It will apply only to new installations of Fedora Linux

Jan 22, 2017 22:05 GMT  ·  By

According to the Fedora 26 release schedule, the upcoming operating system is approaching an important milestone, namely the proposal submission deadline for system-wide changes, which is currently set for January 31.

With this in mind, the Fedora developers are publishing a lot of interesting system-wide change proposals for Fedora 26, and one that caught our eye recently is the enablement of TRIM on encrypted disk drivers for SSD (Solid State Drives), which could dramatically improve their performance.

Adding the "discard" option in the /etc/crypttab file is all one needs to enable TRIM on an SSD disk, but it would appear that enabling "discard" on an encrypted drive could lead to leak of information about the ciphertext device, including the used space and file system type, which could help an attacker crack the encryption faster.

Fedora's latest surveys reveal the fact that users don't want to sacrifice disk performance if they are using SSDs, for the obvious reasons that they're still expensive, just to keep their data encrypted and away from the eyes of government and intelligence agencies.

"User base of Fedora distribution with SSDs grows steadily and while the argument for kernel default setting not to enable the discard is still strong one it doesn't change the fact that vast majority of users (with SSDs) doesn't want to sacrifice better performance of drive with discard/trim enabled for the sake of secrecy," reads the new proposal.

Overriding kernel defaults for dm-crypt mappings

Therefore, two Fedora developers are currently working on a method to override default kernel settings for dm-crypt mapping of disk drives encrypted with LUKS (Linux Unified Key Setup). This can be done by implementing a flag in the /etc/crypttab file, but it will only affect new installations of Fedora Linux.

With this change, Fedora users will benefit from enhanced I/O performance for their encrypted SSD disks, but please keep in mind that you'll have to reinstall your operating system once Fedora 26 is released to enjoy this extra layer of performance. The release of Fedora 26 Linux is currently set for June 6, 2017.