Enabling TRIM/DISCARD on Debian, ext4, luks, and lvm

This is how I got support for TRIM to work on a Debian GNU/Linux system with ext4 filesystems on LUKS encrypted LVM volumes

1. Append ,discard to the fourth column on relevant lines in /etc/crypttab For me, this meant the fourth column should be luks,discard but you may have other options in there.
2. Edit /etc/lvm/lvm.conf and change issue_discards = 0 to issue_discards = 1
3. Edit /etc/default/grub and append rd.luks.options=discard to the GRUB_CMDLINE_LINUX_DEFAULT value.
4. Run sudo update-grub
5. Run sudo update-initramfs -u
6. Reboot

Test it

To test it, run:

sudo fstrim -av

Schedule it

When it works you can use systemd to have fstrim run on a regular schedule.

1. Copy /usr/share/doc/util-linux/examples/fstrim.* to /etc/systemd/system
2. Run sudo systemctl enable fstrim.timer. systemd will now run fstrim weekly.

A word of caution

Please note that using TRIM on an encrypted volume is discouraged. This is due to the fact that TRIM may leak information about what goes on inside the encrypted volume. For example stuff like how much free space vs. used space there is. Which areas of the volume data is changing frequently, etc. This is all knowledge that an attacker may use to attack the encryption.

From man 5 crypttab:

WARNING: Assess the specific security risks carefully before enabling this option. For example, allowing discards on encrypted devices may lead to the leak of information about the ciphertext device (filesystem type, used space etc.) if the discarded blocks can be located easily on the device later.