How to enable TRIM on Luks-encrypted SSD on boot?

esox81 · January 6, 2013, 5:05pm

Hi,

I recently bought an Intel 520 SSD on which I installed Opensuse 12.2 within an Luks-encrypted LVM container for an ext4-filesystem. My kernel (3.XX) and Cryptsetup (1.5), as well as the file-system (Ext4) support TRIM-commands through the “discard” option as I understand it; enabled through “/etc/fstab”. However for TRIM to fully work, the “discard” option has to be passed onto the crypto filesystem. This can be done manually when opening the container through

cryptsetup luksOpen --allow-discards /dev/sda2  cr_sda2

and the successfull result verified through

dmsetup table /dev/mapper/cr_sda2 --showkeys

. However adding either “discard” or “allow-discards” to my "/etc/crypttab"does not have any effect after reboot, despite rebuilding the boot-environment with “mkinitrd”.

cr_sda2 /dev/sda2 none luks,discard,allow-discards

Btw I’m using a boot partition for grub2 etc. (sda1).

What have I done wrong? Any ideas on how to make this work on boot?

robin_listas · January 6, 2013, 6:08pm

On 2013-01-06 17:06, esox81 wrote:
> What have I done wrong? Any ideas on how to make this work on boot?

I guess that’s a missing feature.

–
Cheers / Saludos,

Carlos E. R.
(from 11.4, with Evergreen, x86_64 “Celadon” (Minas Tirith))

arvidjaar · January 6, 2013, 8:11pm

Should be working in 12.3 with systemd; at least, current upstream systemd code understands allow-discards. Of course, whether mkinitrd supports it as well is another question (for encrypted root and/or swap).

tsu2 · January 6, 2013, 8:36pm

IMO you should be able to do this at the disk level below the encryption, if so here you go…

Included in the slide deck for my 30 min tech presentation optimizing for SSD…

https://sites.google.com/site/4techsecrets/slide-presentations-30min

Was based on content largely from wiki.archlinux.
That wiki has since been updated with new optimizations but the recommendations in my presentation are plenty good enough… use of tempfs, implement TRIM, change I/O scheduler, how to monitor disk usage in realtime.

TRIM operates at the disk trap level, approx same as block level, what/where is the reference suggesting that encryption level is relevant?

HTH,
TSU

esox81 · January 13, 2013, 1:20pm

So you are saying…systemd is what’s responsible for reading /etc/crypttab and that it should take the “allow-discards” and not “discard”?

If yes, any hints on how to find out whether it is systemd or mkinitrd that’s the culprit?

esox81 · January 13, 2013, 1:51pm

Sorry, but that’s just not an answer to my question.

As per your question, see for example → ssd - TRIM support via dm-crypt/device-mapper - Super User

arvidjaar · January 13, 2013, 1:54pm

Yes for crypto containers activated after initial boot

If yes, any hints on how to find out whether it is systemd or mkinitrd that’s the culprit?

If your root is on this encrypted device, it is done by initrd. I do not see any options passed to luksOpen in initrd on 12.2.

esox81 · January 13, 2013, 4:50pm

Pardon my ignorance, but where/how are arguments (relevant to the current discussion) passed to initrd on openSuse?

arvidjaar · January 13, 2013, 7:24pm

initrd is built from scripts in /lib/mkinitrd/scripts. Configuration of LUKS partitions is done by boot-luks.sh script, which simply does

/sbin/cryptsetup --tries=1 luksOpen "$dev" "$realname"

so there is no provision for passing additional arguments. You may try to open feature request on https://features.opensuse.org/

Alternative is to try dracut. I have been using it for some time when it was young (on another distro) and it worked quite well. I just checked and upstream version supports allow-discards. Downside - I am not sure whether it is integrated with other configuration tools, so you may need to create initrd manually after kernel installation (or after any configuration change that requires initrd rebuild).

esox81 · January 14, 2013, 8:32pm

Thank’s for the info arvidjaar.

esox81 · January 19, 2013, 6:42pm

Quick and dirty (partial) solution to my problem is editing /lib/mkinitrd/scripts/boot-luks.sh as follows:

/sbin/cryptsetup  --allow-discards --tries=1 luksOpen  "$dev" "$realname"

and rebuilding mkinitrd. The system boots without hickups and the cryptcontainer holding the root-fs reports that it supports discards. However /home which resides on another partition does not give the same happy message which indicates (!?) that systemd on openSUSE 12.2 does not take heed of either allow-discards or discard in /etc/crypttab.

arvidjaar · January 20, 2013, 8:19am

Hint - script setup-luks.sh is executed when you run mkinitrd. This script can save environment for later use in initrd. So if you really want this to be fixed, you should extend setup-luks.sh to parse options and save information for boot-luks.sh to conditionally use --allow-discards. Then open bug report, attach your patch and hope for the best

RBrownCCB · May 7, 2013, 6:48pm

All you should need to do is append the following to your grub configuration, using Yast > Bootloader > Boot Loader Options > Optional Kernel Command Line Parameter

cryptdevice=/dev/mapper/system-root:root:allow-discards

Hope this helps

arvidjaar · May 8, 2013, 7:39am

Which openSUSE version and which initrd are you using? I do not see anything that would interpret this parameter in mkinitrd. AFAIK this is ArchLinux specific.

bruno_friedmann · May 11, 2013, 11:59am

Look like the direct systemd instructions

arvidjaar · May 11, 2013, 3:56pm

Sure. Everything today is systemd.

bor@opensuse:~/src/systemd> grep -rw cryptdevice .
bor@opensuse:~/src/systemd>

mlammas · July 3, 2013, 5:11pm

I’d like to give opensuse a try, but this is keeping me back. The “dirty solution” by esox81 didn’t seem to work for me. Perhaps I had some other configurations wrong, as setting things up seems to be quite different from debian. Is there a noob proof way to make this work?