Hey. Just adding my 2 cents on this.
As cruncher already noted, TRIM/discard may have an influence on the security of encrypted devices. But... per default, dm-crypt (respectively cryptsetup) sets the devices to ignore any trim commands and not pass it down to lower layers ( --allow-discards option). However, even apart from that I think this should never be enabled by default: - If a fs properly supports discard, it will anyway has its own mount options for controlling it an there should be no need to call fstrim - Calling trim typically means the data is gone (or at least not easily accessible anymore)... while this is intended of of course, it may have disadvantages e.g. in case of fs corruption, non-discarded areas could still be recovered (even if it may be some tough work). Also, calling fstrim for *any* filesystem per default is IMO a bad thing. Users may have e.g. external HDDs connected (which shouldn't be trimmed, maybe because they're very large) or filesystems mounted for which recovery or forensic analysis is to be done. Cheers, Chris.
