Trim Operation
Some storage devices (e.g., some solid-state drives, including USB flash drives) use so-called 'trim' operation to mark drive sectors as free e.g. when a file is deleted. Consequently, such sectors may contain unencrypted zeroes or other undefined data (unencrypted) even if they are located within a part of the drive that is encrypted by TrueCrypt. TrueCrypt does not block the trim operation on partitions that are within the key scope of
system encryption
(unless a
hidden operating system
is running) and under Linux on all volumes that use the Linux native kernel cryptographic services. In those cases, the adversary will be able to tell which sectors contain free space (and may be able to use this information for further analysis and attacks) and
plausible deniability
may be negatively affected. If you want to avoid those issues, do not use
system encryption
on drives that use the trim operation and, under Linux, either configure TrueCrypt not to use the Linux native kernel cryptographic services or make sure TrueCrypt volumes are not located on drives that use the trim operation.
To find out whether a device uses the trim operation, please refer to documentation supplied with the device or contact the vendor/manufacturer.
Next Section >>