From 7aa855b05be97087b87e01fb3bc1fd48109bbf7c Mon Sep 17 00:00:00 2001 From: Sören Tempel Date: Sun, 16 Mar 2025 12:49:50 +0100 Subject: mapped-devices/luks: Add support for --allow-discards. * gnu/system/mapped-devices.scm (open-luks-device): Support opening LUKS devices with the --allow-discards option. * gnu/system/mapped-devices.scm (luks-device-mapping-with-options): Pass through the allow-discards? keyword argument. * doc/guix.texi (Mapped Devices): Update documentation for the luks-device-mapping-with-options procedure. Co-authored-by: Sisiutl Modified-by: Maxim Cournoyer Change-Id: Iff82d7d548486f028d19f6aa35dd30ca194f57cc --- doc/guix.texi | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) (limited to 'doc') diff --git a/doc/guix.texi b/doc/guix.texi index 1c933e03deb..bcb1f9d9cf8 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -18461,7 +18461,7 @@ command from the package with the same name. It relies on the @code{dm-crypt} Linux kernel module. @end defvar -@deffn {Procedure} luks-device-mapping-with-options [#:key-file] +@deffn {Procedure} luks-device-mapping-with-options [#:key-file #:allow-discards?] Return a @code{luks-device-mapping} object, which defines LUKS block device encryption using the @command{cryptsetup} command from the package with the same name. It relies on the @code{dm-crypt} Linux @@ -18483,6 +18483,15 @@ given location at the time of the unlock attempt. (type (luks-device-mapping-with-options #:key-file "/crypto.key"))) @end lisp + + +@code{allow-discards?} allows the use of discard (TRIM) requests for the +underlying device. This is useful for solid state drives. However, +this option can have a negative security impact because it can make +file system level operations visible on the physical device. For more +information, refer to the description of the @code{--allow-discards} +option in the @code{cryptsetup-open(8)} man page. + @end deffn @defvar raid-device-mapping -- cgit v1.3