I have the following partition table:
NAME
nvme0n1
├─nvme0n1p1 part /boot
└─nvme0n1p2 part
└─crypt crypt
├─crypt-swap lvm [SWAP]
├─crypt-root lvm /
└─crypt-home lvm /home
As the drive is an SSD, I would like to perform TRIM command in order to increase performance/lifetime of the disk itself.
In particular, I would like to enable periodic TRIM.
Because the second partition (i.e., nvme0n1p2) is encrypted, TRIM will be inhibited because of security implications (https://wiki.archlinux.org/title/Dm-crypt/Specialties#Discard/TRIM_support_for_solid_state_drives_(SSD)).
However, it is possible to enable TRIM on encrypted partition by configuring encrypt on the opening.
As I my partition is opened at kernel boot, I've modified kernel parameters (i.e., allow-discards):
cryptdevice=/dev/sdaX:root:allow-discards
(Note that the partition naming and volume name are not relevant in the above snippet.).
By doing that, I was indeed successfully able to run TRIM command on the disk:
# cryptsetup luksDump /dev/nvme0n1p2 | grep Flags
Flags: allow-discards
And:
# fstrim ...
/home: [..] trimmed on ...
/: [..] trimmed on
So far, so good.
The problem arose when I tried to restore to the original state.
I have removed the kernel parameter allow-discards, but Flags on partition still shows allow-discards and fstrim command successfully complete its job.
- How is that possible?
- How to restore denying of discards on the encrypted partition?
