Git-Mirrors/qubes-doc
1
0
Fork 0
mirror of https://github.com/QubesOS/qubes-doc.git synced 2024-10-01 01:25:40 -04:00
Code Issues Packages Projects Releases Wiki Activity
d52ca1538b
qubes-doc/DiskTRIM.md

1.1 KiB
Raw Blame History

layout title permalink redirect_from
doc DiskTRIM /doc/DiskTRIM/ /wiki/DiskTRIM/

VMs have already TRIM enabled by default, but dom0 doesn't. There are some security implications (read for example this article), but IMO not very serious.

To enable TRIM in dom0 you need:

  1. Get your LUKS device UUID:

    ls /dev/mapper/luks-*

  2. Add entry to /etc/crypttab (replace luks-<UUID> with the device name and the <UUID> with UUID alone):

    luks-<UUID> UUID=<UUID> none allow-discards

  3. Add rd.luks.allow-discards=1 to kernel cmdline (/etc/default/grub, GRUB_CMDLINE_LINUX line)

  4. Rebuild grub config (grub2-mkconfig -o /boot/grub2/grub.cfg)

  5. Rebuild initrd in hostonly mode:

    dracut -H -f

  6. Add "discard" option to /etc/fstab for root device

  7. Reboot the system, verify that allow-discards is really enabled (dmsetup table)

There is a bug affecting allow-discards option, once it will be fixed, first two steps will be no longer needed.