From owner-freebsd-fs@FreeBSD.ORG Tue Mar 19 08:18:19 2013 Return-Path: Delivered-To: freebsd-fs@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by hub.freebsd.org (Postfix) with ESMTP id 2F67A818 for ; Tue, 19 Mar 2013 08:18:19 +0000 (UTC) (envelope-from jhs@berklix.com) Received: from flat.berklix.org (flat.berklix.org [83.236.223.115]) by mx1.freebsd.org (Postfix) with ESMTP id AAA92AC8 for ; Tue, 19 Mar 2013 08:18:17 +0000 (UTC) Received: from mart.js.berklix.net (pD9FBEBA4.dip.t-dialin.net [217.251.235.164]) (authenticated bits=128) by flat.berklix.org (8.14.5/8.14.5) with ESMTP id r2J8HNA7055092; Tue, 19 Mar 2013 09:17:24 +0100 (CET) (envelope-from jhs@berklix.com) Received: from fire.js.berklix.net (fire.js.berklix.net [192.168.91.41]) by mart.js.berklix.net (8.14.3/8.14.3) with ESMTP id r2J8HuKB065604; Tue, 19 Mar 2013 09:17:56 +0100 (CET) (envelope-from jhs@berklix.com) Received: from fire.js.berklix.net (localhost [127.0.0.1]) by fire.js.berklix.net (8.14.4/8.14.4) with ESMTP id r2J8Hkdg052031; Tue, 19 Mar 2013 09:17:51 +0100 (CET) (envelope-from jhs@fire.js.berklix.net) Message-Id: <201303190817.r2J8Hkdg052031@fire.js.berklix.net> To: Thomas Steen Rasmussen Subject: Re: When will we see TRIM support for GELI volumes ? From: "Julian H. Stacey" Organization: http://berklix.com BSD Unix Linux Consultancy, Munich Germany User-agent: EXMH on FreeBSD http://berklix.com/free/ X-URL: http://www.berklix.com In-reply-to: Your message "Tue, 19 Mar 2013 02:11:56 +0100." <5147BB5C.7020205@gibfest.dk> Date: Tue, 19 Mar 2013 09:17:46 +0100 Sender: jhs@berklix.com Cc: freebsd-fs@freebsd.org X-BeenThere: freebsd-fs@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: Filesystems List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 19 Mar 2013 08:18:19 -0000 Thomas Steen Rasmussen wrote: > On 19-03-2013 01:02, kpneal@pobox.com wrote: > > On Tue, Mar 19, 2013 at 12:03:48AM +0100, Thomas Steen Rasmussen wrote: > >> Hello there, > >> > >> I was happy to see TRIM support in UFS and ZFS, however: > >> I would really like to see TRIM support for GELI volumes. > >> > >> I finally got an SSD with TRIM support for the laptop, but I can't > >> really use it with GELI disk encryption because the lack of TRIM > >> support makes writing to the disk really slow after a while. > >> > >> I've been told this is not a huge job, but I wouldn't know. > >> > >> I can't understand why more people aren't asking for this. > >> Do people not encrypt their laptops, or do they not use SSDs ? > > Wouldn't that defeat the purpose somewhat? > > > > With an encrypted disk an attacker who gets the disk does not know > > which parts of the disk have valid data and which do not. But with > > TRIM the drive does know where the valid data is, and so an attacker > > knows as well. > > > > Does it make sense to put a flashing neon sign up that says "secret data > > right here!"? > Hello, > > This is a bit off topic, but I'll bite: > > I suppose it depends on the use-case. personally I could care > less if a thief who steals my laptop knows that the disk > contains encrypted data. If I was hiding some top secret files > from a government I might feel different, but I'm not so I don't. > > I do feel though that in this day in age we should strive to encrypt > everything, even data that is not secret. Network connections too. > > Doing so protects your privacy, and more importantly, if one day > you DO have something that is really secret, it doesn't stand out :) > > Have you tried using an SSD without TRIM support ? It really is > awfully slow, I'm talking 10-20-30 seconds freezes while the disk > is writing. It is not usable - but neither is a laptop without disk > encryption (to me) :) My laptop has a hard disk with gbde encryption not geli. No big pauses I've noticed. Maybe your pauses may come from something else ? ( eg lack of RAM or CPU ? (in my case on a tower + X, my I see occasional nasty long pauses from bursts of background activity when crontab + fetchmail feeds occasional large files into procmail with 15,000 anti spam rules), yup, my own fault ) To find what's causing your pauses, ideas to be tried on similar load: top, iostat, (etc) take out components to narrow down suspicion: try gbde instead for a while for comparison try a hard disk (*) for a while to see if its the SSD (*: internal or external boot via USB, OK, clunky, but only for a while for test). Good luck Cheers, Julian -- Julian Stacey, BSD Unix Linux C Sys Eng Consultant, Munich http://berklix.com Reply below not above, like a play script. Indent old text with "> ". Send plain text. No quoted-printable, HTML, base64, multipart/alternative.