Skip to content
GitLab

TRIM not working for BitLocker volumes

Issue description

BitLocker volume is unlocked with --allow-discards option, but fstrim on the mounted partition (/mnt/shared in my case) returns with:

fstrim: /mnt/shared: the discard operation is not supported

I'd expect fstrim to work the same way as with LVM volumes encrypted with LUKS.

Steps for reproducing the issue

  1. Create a BitLocker volume in Windows. It makes no difference whether it's the Windows volume (C:) or a separate volume. The latter is used for this example.
  2. Unlock and mount the volume.
  3. Issue fstrim on the mounted volume.

Additional info

I'm using a dual-boot setup with Windows 11 Pro and Ubuntu 21.10 (kernel 5.13.0-30-generic x86_64). Secure boot is enabled. Both systems have FDE. Windows 11 uses BitLocker, Linux uses LUKS+LVM. There is a shared partition with BTRFS encrypted with BitLocker, readable/writable from both Linux and Windows (using WinBtrfs driver).

dmsetup info /dev/dm-4 output:

Name:              bitlocker-d
State:             ACTIVE
Read Ahead:        256
Tables present:    LIVE
Open count:        0
Event number:      0
Major, minor:      253, 4
Number of targets: 9
UUID: CRYPT-BITLK-bitlocker-d

dmsetup table bitlocker-d output:

0 16 crypt aes-xts-plain64 00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 116864 259:8 116864 1 allow_discards
16 116720 crypt aes-xts-plain64 00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 16 259:8 16 1 allow_discards
116736 128 zero 
116864 16 zero 
116880 2097008 crypt aes-xts-plain64 00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 116880 259:8 116880 1 allow_discards
2213888 128 zero 
2214016 2097024 crypt aes-xts-plain64 00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 2214016 259:8 2214016 1 allow_discards
4311040 128 zero 
4311168 415111040 crypt aes-xts-plain64 00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 4311168 259:8 4311168 1 allow_discards

mount output:

/dev/mapper/bitlocker-d on /mnt/shared type btrfs (rw,relatime,ssd,space_cache,subvolid=5,subvol=/)

cat /sys/block/dm-4/queue/discard_granularity, cat /sys/block/dm-4/queue/discard_max_bytes and cat /sys/block/dm-4/queue/discard_max_hw_bytes all give 0.

Debug log

# cryptsetup 2.3.7 processing "cryptsetup --debug open --type bitlk --allow-discards --key-file /etc/cryptsetup-keys.d/bitlocker-d.key /dev/nvme0n1p8 bitlocker-d"
# Running command open.
# Locking memory.
# Installing SIGINT/SIGTERM handler.
# Unblocking interruption on signal.
# Allocating context for crypt device /dev/nvme0n1p8.
# Trying to open and read device /dev/nvme0n1p8 with direct-io.
# Initialising device-mapper backend library.
# Trying to load BITLK crypt type from device /dev/nvme0n1p8.
# Crypto backend (OpenSSL 1.1.1l  24 Aug 2021) initialized in cryptsetup library version 2.3.7.
# Detected kernel Linux 5.13.0-30-generic x86_64.
# BITLK type from GUID: normal.
# Reading BITLK FVE metadata of size 112 on device /dev/nvme0n1p8, offset 59768832.
# Reading BITLK FVE metadata entries of size 796 on device /dev/nvme0n1p8, offset 59768944.
# File descriptor passphrase entry requested.
# Activating volume bitlocker-d [keyslot -1] using passphrase.
# dm version   [ opencount flush ]   [16384] (*1)
# dm versions   [ opencount flush ]   [16384] (*1)
# Detected dm-ioctl version 4.45.0.
# Detected dm-crypt version 1.23.0.
# Device-mapper backend running with UDEV support enabled.
# dm status bitlocker-d  [ opencount noflush ]   [16384] (*1)
# Possible extra EOL stripped from the recovery key.
# Trying to use given password as a recovery key.
# Trying to decrypt VMK protected with recovery passphrase.
# Calculated device size is 419422208 sectors (RW), offset 0.
# Trying to activate BITLK on device /dev/nvme0n1p8 with name bitlocker-d.
# DM-UUID is CRYPT-BITLK-bitlocker-d
# Udev cookie 0xd4db2df (semid 7) created
# Udev cookie 0xd4db2df (semid 7) incremented to 1
# Udev cookie 0xd4db2df (semid 7) incremented to 2
# Udev cookie 0xd4db2df (semid 7) assigned to CREATE task(0) with flags DISABLE_LIBRARY_FALLBACK         (0x20)
# dm create bitlocker-d CRYPT-BITLK-bitlocker-d [ opencount flush ]   [16384] (*1)
# dm reload   (253:4) [ opencount flush securedata ]   [16384] (*1)
# dm resume bitlocker-d  [ opencount flush securedata ]   [16384] (*1)
# bitlocker-d: Stacking NODE_ADD (253,4) 0:6 0660 [trust_udev]
# bitlocker-d: Stacking NODE_READ_AHEAD 256 (flags=1)
# Udev cookie 0xd4db2df (semid 7) decremented to 1
# Udev cookie 0xd4db2df (semid 7) waiting for zero
# Udev cookie 0xd4db2df (semid 7) destroyed
# bitlocker-d: Skipping NODE_ADD (253,4) 0:6 0660 [trust_udev]
# bitlocker-d: Processing NODE_READ_AHEAD 256 (flags=1)
# bitlocker-d (253:4): read ahead is 256
# bitlocker-d: retaining kernel read ahead of 256 (requested 256)
# Releasing crypt device /dev/nvme0n1p8 context.
# Releasing device-mapper backend.
# Closing read only fd for /dev/nvme0n1p8.
# Unlocking memory.
Command successful.