On Wed, 2020-03-18 at 11:27 +0100, john doe wrote: > Package: debian-installer > Version: debian-10.3.0-amd64-netinst.iso > > After installing debian-10.3.0-amd64-netinst.iso with encrypted LVM, the > crypttab file is populated with the discard' option in the fourth field. > > According to (1), the discard option has security implication: > > "discard > Allow discard requests to be passed through the encrypted block device. > This improves performance on SSD storage but has security implications."
As I recall, the security implication is a minor information leak - it makes it possible to determine how much, and which parts, of the disk are used. Hardly anyone should care about that, so this is a reasonable defualt. Ben. > I would suggest that the debian-installer populates the first two > mandatory fields of '/etc/crypttab'. > > 1) https://www.freedesktop.org/software/systemd/man/crypttab.html > > -- > John Doe > -- Ben Hutchings Unix is many things to many people, but it's never been everything to anybody.
signature.asc
Description: This is a digitally signed message part
