|
Size: 4093
Comment: adding a note that hints to the danger when using dm-crypt (or any on disk crypto) with discard
|
Size: 4219
Comment: add the same note below
|
| Deletions are marked like this. | Additions are marked like this. |
| Line 79: | Line 79: |
| '''Note that using discard with on-disk-cryptogrpahy (like dm-crypt) has drawbacks with respect to security/cryptography!''' |
Translation(s): none
This describe SDD optimization with system having encrypted root and swap.
Contents
![/!\](/htdocs/debwiki/img/alert.png "/!\"){kind=small}
An important aspect in optimizing SSD performance is the file system and partition layout. This wiki page does not cover these issues.
Optimization of solid state drive
Performance and disk wear of the solid state drive (SSD) can be optimized as follows.
Use the latest Linux kernel. (>3.2)
- Reduce disk writes for read disk accesses.
- Set "noatime" or "relatime" mount option in /etc/fstab.
- Enable the TRIM command.
- Set "discard" mount option in /etc/fstab for the ext4 filesystem, swap partition, Btrfs, etc. See mount(8).
- Set "discard" option in /etc/lvm/lvm.conf for LVM. See lvm.conf(5).
Set "discard" option in /etc/crypttab for dm-crypt. Note that this has drawbacks with respect to security/cryptography! See crypttab(5).
- Enable the SSD optimized disk space allocation scheme.
- Set "ssd" mount option in /etc/fstab for the Btrfs.
- Make system flush data to the disk every 10 minutes for laptop PCs.
- Set "commit=600" mount option in /etc/fstab. See mount(8).
Set pm-utils to use laptop-mode even under AC operation. See Debian BTS #659260.
Changing flushing interval from normal 5 seconds to 10 minutes makes your data venerable to the power failure.
I used to use mount /tmp and similar on tmpfs to avoid disk wear. With laptop-mode as above, i do not do this any more since laptop-mode etc. shall reduce disk writes significantly.
/etc/fstab
# /etc/fstab: static file system information. # # Use 'vol_id --uuid' to print the universally unique identifier for a # device; this may be used with UUID= as a more robust way to name devices # that works even if disks are added and removed. See fstab(5). # # <file system> <mount point> <type> <options> <dump> <pass> ### SSD: discard,noatime ### match battery operation default for commit JOURNAL_COMMIT_TIME_AC in Add files in /etc/pm/config.d/* /dev/mapper/goofy-root / ext4 discard,noatime,commit=600,errors=remount-ro 0 1 # /boot was on /dev/sda1 during installation UUID=709cbe4a-80c1-46cb-8bb1-dbce3059d1f7 /boot ext4 discard,noatime,commit=600,defaults 0 2 ### SSD: discard /dev/mapper/goofy-swap none swap sw,discard 0 0 /dev/mapper/goofy-chroot /srv/chroot btrfs ssd,discard,noatime 0 2 /dev/scd0 /media/cdrom0 udf,iso9660 user,noauto 0 0
/etc/lvm/lvm.conf
...
# This section allows you to configure which block devices should
# be used by the LVM system.
devices {
...
# Issue discards to a logical volumes's underlying physical volume(s) when
# the logical volume is no longer using the physical volumes' space (e.g.
# lvremove, lvreduce, etc). Discards inform the storage that a region is
# no longer in use. Storage that supports discards advertise the protocol
# specific way discards should be issued by the kernel (TRIM, UNMAP, or
# WRITE SAME with UNMAP bit set). Not all storage will support or benefit
# from discards but SSDs and thinly provisioned LUNs generally do. If set
# to 1, discards will only be issued if both the storage and kernel provide
# support.
# 1 enables; 0 disables.
#issue_discards = 0
issue_discards = 1
}
...
dm-crypt: /etc/crypttab
Note that using discard with on-disk-cryptogrpahy (like dm-crypt) has drawbacks with respect to security/cryptography!
#<target name> <source device> <key file> <options> var UUID=01234567-89ab-cdef-0123-456789abcdef none luks,discard
Smaller system with SSD
See