Ubuntu
cryptsetup package

Ubiquity offers to encrypt the new system, but fails to set TRIM-enabling option in crypttab

Bug #1281587 reported by kimj
10
This bug affects 2 people
Affects Status Importance Assigned to Milestone
cryptsetup (Ubuntu)
Confirmed
Undecided
Unassigned
ubiquity (Ubuntu)
Confirmed
Undecided
Unassigned

Bug Description

summary: ubiquity should add, after "luks", an option to enable trim support at the dm-crypt layer, if the target disk is an ssd with trim support. Alternatively, "allow-discards" should be ok on all systems, even not-ssd ones, since in ubuntu 14.04, is the userland script trimfs-all that choses which filesystems and disks are TRIM-capable, and issues discards weekly. Putting "allow-discards" on all systems shouldn't cause any problem since the choice about whatever discards are to be issued is left to the userland.

copy pasting from google+:
in ubuntu 14.04 there's default TRIM support.
a weekly cronjob, /etc/cron.weekly/fstrim, runs the script "fstrim-all", which invokes fstrim on all supported filesystems.
in order to effectively issue discards, all the layers must support issuing discards, not just the filesystem.
For this reason, in 14.04, lvm supports issuing discards to the lower layers of block storage by default:
in /etc/lvm/lvm.conf we have "issue_discards = 1"
however, ubiquity supports installing a system with encryption by default. In order to effectively support issuing discards, LUKS should be configured to support them too:
in /etc/crypttab we should have something like
"[...] luks,allow-discards", to allow higher layers to issue discards.
It is also possible to have "luks,discard", to automatically issue discards, but it would be more in line with ubuntu policy to trim ssd periodically from the userland to just "allow" them.
in a default install, at the moment, no discard option is present in /etc/crypttab:
"sda5_crypt UUID=longuuidhere none luks"

as a consequence, fstrim fails:
fstrim: /: FITRIM ioctl failed: Operation not supported

Revision history for this message
kimj (emailadhoc) wrote :

note that the initramfs image does NOT support "allow_discards" at the moment. the script "scripts/local-top/cryptroot" only supports the "discard" option:

                discard)
                        cryptdiscard="yes"
                        ;;

furthermore, "allow_discards" is not copied into conf/conf.d/cryptroot
so, to avoid changing initrd and packages/infrastructure that generates it, ubuntu should use "discard" in /etc/crypttab.

a viable alternative is to change the default in the script/local-top/cryptroot script:

        # Defaults
        cryptcipher=aes-cbc-essiv:sha256
        cryptsize=256
        crypthash=ripemd160
        crypttarget=cryptroot
        cryptsource=""
        cryptlvm=""
        cryptkeyscript=""
        cryptkey="" # This is only used as an argument to an eventual keyscript
        crypttries=3
        cryptrootdev=""
        cryptdiscard=""
        CRYPTTAB_OPTIONS=""

by changing cryptdiscard to yes

Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in cryptsetup (Ubuntu):
status: New → Confirmed
Changed in ubiquity (Ubuntu):
status: New → Confirmed
Revision history for this message
N. W. (nw9165-3201) wrote :

Any update?

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.