qubes-doc/configuration/DiskTRIM.md

36 lines
1.1 KiB
Markdown
Raw Normal View History

2014-05-11 12:03:56 -04:00
---
2015-04-10 16:17:45 -04:00
layout: doc
2014-05-11 12:03:56 -04:00
title: DiskTRIM
2015-04-10 16:17:45 -04:00
permalink: /doc/DiskTRIM/
redirect_from: /wiki/DiskTRIM/
2014-05-11 12:03:56 -04:00
---
VMs have already TRIM enabled by default, but dom0 doesn't. There are some security implications (read for example [this article](http://asalor.blogspot.com/2011/08/trim-dm-crypt-problems.html)), but IMO not very serious.
2014-05-11 12:03:56 -04:00
To enable TRIM in dom0 you need:
1. Get your LUKS device UUID:
2014-05-11 12:03:56 -04:00
```
ls /dev/mapper/luks-*
```
2014-05-11 12:03:56 -04:00
2. Add entry to `/etc/crypttab` (replace luks-\<UUID\> with the device name and the \<UUID\> with UUID alone):
2014-05-11 12:03:56 -04:00
```
2014-05-11 12:03:56 -04:00
luks-<UUID> UUID=<UUID> none allow-discards
```
2014-05-11 12:03:56 -04:00
3. Add `rd.luks.allow-discards=1` to kernel cmdline (`/etc/default/grub`, GRUB\_CMDLINE\_LINUX line)
4. Rebuild grub config (`grub2-mkconfig -o /boot/grub2/grub.cfg`)
5. Rebuild initrd **in hostonly mode**:
```
2014-05-11 12:03:56 -04:00
dracut -H -f
```
2014-05-11 12:03:56 -04:00
6. Add "discard" option to `/etc/fstab` for root device
7. Reboot the system, verify that allow-discards is really enabled (`dmsetup table`)
There is a [bug affecting allow-discards option](https://bugzilla.redhat.com/show_bug.cgi?id=890533), once it will be fixed, first two steps will be no longer needed.