[tjoff]

TRIM and FDE isn't perfect though as it leaks information about what parts have been written etc.

And if you turn off TRIM you get a massive performance decrease.

[vorticalbox]

Why would someone turn off TRIM?

[danuker]

To mask the extent to which a drive has been filled, or to figure out how many blocks have been deleted since the last TRIM. I have yet to discover any use for this minuscule "leak", even when considering nation-state adversaries. It's much easier to find other channels to leak data through.

The disadvantages are massive, such as significant slowdown when the drive gets filled. Yet the creators of dm-crypt are paranoid about enabling it by default:

https://wiki.archlinux.org/title/Dm-crypt/Specialties#Discar...

I couldn't understand ref 3: https://web.archive.org/web/20160709174950/http://www.saout....

Ref 4: "you have an information leak where filesystem-discarded blocks (by TRIM) can be identified by an attacker with low effort"

https://web.archive.org/web/20160709183108/http://www.saout....