http://blog.neutrino.es/2013/howto-p...m-and-dmcrypt/
EDIT: Sorry, guys, forgot to mention. I had to hack init script in /boot/initrd-tree, in order t make it work. Probably it's time to ask Eric to add this option to his great mkinitrd package.
I changed:
Code:
/sbin/cryptsetup ${LUKSKEY} luksOpen ${LUKSDEV} ${CRYPTDEV} </dev/tty0 >/dev/tty0 2>&1
to
Code:
/sbin/cryptsetup ${LUKSKEY} luksOpen --allow-discards ${LUKSDEV} ${CRYPTDEV} </dev/tty0 >/dev/tty0 2>&1
now fstrim -v /
works for me.
EDIT2: it looks like it is better to leave everything as is (without working trim). Then periodically - once a week or monthly to boot from external drive, manually mount encrypted partitions with
--allow-discards and run fstrim manually.