From owner-freebsd-hackers@FreeBSD.ORG Wed Jul 9 23:46:33 2014 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id A72806CE for ; Wed, 9 Jul 2014 23:46:33 +0000 (UTC) Received: from mail-we0-x236.google.com (mail-we0-x236.google.com [IPv6:2a00:1450:400c:c03::236]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 3CC9E27CB for ; Wed, 9 Jul 2014 23:46:33 +0000 (UTC) Received: by mail-we0-f182.google.com with SMTP id q59so8143051wes.41 for ; Wed, 09 Jul 2014 16:46:31 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20120113; h=date:from:to:subject:message-id:in-reply-to:references:mime-version :content-type:content-transfer-encoding; bh=FWadQ3G+zjCkXoxrfDit9lxlV4B12/QZanxTQqS8qGg=; b=FCS5awOUXbMiG3wIvCvShibRizYY8Q+EKuPrPZltEAxo6G2Zpz1NQa4qN0q9AJ6H5A XmGV/t+yqP7/1i4RVqFuUkDlfmxngZW9PwdOq/chMzYa4M2lhkwibkZC3IXkm6q7uunK +aNFFyoOy9y0W7/XtLKuwilIe+A1sNwBhPwl1Fssz0lYP4dqhHUbEsCZygytEQvHdEBJ vFxBwWqsCadLESFyx1eKQSs1xlx4Si4zQYzjwp32hYbSAC8QhFyNtN1ZGMUNuA4s8hGe +rzbokTHQ9OuRU9vJC5DvhaPS9Qm+9Hk+iFn5zscxi6VsKY3Hg6F1qx2SEtvLrWJlLzj hPnw== X-Received: by 10.194.82.198 with SMTP id k6mr52088704wjy.10.1404949591520; Wed, 09 Jul 2014 16:46:31 -0700 (PDT) Received: from gumby.homeunix.com (4e5670bd.skybroadband.com. [78.86.112.189]) by mx.google.com with ESMTPSA id cz8sm106471211wjc.11.2014.07.09.16.46.29 for (version=SSLv3 cipher=RC4-SHA bits=128/128); Wed, 09 Jul 2014 16:46:30 -0700 (PDT) Date: Thu, 10 Jul 2014 00:46:28 +0100 From: RW To: freebsd-hackers@freebsd.org Subject: Re: geli+trim support Message-ID: <20140710004628.0b3deade@gumby.homeunix.com> In-Reply-To: <20856DE3-6622-455D-9B15-B4723D75B0DB@gmail.com> References: <7E2718485A3E405D89E5EAB331E9ED70@multiplay.co.uk> <53B6427D.1010403@gooch.io> <60445.1404461976@critter.freebsd.dk> <53B750C1.8070706@gooch.io> <43222.1404549367@critter.freebsd.dk> <20856DE3-6622-455D-9B15-B4723D75B0DB@gmail.com> X-Mailer: Claws Mail 3.10.1 (GTK+ 2.24.22; amd64-portbld-freebsd10.0) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 09 Jul 2014 23:46:33 -0000 On Wed, 9 Jul 2014 10:22:20 -0600 Warner Losh wrote: > > On Jul 5, 2014, at 2:36 AM, Poul-Henning Kamp > wrote: > > > In message <53B750C1.8070706@gooch.io>, Jesse Gooch writes: > > > >>> If you TRIM, your old sector is still unchanged somewhere in > >>> flash, but if you're lucky for slightly less time. > >> > >> Perhaps I misunderstand TRIM, isn't the point of TRIM that it > >> zeroes out the sector ahead of time so it doesn't have to re-do it > >> again when it stores more data in that sector later? > > The only way to be sure the data is gone is a secure erase. I think the issue that Jesse Gooch was referring to is not about data being erased, it's really about the trim being detectable. When you create an encrypted partition, it's considered good practice to fill the underlying partition with random contents to make it harder to infer the layout of data in the file-system. With trim, deleting files incrementally reveals where the data isn't. If nothing else it leaks an upper limit for the total amount of data stored in the file-system. In the worst case scenario, a sophisticated attacker could read-out all the internal data on an SSD, so I think it's inevitable that trim would make geli a bit easier to attack. OTOH an attacker still has to break strong cryptography in order to actually read the contents. I think quite a lot of people would rather have trim support than give the NSA a bit more inconvenience. It would be nice to have it as an option.