From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gmazyland@gmail.com>
Received: from mail-wr1-x429.google.com (mail-wr1-x429.google.com
 [IPv6:2a00:1450:4864:20::429])
 (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)
 key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256)
 (No client certificate requested)
 by mail.server123.net (Postfix) with ESMTPS
 for <dm-crypt@saout.de>; Sat,  9 May 2020 22:11:59 +0200 (CEST)
Received: by mail-wr1-x429.google.com with SMTP id y3so6000797wrt.1
 for <dm-crypt@saout.de>; Sat, 09 May 2020 13:11:59 -0700 (PDT)
References: <20200509162535.13a4086e@glena.fritz.box>
 <CAJCQCtQAuhh3aLFa7Sze17wmYqUa=JtPDXMiH7KirJE18Powzg@mail.gmail.com>
 <20200509214159.3d85409c@glena.fritz.box>
From: Milan Broz <gmazyland@gmail.com>
Message-ID: <69e220d1-d9b3-3e96-1b7a-8d400d6aed5a@gmail.com>
Date: Sat, 9 May 2020 22:11:56 +0200
MIME-Version: 1.0
In-Reply-To: <20200509214159.3d85409c@glena.fritz.box>
Content-Type: text/plain; charset=utf-8
Content-Language: en-US
Content-Transfer-Encoding: 7bit
Subject: Re: [dm-crypt] luks2 and discard/trim not working
List-Id: <dm-crypt.saout.de>
List-Unsubscribe: <https://www.saout.de/mailman/options/dm-crypt>,
 <mailto:dm-crypt-request@saout.de?subject=unsubscribe>
List-Archive: <https://www.saout.de/pipermail/dm-crypt/>
List-Post: <mailto:dm-crypt@saout.de>
List-Help: <mailto:dm-crypt-request@saout.de?subject=help>
List-Subscribe: <https://www.saout.de/mailman/listinfo/dm-crypt>,
 <mailto:dm-crypt-request@saout.de?subject=subscribe>
To: Nikolay Kichukov <hijacker@oldum.net>, Chris Murphy <lists@colorremedies.com>
Cc: dm-crypt@saout.de

On 09/05/2020 21:41, Nikolay Kichukov wrote:
>  
> Does mine use an internal hash?

No, internal hash is used for non-cryptographic integrity
protection (IOW when you use only integritysetup).

LUKS2 can used with authenticated encryption and here discard
will be never supported. New cryptsetup should print better error
message here though ("TRIM/discard is not supported.")

(Discarded areas means that data area is undefined and reading
must return "integrity failure". Many programs do not expect this
and will misbehave.
And introducing new state "discarded" would basically define
a new state in authenticated encryption - we will not do this
in dm-crypt.)

Authenticated encryption for LUKS2 is an experimental feature,
I hope one day we will have something better on filesystem layer.

If you use just the same encryption as in LUKS1 (length
preserving encryption without any data integrity protection),
then it behaves exactly the same - discards can be enabled.

Milan