Skip to content

Enable SSD TRIM for LUKS-encrypted drives#5332

Open
stephentaylor-com wants to merge 2 commits intobasecamp:devfrom
stephentaylor-com:enable-ssd-trim
Open

Enable SSD TRIM for LUKS-encrypted drives#5332
stephentaylor-com wants to merge 2 commits intobasecamp:devfrom
stephentaylor-com:enable-ssd-trim

Conversation

@stephentaylor-com
Copy link
Copy Markdown

@stephentaylor-com stephentaylor-com commented Apr 17, 2026

Summary

  • Add :allow-discards to the cryptdevice= kernel parameter so TRIM commands pass through the dm-crypt layer to the SSD
  • Migration for existing installs applies immediately via cryptsetup --persistent (no reboot required)
  • New installs get :allow-discards automatically during Limine setup

Closes #2229

Details

Without :allow-discards, dm-crypt blocks all TRIM/DEALLOCATE commands from reaching the SSD — even on modern NVMe drives. The drive controller treats freed blocks as occupied data, increasing write amplification and reducing drive longevity.

Since kernel 6.2, btrfs automatically enables discard=async, so fstrim.timer is not needed. The only missing piece is allowing TRIM commands to pass through the LUKS encryption layer.

Changes

migrations/1776500000.sh — Migration for existing installs:

  • Detects LUKS encryption via cryptdevice= in /etc/default/limine
  • Skips silently on unencrypted systems or if already configured
  • Appends :allow-discards to the kernel parameter
  • Applies immediately via cryptsetup --allow-discards --persistent refresh root
  • Regenerates initramfs and boot entry

install/login/limine-snapper.sh — For new installs:

  • Appends :allow-discards to the extracted cryptdevice= cmdline before writing to /etc/default/limine

Test plan

  • Verify on LUKS-encrypted system: lsblk --discard shows non-zero DISC-GRAN for root after migration
  • Verify sudo fstrim -av trims the root partition
  • Verify unencrypted systems are unaffected (migration exits cleanly)
  • Verify fresh install on encrypted disk gets :allow-discards in /etc/default/limine
  • Verify idempotent: running migration twice doesn't double-append

@stephentaylor-com
Enable SSD TRIM for LUKS-encrypted drives
528f1af 
Add :allow-discards to the cryptdevice= kernel parameter so TRIM
commands pass through the dm-crypt layer to the SSD. Without this,
the drive controller treats freed blocks as occupied, increasing
write amplification and reducing drive longevity.

Migration applies the change immediately via cryptsetup --persistent
so no reboot is required. New installs get it automatically during
Limine setup.

Closes basecamp#2229
Copilot AI review requested due to automatic review settings April 17, 2026 03:38
Copilot AI reviewed Apr 17, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR enables SSD TRIM passthrough for LUKS-encrypted root volumes by ensuring :allow-discards is set on the cryptdevice= kernel parameter and by updating existing installations via a migration.

Changes:

  • Add a new migration to update /etc/default/limine to include :allow-discards and regenerate Limine artifacts.
  • Attempt to enable discards immediately on existing installs via cryptsetup --allow-discards --persistent refresh ….
  • Update the Limine setup path for new installs so generated /etc/default/limine includes :allow-discards when cryptdevice= is present.

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 3 comments.

File Description
migrations/1776500000.sh Adds migration to append :allow-discards to cryptdevice= and rebuild Limine initramfs/entries.
install/login/limine-snapper.sh Ensures new installs include :allow-discards in the extracted cryptdevice= cmdline before writing /etc/default/limine.

Tip

If you aren't ready for review, convert to a draft PR.
Click "Convert to draft" or run gh pr ready --undo.
Click "Ready for review" or run gh pr ready to reengage.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread install/login/limine-snapper.sh Outdated
Comment thread migrations/1776500000.sh Outdated
Comment thread migrations/1776500000.sh Outdated
@stephentaylor-com
Address Copilot review feedback
9822347 
- Use printf instead of echo to avoid edge cases with cmdline values
- Extract dmname dynamically instead of hard-coding /dev/mapper/root
- Exclude quotes from sed match to handle KERNEL_CMDLINE[...] format
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Enable SSD TRIM

2 participants

@stephentaylor-com