Update2: systemd now has support for enabling trim on luks partitions by passing in the rd.luks.options=discard option and rebuilding grub config
Update: The latest versions of Fedora now support the discard option in crypttab, not allow-discards.
I have an (unfortunately too small) Samsung 840 Pro in my laptop and it’s been a long time since I’ve re-installed (no time for Korora for months) and I’ve noticed it getting a little sluggish. Most noticeable is long pauses while the drive goes nuts. I figured it was probably time to get some TRIM action on the drive, something I never bothered with before because I didn’t really care.
My setup is reasonably common, I imagine. I have a regular old boot partition and a second encrypted partition which is used as a physical volume for lvm. Hence any and all lv are automatically encrypted. If you’re using encryption, it’s possible that enabling trim could give an attacker insight into what blocks have/haven’t been used, but for me it’s just to make it harder for someone to get my data if I lose the laptop or it’s stolen.
Filesystem
First things first, the file system needs to support trim (ext4 does). If you’re using Fedora 18 you may have to edit your /etc/fstab and add the discard mount option to any partition you want to trim.
/dev/sda1 /boot ext4 defaults,discard 1 2
Under Fedora 19, my non-encrypted, non-lvm /boot partition works with fstrim out of the box (I didn’t have to set the discard mount option), so that’s good.
chris@localhost ~ $ sudo fstrim -v /boot
[sudo] password for chris:
/boot: 407 MiB (426762240 bytes) trimmed
With my / and /home partitions however it’s a different story, I get this:
chris@localhost ~ $ sudo fstrim -v /home
fstrim: /home: FITRIM ioctl failed: Operation not supported
So, problem is that somewhere along the way the discard commands aren’t reaching the device.
I have filesystem, lvm, luks, block layers I guess and I know it’s not the first or the last, so that leaves lvm and luks. Thanks to this post, it was pretty easy to enable on the latter two.
LVM
I edited the /etc/lvm/lvm.conf file and enabled the issue_discards option:
issue_discards = 1
LUKS
Now to ensure that discards are sent to my crypto layer by adding the allow-discards option to /etc/crypttab
luks-blah-blah-blah UUID=blah-blah-blah none allow-discards
Note: Thanks to chesty for pointing out that on Debian and other distros the format of that file and discards option may be different. Check man crypttab for the right option, but it may be something like this:
luks-blah-blah-blah UUID=blah-blah-blah none luks,discard
Initramfs
OK, so config files are in place, no as both of these configs are included in the initramfs, time to rebuild it:
chris@localhost ~ $ sudo dracut --force
Note: For Fedora 18 I had to tell dracut to include the crypttab file, as per this bug report.
chris@localhost ~ $ sudo dracut --force -I /etc/crypttab
Note2: Again, on Debian updating initramfs is different, try the update-initramfs command.
You can confirm that crypttab is in the initramfs with:
chris@localhost ~ $ sudo lsinitrd |grep crypttab
Test
After a reboot, I can test out fstrim again, which now works! (By the way, it’s fast.)
chris@localhost ~ $ time sudo fstrim -v /home
/home: 332.6 MiB (348778496 bytes) trimmed
real 0m0.194s
user 0m0.007s
sys 0m0.015s
Cron it
Finally, set this as an hourly cron job and enjoy the benefits.
root@localhost ~ # echo -e "fstrim /\nfstrim /home\nfstrim /boot" > /etc/cron.hourly/fstrim
19 thoughts on “TRIM on LVM on LUKS on SSD”
Thanks for the write up, I’ve just implemented it. I changed the line
luks-blah-blah-blah UUID=blah-blah-blah none allow-discards
to
luks-blah-blah-blah UUID=blah-blah-blah none luks,discard
I’m not sure if it’s a distro thing, but my debian crypttab man page documents the discard option, not allow-discards
Hi Michael,
Thanks for the note, yeah I should mention that on Debian (and other distros) the format of crypttab is different. You’ve done the right thing there, certainly if it worked? 🙂
You’ll need to rebuild your initramfs differently too, but you probably already know that.
Cheers,
-c
Is there a chance that TRIM discards will weaken the cryptography?
Ken, yes but as far as I know only because it allows an attacker to discover unused sectors. I don’t know what they could actually do with it, but in my opinion, and for my use it’s acceptable. See here: http://asalor.blogspot.com.es/2011/08/trim-dm-crypt-problems.html
-c
Thank for that great step by step guide. It works without any problems.
Great!
Just wanted to say “thanks!” for clear instructions. Seems to work well on Fedora 19.
No worries 🙂
Thanks for the detailed suggestions.
I had a quick test on a Fedora 19 system [it does not use LVM] that is running a Virtual Machine on an SSD drive.
The host does not have any encrypted partitions, but the VM itself does. My /etc/fstab includes the discard option for the SSD partition. But given that the host does not use LUKS, then /etc/crypttab settings don’t seem to be relevant.
However running fstrim against the mount point of the SSD drive produces an ioctl failed: Operation not supported error.
Any suggestions welcome.
Hi Frank,
I don’t think that the vm will be passing trim requests down because its drive is just a file on the host drive. Just run trim on your host..
-c
Can anybody give me a hint on how to update the initramfs in Mint 15?
I tried the update-initramfs -u command (-u for update existing initramfs) but all I get is this error message:
“update-initramfs: Generating /boot/initrd.img-3.8.0-19-generic
grep: /boot/config-3.8.0-19-generic: No such file or directory
Warning: No support for locale: de_DE.utf8”
And then of course, fstrim doesn’t work, although I changed the lvm.conf and crypttab entries.
What configs do you have under /boot?
ls -l /boot/config*
I’m guessing your current kernel doesn’t match the config, but it’s been a while since I’ve done Debian stuff like this..
-c
As far as I know, there is no implementation that wants ‘allow_discards’ instead of ‘discard’ in the crypttab. ‘–allow_discards’ is only the name of the cryptsetup binary option.
Did you actually test this? Does ‘allow_discards’ in your crypttab actually work? Somehow I belive this option is generally wrong. :-p
http://www.freedesktop.org/software/systemd/man/crypttab.html
Hey thanks for the post. Yes, I’m sure it worked 😉
I wrote that post back when Fedora 18 and 19 were a thing. At that point in time the crypttab was owned by initscripts, however the current version of Fedora does use systemd and supports the discard option you mention. I should probably update the post to make it reflective of the current situation.
But to show you that I’m not making it up, here’s a Fedora 19 machine 😉
The link you stated recommends strongly that you do not use the “,discard” option in fstab as it will be activating trim and making the SSD defragment *every* time you delete a file. This will put a heavy load on the SSD and make it work inefficiently and is not needed for the fstrim script you want to use.
Thanks for the post. If I recall correctly, with Fedora 18 I had to add the discard option to the mount in fstab or it wouldn’t work. From Fedora 19 on wards however, it was not required and I don’t recommend putting it in.
Thanks a lot – pointed me to the right direction – I was missing the right crypttab option and initramfs update!