during the installation, I noticed an option to encrypt his system. I installed the manjaro on a usb key for testing. So, I enabled the option to encrypt the system. Then I noticed that the installer had created a luks partition instead of an Ext4 partition. If I want to do the same kind of installation on an SSD, how will Trim and write management (noatime) be taken care of with an encrypted system? Is the support automatic or will I have to do some configuration/commands so that noatime and Trim are correctly supported? Can you tell me more about this subject?
Ok. An what about fstrim timer with encrypted system ?
There is no how-to on Manjaro wiki who explain how to put everything in place with this kind of installation ?
You simply enable the pre-shipped timer. By default (after enabling it), it will issue a trim command to all supported devices once per week. (You only need to enable and start it for the first time. After that, like any other timer/service, it will remain enabled.)
sudo systemctl enable fstrim.timer
sudo systemctl start fstrim.timer
For the sake of your drive’s health, do not specify the
discard option in your fstab. Specifying
noatime is fine, though.
Your fstab options are independent of your crypttab/cryptdevice/rd.luks.options. Even if some of the words “look the same”, they have different purposes. The Wiki explains this.
allow-discards is specified in the crypt/LUKS parameters, it simply means that it will “allow” trim commands to “pass through” the encrypted device. (It does not do anything itself. It basically “grants permission” for the user or the system to issue trim commands, whether manually, in real-time, or automatically with a timer.)
The reason “allowing” discards is not the default, and the reason the timer is not enabled by default, is due to “possible” security implications. The fear is overblown in my opinion.
@winnie: I followed the link given by mithrial. But I’m a bit lost. At the Manjaro level, it uses the luks method. In this case, how do I configure the trim for system encryption? By setting at kernel parameter level: cryptdevice=/dev/sdaX:root:allow-discards or rd.luks.options=discard
Should I also modify the /etc/crypttab file?
In summary, how to set this up?
For the root filesystem, both parameters work.
crypttab is for all other filesystems. The root filesystem is handled by your initramfs at bootup.
Just “comment out” or remove the line in your
crypttab that refers specifically to the root partition. Your initramfs (and parameters) handles it instead.