I'm finding a lot of conflicting information out there, and as of yet haven't found anyone trying to pull together all of the components that I'm trying to do, so I'm hoping someone who understands SSD, encrypted LVMs and so on can stop by and help out.
Basically, my system is a laptop with:
- /dev/sda: 32 GB SSD
- /dev/sdb: 256 GB SSD
- /dev/sdc: 1000 GB HD
Generally my Linux installs consist of three partitions:
- ~50 mb /boot
- large /home
- ~30 gb "everything else"
So effectively I'd like
/dev/sda1 -> /boot/dev/sda2 -> //dev/sdb1 -> /home/dev/sdc1 -> /swap/dev/sdc2 -> /mnt/storage
The catch is I'd like to encrypt all of this (except for /boot and /mnt/storage which can stay unencrypted). I've read that when encrypting SSDs there can be issues with things like TRIM, and that ideally I'd want to use EXT4 with some particular options set, and that I must be very careful with partition alignment, and some just claim that encrypted LVMs really don't play well with SSDs and I should just use EncFS or eCryptfs (although people seem unclear and/or polarized on whether these should be used to encrypt "mount-at-boot" partitions like / and /home).
Is there any canonical information on this?
Best Answer
I'm running btrfs on top of dm-crypt for a while now. Since btrfs is a multi-device capable and dynamic (grow, shrink etc) filesystem, I don't really need the LVM layer for my purposes.
Other than that, use a recent enough dm-crypt that has
--allow-discardscapability, 3.1+ kernel and a filesystem that also allows discards (btrfs, ext*, ...).Some stuff to read through doing all this:
I'll update with more links over time as I find them from my bookmark abyss :>
I have not benchmarked my setup particularly much. For me it's behaving more than adequate in performance i.e. still worlds ahead of HDD. I don't know for now exactly what state my SSD is in and whether the multi-layer discard system is really working 100%. What's important rather is I have enough performance with enough of a security model to fend off the higher-probability issues, such as , forgetting the device, device being stolen by random people, etc.
So finding out exactly how much my SSD lifespan has possibly shortened, or performance slowed because of the discard system not working 100% correctly for TRIM, or how much dm-crypt discards weaken its inherent security - I have not been able to gather information to warrant giving these questions a high priority. One of the reasons I'm writing this answer is perhaps I'm wrong too much and putting this out here is currently the optimal way for me to try to find out.