search

therealromster / cryptsetup

Automatically exported from code.google.com/p/cryptsetup
GNU General Public License v2.0
0 stars 0 forks source link

--allow-discards at runtime #196

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago 
It seems to be possible already with very cumbersome/dangerous commands:

1. cryptsetup luksOpen /dev/ssd foobar
2. dmsetup table --showkeys | grep foobar
3. dmsetup reload foobar --table "0 2093056 crypt aes-xts-plain64 
12345678901234567890 0 253:33 4096 1 allow_discards"

That doesn't raise an error but dmsetup table doesn't show allow_discards flag 
yet.

4. cryptsetup luksSuspend foobar
5. cryptsetup luksResume foobar

After suspend resume it shows up correctly in dmsetup table. Haven't tested 
whether discard actually works then though.

If it's possible to change at runtime, why does cryptsetup only accept it when 
opening the device, requiring everyone to add support for that option to their 
initrd (having to reboot)?

Original issue reported on code.google.com by Andreas....@gmail.com on 10 Jan 2014 at 2:16

GoogleCodeExporter commented 9 years ago 
If you interfere on low level, obviously you can do very dangerous things (you 
can change anything).

Dmsetup reload uses inactive table, suspend/resume just switch these tables. So 
discard option is visible when you use "dmsetup table --inactive".

And requiring everyone to specify discard enable is intentional - you are 
enabling security problematic option, this must be done explicitly on open (and 
also before fs is mounted).

Cryptsetup no longer supports reload operation, it can be very dangerous (try 
to change key, and instead luksSuspend use dmsetup resume for luks device - 
your data are gone...)

Original comment by gmazyl...@gmail.com on 10 Jan 2014 at 7:30