Forgot your password?
This discussion has been archived. No new comments can be posted.

Out-of-the-Box, Ubuntu 14.04 LTS To Support TRIM On SSDs

Comments Filter:
  • by TeknoHog (164938) on Saturday December 21, 2013 @08:40PM (#45757179) Homepage Journal

    But surely this defeats the perceived satisfaction of tweaking and fixing it all up manually? Where's the fun in that?

    If that's your thing, use Gentoo instead. At least that's what I do. In case you're being sarcastic, the fun IMHO is in learning about your system and understanding why distros make the choices they do. I think my first week with Linux taught me more about computers than years with DOS/Windows, and I still wonder how a Windows machine can be anyone's "Personal Computer".

  • TRIM not always good (Score:5, Interesting)

    by girlintraining (1395911) on Saturday December 21, 2013 @08:41PM (#45757185)

    the new LTS (Long Term Stable) version of Ubuntu Linux will automatically enable TRIM for your SSD. Good news for hardware enthusiasts!"

    And terrible news for encryption experts. Enabling TRIM tells your adversary which sectors contain data and which don't. It's a great asset to cryptanalysis and also destroys plausible deniability that there's a filesystem present on the drive, and how much data is present in it -- thus eliminating the "shadow volume" option of Truecrypt and others.

  • by Anonymous Coward on Saturday December 21, 2013 @09:32PM (#45757385)

    No, YOU clearly don't know what you're talking about, and yet are arrogant as all hell.
    The problem arises from the fact that while HDDs have only 2 operations (read, write) and therefore have no distinction outside the file-system of what is "free" and what is "allocated", SSDs have 3 (read, write, free), because SSDs label sectors as "free" or "allocated" (that is, the hardware itself, not just the file-system). So for a standard HDD encryption, the procedure goes: overwrite hard drive with random data, create encrypted partition, install OS on encrypted partition (last step optional, of course). What this accomplishes is that an attacker who examines the disk can't tell the difference between what is and isn't written to, since the unwritten data is random and the written data is encrypted (i.e. indistinguishable from random, if done correctly). On a TRIM-enabled SSD though, the OS sees all these unused sectors and proceeds to mark them as Free. That is a huge fucking problem, for the roughly the reasons the GP stated. In particular, it's egregiously bad for users of hidden volumes, since that hidden volume will never be TRIMed, and the attacker who can rubber hose your outer volume can see a chunk of disk that hasn't been trimmed, yet isn't allocated in the partition you gave them. They can now rubber hose THAT partition as well, whereas previously there was no way to know it even existed (in theory at least, the cryptsetup guys don't buy that).

    If you don't believe this is an issue, then ask the Truecrypt devs:

    or the LUKS/dm-crypt devs:

    Please be more respectful in the future, as we're wrong more often than we like to think.

From Sharp minds come... pointed heads. -- Bryan Sparrowhawk