From 528f1af68aef73dbb2e9fd4c50fa86e3ffe94f48 Mon Sep 17 00:00:00 2001 From: Stephen Taylor Date: Thu, 16 Apr 2026 23:36:16 -0400 Subject: [PATCH 1/2] Enable SSD TRIM for LUKS-encrypted drives Add :allow-discards to the cryptdevice= kernel parameter so TRIM commands pass through the dm-crypt layer to the SSD. Without this, the drive controller treats freed blocks as occupied, increasing write amplification and reducing drive longevity. Migration applies the change immediately via cryptsetup --persistent so no reboot is required. New installs get it automatically during Limine setup. Closes #2229 --- install/login/limine-snapper.sh | 5 +++++ migrations/1776500000.sh | 26 ++++++++++++++++++++++++++ 2 files changed, 31 insertions(+) create mode 100644 migrations/1776500000.sh diff --git a/install/login/limine-snapper.sh b/install/login/limine-snapper.sh index c91815dca5..1268cbc1bb 100644 --- a/install/login/limine-snapper.sh +++ b/install/login/limine-snapper.sh @@ -29,6 +29,11 @@ EOF CMDLINE=$(grep "^[[:space:]]*cmdline:" "$limine_config" | head -1 | sed 's/^[[:space:]]*cmdline:[[:space:]]*//') + # Enable SSD TRIM passthrough for LUKS-encrypted drives + if [[ $CMDLINE == *"cryptdevice="* ]] && [[ $CMDLINE != *"allow-discards"* ]]; then + CMDLINE=$(echo "$CMDLINE" | sed 's/\(cryptdevice=[^ ]*\)/\1:allow-discards/') + fi + sudo cp $OMARCHY_PATH/default/limine/default.conf /etc/default/limine sudo sed -i "s|@@CMDLINE@@|$CMDLINE|g" /etc/default/limine diff --git a/migrations/1776500000.sh b/migrations/1776500000.sh new file mode 100644 index 0000000000..dd5a677b1e --- /dev/null +++ b/migrations/1776500000.sh @@ -0,0 +1,26 @@ +echo "Enable SSD TRIM for LUKS-encrypted drives" + +# Only apply if the system uses LUKS encryption +if ! grep -q "cryptdevice=" /etc/default/limine 2>/dev/null; then + exit 0 +fi + +# Skip if allow-discards is already configured +if grep -q "allow-discards" /etc/default/limine 2>/dev/null; then + exit 0 +fi + +# Add :allow-discards to the cryptdevice= parameter in the boot config +# Format: cryptdevice=device:dmname -> cryptdevice=device:dmname:allow-discards +sudo sed -i 's/\(cryptdevice=[^ ]*\)/\1:allow-discards/' /etc/default/limine + +# Enable allow-discards on the running LUKS device so TRIM works immediately +if [[ -b /dev/mapper/root ]]; then + sudo cryptsetup --allow-discards --persistent refresh root +fi + +# Regenerate initramfs and boot entry +sudo limine-mkinitcpio +sudo limine-update + +echo "SSD TRIM enabled for LUKS encryption" From 9822347458aa4a6adb06c1f178e7646eaeef8160 Mon Sep 17 00:00:00 2001 From: Stephen Taylor Date: Thu, 16 Apr 2026 23:49:27 -0400 Subject: [PATCH 2/2] Address Copilot review feedback - Use printf instead of echo to avoid edge cases with cmdline values - Extract dmname dynamically instead of hard-coding /dev/mapper/root - Exclude quotes from sed match to handle KERNEL_CMDLINE[...] format --- install/login/limine-snapper.sh | 2 +- migrations/1776500000.sh | 10 ++++++---- 2 files changed, 7 insertions(+), 5 deletions(-) diff --git a/install/login/limine-snapper.sh b/install/login/limine-snapper.sh index 1268cbc1bb..d8de4fa449 100644 --- a/install/login/limine-snapper.sh +++ b/install/login/limine-snapper.sh @@ -31,7 +31,7 @@ EOF # Enable SSD TRIM passthrough for LUKS-encrypted drives if [[ $CMDLINE == *"cryptdevice="* ]] && [[ $CMDLINE != *"allow-discards"* ]]; then - CMDLINE=$(echo "$CMDLINE" | sed 's/\(cryptdevice=[^ ]*\)/\1:allow-discards/') + CMDLINE=$(printf '%s\n' "$CMDLINE" | sed 's/\(cryptdevice=[^ "]*\)/\1:allow-discards/') fi sudo cp $OMARCHY_PATH/default/limine/default.conf /etc/default/limine diff --git a/migrations/1776500000.sh b/migrations/1776500000.sh index dd5a677b1e..df961d560c 100644 --- a/migrations/1776500000.sh +++ b/migrations/1776500000.sh @@ -12,11 +12,13 @@ fi # Add :allow-discards to the cryptdevice= parameter in the boot config # Format: cryptdevice=device:dmname -> cryptdevice=device:dmname:allow-discards -sudo sed -i 's/\(cryptdevice=[^ ]*\)/\1:allow-discards/' /etc/default/limine +sudo sed -i 's/\(cryptdevice=[^ "]*\)/\1:allow-discards/' /etc/default/limine -# Enable allow-discards on the running LUKS device so TRIM works immediately -if [[ -b /dev/mapper/root ]]; then - sudo cryptsetup --allow-discards --persistent refresh root +# Extract the dmname from cryptdevice=device:dmname and enable allow-discards +# on the running LUKS device so TRIM works immediately +DMNAME=$(grep -oP 'cryptdevice=[^: "]+:\K[^: "]+' /etc/default/limine | head -1) +if [[ -n $DMNAME ]] && [[ -b /dev/mapper/$DMNAME ]]; then + sudo cryptsetup --allow-discards --persistent refresh "$DMNAME" fi # Regenerate initramfs and boot entry