Package: cryptsetup Severity: wishlist Tags: patch Hi,
cryptsetup 1.4.0 brings support for --allow-discards, which is useful on SSD storage devices, although it comes with security risks that must be assessed. The attached patch, prepared and tested against the current packaging SVN repo (rev. 897), adds support for an allow-discards option in crypttab, that translates into passing --allow-discards to cryptsetup. This patch also updates the documentation accordingly. Please review. (I'll mark this bug as blocked by #647851 as soon as I get its number.) Regards, -- intrigeri <intrig...@boum.org> | GnuPG key @ https://gaffer.ptitcanardnoir.org/intrigeri/intrigeri.asc | OTR fingerprint @ https://gaffer.ptitcanardnoir.org/intrigeri/otr.asc | Did you exchange a walk on part in the war | for a lead role in the cage?
commit 8a2d30a612cd507f8bff840863c6e4473a303795 Author: intrigeri <intrig...@boum.org> Date: Tue Nov 15 18:24:56 2011 +0100 Add support for allow-discards option in crypttab. diff --git a/debian/cryptdisks.functions b/debian/cryptdisks.functions index 9cb72d4..9e4b76a 100644 --- a/debian/cryptdisks.functions +++ b/debian/cryptdisks.functions @@ -51,6 +51,9 @@ parse_opts () { VALUE=$(echo "$opt" | sed '/=/!d;s/^.*=//') case "$PARAM" in + allow-discards) + PARAMS="$PARAMS --allow-discards" + ;; readonly) PARAMS="$PARAMS -r" ;; diff --git a/debian/doc/crypttab.xml b/debian/doc/crypttab.xml index 077caf6..92e0ce4 100644 --- a/debian/doc/crypttab.xml +++ b/debian/doc/crypttab.xml @@ -143,6 +143,21 @@ </varlistentry> <varlistentry> + <term><emphasis>allow-discards</emphasis></term> + <listitem> + <simpara>Allow using of discards (TRIM) requests for device.</simpara> + <simpara><emphasis role="strong">WARNING</emphasis>: Assess the + specific security risks carefully before enabling this option. + For example, allowing discards on encrypted devices may lead to + the leak of information about the ciphertext device (filesystem + type, used space etc.) if the discarded blocks can be located + easily on the device later.</simpara> + <simpara>Kernel version 3.1 or more recent is required. + For older versions is the option ignored.</simpara> + </listitem> + </varlistentry> + + <varlistentry> <term><emphasis>readonly</emphasis></term> <listitem> <simpara>The backing device is read-only (eg: a dvd).</simpara>