Trim and Wipe vs plausible deniability

[Leonardo Amaral]

Hello,

As pointed in https://www.veracrypt.fr/en/Trim%20Operation.html, plausible deniability may be compromissed if drive uses TRIM to mark free sectors.

This still applying if I use wipe command (https://linux.die.net/man/1/wipe) to erase files in a trim-enabled filesystem? May removals done by wipe able to keep plausible deniability even with TRIM?

Thanks!

[Mounir IDRASSI]

No, wipe will not against TRIM because it is the file removal that triggers TRIM and wipe command will eventually delete the file.
The only solution is to block TRIM or avoid using SSD drives.
VeraCrypt on Windows blocks TRIM by defaut for non-system volume and it has an option to block TRIM for encrypted system drive.
On Linux, you need to disable Kernel cryptographic services. And on Mac, VeraCrypt doesn't support TRIM so there is no problem there.

[Leonardo Amaral]

Hello Mounir,

Thanks for you answer. My volume is using entire volume (As in the attached Screenshot and [1]), so my VeraCrypt volume does not rely on other unencrypted FS.

In this case and considering my encrypted FS is exFAT, how does TRIM affect operations? TRIM executed on encrypted mounted FS will be erased by VC and relayed to SSD after block proper cleaning? I understand too this may reduce SSD lifecycle (But I dont expect to change too much this FS).

Can you please clarify this question considering full block encryptation?

root@manauara:~# LANG=C veracrypt -t --volume-properties | head -n3
Slot: 1
Volume: /dev/sdc1
Virtual Device: /dev/loop12
root@manauara:~# LANG=C fdisk  -l /dev/sdc
Disk /dev/sdc: 232.91 GiB, 250059350016 bytes, 488397168 sectors
Disk model: 700 250GB       
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 4096 bytes
I/O size (minimum/optimal): 4096 bytes / 4096 bytes
Disklabel type: dos
Disk identifier: 0x62ff6eca

Device     Boot Start       End   Sectors   Size Id Type
/dev/sdc1        2048 488394751 488392704 232.9G  7 HPFS/NTFS/exFAT
root@manauara:~#