Re: geli+trim support

On Wed, 9 Jul 2014 10:22:20 -0600
Warner Losh wrote:

> 
> On Jul 5, 2014, at 2:36 AM, Poul-Henning Kamp <phk@phk.freebsd.dk>
> wrote:
> 
> > In message <53B750C1.8070706@gooch.io>, Jesse Gooch writes:
> > 
> >>> If you TRIM, your old sector is still unchanged somewhere in
> >>> flash, but if you're lucky for slightly less time.
> >> 
> >> Perhaps I misunderstand TRIM, isn't the point of TRIM that it
> >> zeroes out the sector ahead of time so it doesn't have to re-do it
> >> again when it stores more data in that sector later?

> 
> The only way to be sure the data is gone is a secure erase.

I think the issue that Jesse Gooch was referring to is not about data
being erased, it's really about the trim being detectable. 

When you create an encrypted partition, it's considered good practice
to fill the underlying partition with random contents to make it harder
to infer the layout of data in the file-system. With trim, deleting
files incrementally reveals where the data isn't. If nothing else it
leaks an upper limit for the total amount of data stored in the
file-system.

In the worst case scenario, a sophisticated attacker could read-out all
the internal data on an SSD, so I think it's inevitable that trim would
make geli a bit easier to attack.

OTOH an attacker still has to break strong cryptography in order to
actually read the contents. I think quite a lot of people would rather
have trim support than give the NSA a bit more inconvenience. It would
be nice to have it as an option.
_______________________________________________
freebsd-hackers@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-hackers
To unsubscribe, send any mail to "freebsd-hackers-unsubscribe@freebsd.org"