How to enable TRIM on Luks-encrypted SSD on boot?


I recently bought an Intel 520 SSD on which I installed Opensuse 12.2 within an Luks-encrypted LVM container for an ext4-filesystem. My kernel (3.XX) and Cryptsetup (1.5), as well as the file-system (Ext4) support TRIM-commands through the “discard” option as I understand it; enabled through “/etc/fstab”. However for TRIM to fully work, the “discard” option has to be passed onto the crypto filesystem. This can be done manually when opening the container through

cryptsetup luksOpen --allow-discards /dev/sda2  cr_sda2

and the successfull result verified through

dmsetup table /dev/mapper/cr_sda2 --showkeys

. However adding either “discard” or “allow-discards” to my "/etc/crypttab"does not have any effect after reboot, despite rebuilding the boot-environment with “mkinitrd”.

cr_sda2 /dev/sda2 none luks,discard,allow-discards

Btw I’m using a boot partition for grub2 etc. (sda1).

What have I done wrong? Any ideas on how to make this work on boot?

On 2013-01-06 17:06, esox81 wrote:
> What have I done wrong? Any ideas on how to make this work on boot?

I guess that’s a missing feature.

Cheers / Saludos,

Carlos E. R.
(from 11.4, with Evergreen, x86_64 “Celadon” (Minas Tirith))

Should be working in 12.3 with systemd; at least, current upstream systemd code understands allow-discards. Of course, whether mkinitrd supports it as well is another question (for encrypted root and/or swap).

IMO you should be able to do this at the disk level below the encryption, if so here you go…

Included in the slide deck for my 30 min tech presentation optimizing for SSD…

Was based on content largely from wiki.archlinux.
That wiki has since been updated with new optimizations but the recommendations in my presentation are plenty good enough… use of tempfs, implement TRIM, change I/O scheduler, how to monitor disk usage in realtime.

TRIM operates at the disk trap level, approx same as block level, what/where is the reference suggesting that encryption level is relevant?


So you are saying…systemd is what’s responsible for reading /etc/crypttab and that it should take the “allow-discards” and not “discard”?

If yes, any hints on how to find out whether it is systemd or mkinitrd that’s the culprit?

Sorry, but that’s just not an answer to my question.

As per your question, see for example → ssd - TRIM support via dm-crypt/device-mapper - Super User

Yes for crypto containers activated after initial boot

If yes, any hints on how to find out whether it is systemd or mkinitrd that’s the culprit?

If your root is on this encrypted device, it is done by initrd. I do not see any options passed to luksOpen in initrd on 12.2.

Pardon my ignorance, but where/how are arguments (relevant to the current discussion) passed to initrd on openSuse?

initrd is built from scripts in /lib/mkinitrd/scripts. Configuration of LUKS partitions is done by script, which simply does

/sbin/cryptsetup --tries=1 luksOpen "$dev" "$realname"

so there is no provision for passing additional arguments. You may try to open feature request on

Alternative is to try dracut. I have been using it for some time when it was young (on another distro) and it worked quite well. I just checked and upstream version supports allow-discards. Downside - I am not sure whether it is integrated with other configuration tools, so you may need to create initrd manually after kernel installation (or after any configuration change that requires initrd rebuild).

Thank’s for the info arvidjaar.

Quick and dirty (partial) solution to my problem is editing /lib/mkinitrd/scripts/ as follows:

/sbin/cryptsetup  --allow-discards --tries=1 luksOpen  "$dev" "$realname"

and rebuilding mkinitrd. The system boots without hickups and the cryptcontainer holding the root-fs reports that it supports discards. However /home which resides on another partition does not give the same happy message which indicates (!?) that systemd on openSUSE 12.2 does not take heed of either allow-discards or discard in /etc/crypttab.

Hint - script is executed when you run mkinitrd. This script can save environment for later use in initrd. So if you really want this to be fixed, you should extend to parse options and save information for to conditionally use --allow-discards. Then open bug report, attach your patch and hope for the best :slight_smile:

All you should need to do is append the following to your grub configuration, using Yast > Bootloader > Boot Loader Options > Optional Kernel Command Line Parameter


Hope this helps

Which openSUSE version and which initrd are you using? I do not see anything that would interpret this parameter in mkinitrd. AFAIK this is ArchLinux specific.

Look like the direct systemd instructions

Sure. Everything today is systemd.

bor@opensuse:~/src/systemd> grep -rw cryptdevice .

I’d like to give opensuse a try, but this is keeping me back. The “dirty solution” by esox81 didn’t seem to work for me. Perhaps I had some other configurations wrong, as setting things up seems to be quite different from debian. Is there a noob proof way to make this work?