You can make a difference in the Apple Support Community!

When you sign up with your Apple Account, you can provide valuable feedback to other community members by upvoting helpful replies and User Tips.

Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

Lion's FileVault vs. TRIM on SSDs?

Hi, can anyone confirm that whole-disk-encryption makes TRIM worthless because with encryption enabled the whole drive is always "in use" and therefore nothing can ever be TRIMmed?

And if yes, is there anything one can do about it, other than choose between encryption (without TRIM) or better drive performance and lifetime (with TRIM and without encryption)?

Thanks.

MacBook Pro, Mac OS X (10.7)

Posted on Jul 23, 2011 2:53 AM

Reply
11 replies

Jul 23, 2011 5:53 AM in response to macfriedchikkin

macfriedchikkin wrote:


Apple doesn't enable TRIM by default because it can cause serious errors with newer SSDs that handle garbage collection better, as per xlr8yourmac articles. I'd suggest checking with the SSD's manufacterer website.

Yes, that's partly correct, but doesn't have anything to do with my question...

Jul 23, 2011 7:07 AM in response to macfriedchikkin

macfriedchikkin wrote:


Perhaps a little more detail...

Ok, I'll try to be complete but brief: A filesystem (FS) is organised in sectors; the SSD is internally organised in blocks which are much larger than a sector. From the point of view of the FS, any storage device is a linearly numbered set of sectors, each of which can be either in use (contain some data or FS meta-data), or not.


Normally, TRIM is used by the FS to inform the SSD of sectors that aren't needed anymore, so that the SSDs GC knows that it doesn't need to save the contents of these sectors when it's doing its job, namely moving around data: copying sectors that are still needed but scattered across several blocks and/or being overwritten with new data into blocks such that the newly used blocks are full (with in-use sectors), and the old blocks are empty.


My question is: Does the whole-disk-encryption in Lion, because it encrypts every sector, regardless of whether it's in use or not, effectively "disable" TRIM (this might be a security thing, don't even let the outside world know which sectors contain valuable data)?


Is it clearer now?

Dec 13, 2011 11:07 PM in response to Cohi

From the painfully slow speeds I am now getting, I am guessing this to be true. I am going to turn off FileVault for a few days and see if things speed up, and then turn back on. I just ordered a OWC upgrade though, same capacity but twice the speed. And that will be here in the morning. So maybe I won't bother actually?

Dec 14, 2011 2:08 AM in response to nooma

Hi Mooma!

I activated FileVault 2 yesterday and I cannot witness any noticable speed loss.

(I have a non-Apple SSD: "Crucial m4 with 512 GB (M4-CT512M4SSD2)") and I enabled TRIM Support but I don't really know if this is necessary or not.

There is another thread about this: https://discussions.apple.com/thread/3194668?start=0&tstart=0


The bottom line is: My system is absolutely stable and superfast with the SSD (for more than three months now) and enabling FileVault 2 does not seem to hurt the performance. But I have not benchmarked this.

Apr 25, 2012 4:16 AM in response to Cohi

Filevault2 is a logical volume solution ie. making a new drive from one (the encrypted) partition of the physical drive mapping sector by sector (partition 2 of disk0 becomes disk1, see below) Beside this, disk0 contains some unencrypted partition that contains some basic system and (hopefully, only) wrapped versions of the disk key for each user that allowed to boot the system. The basic system asks for the password to unwrap the encryption key and mount disk1 to continue booting from it.


I think, the key point is whether the TRIM commands do propagate properly from disk1 to disk0 by mapping the sector numbers accordingly? If yes, then everything is OK with the security remark that sector reading disk0 will reveal some filesystem structure information about free/non-free spaces as trimmed sectors/blocks will be read as 0. (http://apple.stackexchange.com/a/30495 ). I think this is OK; for SSD sectors it is a physical state to be erased/empty.


If not, for disk0 the whole partition is always 100% full, and in this case write amplification should occur.


$ diskutil list disk0

/dev/disk0

#: TYPE NAME SIZE IDENTIFIER

0: GUID_partition_scheme *121.3 GB disk0

1: EFI 209.7 MB disk0s1

2: Apple_CoreStorage 120.5 GB disk0s2

3: Apple_Boot Recovery HD 650.0 MB disk0s3


$ diskutil list disk1

/dev/disk1

#: TYPE NAME SIZE IDENTIFIER

0: Apple_HFS Macintosh HD *120.2 GB disk1

Apr 25, 2012 3:42 PM in response to ovga

I did some test whether TRIM is enabled on my FileVault2 encrypted drive. To check this:


$ diskutil info disk0s2 -> tells you how many 512 byte sectors you have on your physical SSD partition


$ sudo dd bs=512 skip=<random int between 0 and number of sectors> if=/dev/disk0s2 of=sampleN.dat count=1


for a 35% full SSD drive, I got 2 all zero 512 byte samples out of 6. On a regular magnetic HDD you wouldn't get all zero sectors because of the encryption on all sectors. I did the test for an encrypted magnetic USB drive and got 0 all zero samples out of 6 as expected.


This means that unused sectors of disk1 in the underlying SSD partition are erased/empty. So the answer is yes; TRIM works with Filevault2 on SSD but free sectors/blocks are revealed as expected. (Mac OS X 10.7.3)

Jul 26, 2012 12:07 AM in response to Cohi

The thing about TRIM has been answered. Thanks @ovga.


The performance is not always bad with FV2, AlienCamel.


An SSD which uses the SandForce controllers is bad for FileVault because that controller gains it speed by compressing the data on-the-fly. And you can't compress encrypted data.


Other SSDs (like mine) don't show a performance hit.


A good technical read and benchmarks is included in this article (a bit further down):

http://www.anandtech.com/show/6063/macbook-air-13inch-mid-2012-review/4


So turn on that **** cool feature unless you have a SandForce controller. Especially if you have a sandybridge or newer chipset, the crypto is done in hardware.

Lion's FileVault vs. TRIM on SSDs?

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.