neither is a laptop without disk > encryption (to me) :) My laptop has a hard disk with gbde encryption not geli. No big pauses I've noticed. Maybe your pauses may come from something else ? ( eg lack of RAM or CPU ? (in my case on a tower + X, my I see occasional nasty long pauses from bursts of background activity when crontab + fetchmail feeds occasional large files into procmail with 15,000 anti spam rules), yup, my own fault ) To find what's causing your pauses, ideas to be tried on similar load: top, iostat, (etc) take out components to narrow down suspicion: try gbde instead for a while for comparison try a hard disk (*) for a while to see if its the SSD (*: internal or external boot via USB, OK, clunky, but only for a while for test). Good luck Cheers, Julian -- Julian Stacey, BSD Unix Linux C Sys Eng Consultant, Munich http://berklix.com Reply below not above, like a play script. Indent old text with "> ". Send plain text. No quoted-printable, HTML, base64, multipart/alternative.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201303190817.r2J8Hkdg052031>