Welcome to the Slackware Documentation Project

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

howtos:hardware:ssd [2014/03/04 16:18 (UTC)] (current)
rbn created
Line 1: Line 1:
 +====== Solid State Drives ======
 +===== Installing Slackware 14.1 on a SSD drive =====
 +While some of this could be performed after an installation (changing the LVM settings),
 +I'll assume a new installation,​ because most parts can't be easily performed afterwards.
  
 +==== Partition creation ====
 +Create your partitions with fdisk, as cfdisk doesn'​t automatically aligns your
 +partitions correctly. Parted seems also to do this right and also has a 
 +function to check the alignments of partitions. To do this start parted and
 +use the ''​align-check opt''​ command:
 +
 +  # parted
 +  (parted) align-check opt <​partition number>
 +  ​
 +parted now displays ''<​partition number> aligned''​ if the partition is aligned correctly, or
 +''<​partition number> not aligned''​ if not.
 +
 +Compare: https://​www.gnu.org/​software/​parted/​manual/​parted.html#​align_002dcheck ​
 +
 +==== SSDs and LUKS ====
 +Here are some points to be observed. First, SSDs and encryption are not a really perfect combination.
 +For best security there should be no information about the contents of the encrypted container, but SSDs
 +internally "​load-balance"​ the write cycles so that the memory is used equally (if you delete something, ​
 +the device gets notified about the new free space). This method is called TRIM. LUKS intentionally
 +prevents this by never telling the drive which parts of it are in use and which are free for balancing.
 +
 +This behavior can be turned off, but naturally this has an impact on the security of the encryption.
 +For more information about this, read: http://​asalor.blogspot.com/​2011/​08/​trim-dm-crypt-problems.html
 +
 +In the following I'll show the steps that are required to enable TRIM with LUKS, if you decide to use it that way.
 +It is assumed that a LUKS+LVM setup is used, as described in ''​[[http://​ftp.slackware.com/​pub/​slackware/​slackware64-14.1/​README_CRYPT.TXT|README_CRYPT.TXT]]''​ section "​Combining LUKS and LVM" to
 +which I'll refer for the commands issued.
 +
 +=== Formatting the LUKS container ===
 +If you have decided to use TRIM, you can skip the part of writing random data to the partition.
 +Format the LUKS container as described in the mentioned section of ''​README_CRYPT.TXT''​ :
 +  # cryptsetup -s 256 -y luksFormat /dev/sdx2
 +
 +=== Opening the LUKS container ===
 +When opening the encrypted partition, you have to use the parameter ''​%%--allow-discards%%'':​
 +  # cryptsetup --allow-discards luksOpen /dev/sdx2 lukssda2
 +
 +=== Modifing the initrd script ===
 +Then continue as described in ''​README_CRYPT.TXT''​ with creating the LVM volumes. The next part where care has to be taken is
 +creating the initrd. Here you have to manually patch the <​file>​initrd-tree/​init</​file>​ script to assure
 +that the LUKS containers are opened with the <​code>​--allow-discards</​code>​ parameter.
 +
 +Populate ''​initrd-tree''​ by executing ''​mkinitrd''​ as described in ''​README_CRYPT.TXT''​. ​
 +Then, open ''​initrd-tree/​init''​ with the editor of your choice and insert ''​%%--allow-discards%%''​ at these commands:
 +
 +  /​sbin/​cryptsetup ${LUKSKEY} luksOpen ${LUKSDEV} ${CRYPTDEV} </​dev/​tty0 >/​dev/​tty0 2>&1
 +changes to
 +  /​sbin/​cryptsetup --allow-discards ${LUKSKEY} luksOpen ${LUKSDEV} ${CRYPTDEV} </​dev/​tty0 >/​dev/​tty0 2>&1
 +
 +there should be two occurrences of luksOpen in the file.
 +Now with the file changed, call mkinitrd again, but this time without the ''​-c''​ option to prevent the
 +deletion of your modifications.
 +
 +Continue as described, with modifying your lilo configuration. Because LVM is used in this setup, read also the
 +next section (which could also be performed after rebooting).
 +
 +==== SSDs and LVM ====
 +The TRIM functionality mentioned in the LUKS section must also specifically enabled for
 +LVM. To activate the issuing of these commands, change
 +  issue_discards = 0
 +in ''/​etc/​lvm/​lvm.conf''​ to
 +  issue_discards = 1
 +and reboot.
 +
 +<!-- Please do not modify anything below, except adding new tags.-->
 +<!-- You must remove the tag-word "​template"​ below before saving your new page -->
 +{{tag>​howtos ssd}}

In Other Languages
QR Code
QR Code howtos:hardware:ssd (generated for current page)