On Sat, Jul 11, 2015 at 02:15:53PM +0100, RW via freebsd-geom wrote: > On Fri, 10 Jul 2015 17:28:37 -0500 > Matthew D. Fuller wrote: > > > > 2) Security. For whatever your threat model is, leaking the "how much > > space is in use" datum is unacceptable. > > It's not about how much space is free, it's about giving away which > blocks do and don't contain data. > > Perhaps more importantly TRIM breaks plausible deniabily, which was > the the point of allowing the geli metadata to be store separately. You > can't argue that a partition has been wiped with 'dd if=/dev/random ...' > if the the partition has been subsequently trimmed.
Yes, you are right. I even suggest in man page to overwrite providers
with random data before using them. So what do you guys think about
implementing trim support this way:
geli -d <trim|overwrite|ignore>
'overwrite' may be implemented later and 'trim' would be the default?
This option bascially defines how BIO_DELETE should be handled.
--
Pawel Jakub Dawidek http://www.wheelsystems.com
FreeBSD committer http://www.FreeBSD.org
Am I Evil? Yes, I Am! http://mobter.com
pgpSFLubuAQmJ.pgp
Description: PGP signature
