I have the following partition table:
NAME nvme0n1 ├─nvme0n1p1 part /boot └─nvme0n1p2 part └─crypt crypt ├─crypt-swap lvm [SWAP] ├─crypt-root lvm / └─crypt-home lvm /home As the drive is an SSD, I would like to perform TRIM command in order to increase performance/lifetime of the disk itself.
In particular, I would like to enable periodic TRIM.
Because the second partition (i.e., nvme0n1p2) is encrypted, TRIM will be inhibited because of security implications (https://wiki.archlinux.org/title/Dm-crypt/Specialties#Discard/TRIM_support_for_solid_state_drives_(SSD)).
However, it is possible to enable TRIM on encrypted partition by configuring encrypt on the opening.
As I my partition is opened at kernel boot, I've modified kernel parameters (i.e., allow-discards):
cryptdevice=/dev/sdaX:root:allow-discards (Note that the partition naming and volume name are not relevant in the above snippet.).
By doing that, I was indeed successfully able to run TRIM command on the disk:
# cryptsetup luksDump /dev/nvme0n1p2 | grep Flags Flags: allow-discards And:
# fstrim ... /home: [..] trimmed on ... /: [..] trimmed on So far, so good.
The problem arose when I tried to restore to the original state.
I have removed the kernel parameter allow-discards, but Flags on partition still shows allow-discards and fstrim command successfully complete its job.
- How is that possible?
- How to restore denying of discards on the encrypted partition?
