I mount using the ‘defaults’ parameter in /etc/fstab, with LUKS, followed by LVM, and then filesystems. I’m not so well-versed in storage that I’ve really stopped to consider if that nesting might have implications for that.
Then again, I distrohop for fun. I’m constantly churning what’s actually on disk anyway. My filesystems are cattle, not pets, and I don’t think about them very much.
I actually use TRIM with LUKS (On my personal laptop), reason being if someone stole my laptop, he or she is probably not sophisticated enough to try to actually get to my data, he or she will probably just format the drive and try to resell the laptop (Who would steal a T430 anyway?)
So i don’t really care for the security impacts trim on luks could have, i just set allow-discards in /etc/defaults/grub, Would i be using a linux machine at work i would not use it, for the aforementioned security concerns raised in the archwiki
Well, if some pro, most probably three letter agencies, got physical access to my hardware i have lost anyway.
For Work machines, if my employer enforces FDE i would not configure it in any way that, even only theoretically, could endanger my data safety. Also, work machine which should normally be imaged by employer guidelines.
Agreed, but I don’t even think DISA STIG mentions anything about this. At least, I don’t think it’s in the OpenSCAP criteria for RHEL (I’ve read through that a couple times in the past).
To be honest, didn’t even know there was a security problem with trim until i’ve read about it in this thread. Guess it’s more a theoretical problem than an actively abused one.