mapped-devices/luks: Add support for --allow-discards.

* gnu/system/mapped-devices.scm (open-luks-device): Support opening
LUKS devices with the --allow-discards option.
* gnu/system/mapped-devices.scm (luks-device-mapping-with-options):
Pass through the allow-discards? keyword argument.
* doc/guix.texi (Mapped Devices): Update documentation for the
luks-device-mapping-with-options procedure.

Co-authored-by: Sisiutl <sisiutl@egregore.fun>
Modified-by: Maxim Cournoyer <maxim.cournoyer@gmail.com>
Change-Id: Iff82d7d548486f028d19f6aa35dd30ca194f57cc

1 files changed, 10 insertions, 1 deletions

diff --git a/doc/guix.texi b/doc/guix.texi
index 1c933e03deb..bcb1f9d9cf8 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -18461,7 +18461,7 @@ command from the package with the same name.  It relies on the
 @code{dm-crypt} Linux kernel module.
 @end defvar
 
-@deffn {Procedure} luks-device-mapping-with-options [#:key-file]
+@deffn {Procedure} luks-device-mapping-with-options [#:key-file #:allow-discards?]
 Return a @code{luks-device-mapping} object, which defines LUKS block
 device encryption using the @command{cryptsetup} command from the
 package with the same name.  It relies on the @code{dm-crypt} Linux
@@ -18483,6 +18483,15 @@ given location at the time of the unlock attempt.
  (type (luks-device-mapping-with-options
         #:key-file "/crypto.key")))
 @end lisp
+
+
+@code{allow-discards?} allows the use of discard (TRIM) requests for the
+underlying device.  This is useful for solid state drives.  However,
+this option can have a negative security impact because it can make
+file system level operations visible on the physical device.  For more
+information, refer to the description of the @code{--allow-discards}
+option in the @code{cryptsetup-open(8)} man page.
+
 @end deffn
 
 @defvar raid-device-mapping