TRIM support

[jpds]

clevis doesn't unlock LUKS volumes with the discard option and as such, no volumes underneath it can support TRIM:

$ sudo fstrim -v /
Password: 
fstrim: /: the discard operation is not supported

[marc-invalid]

Possible workaround:

• make sure you use LUKS2
• open the device once with cryptsetup luksOpen --allow-discards --persistent

(I haven't tested this, so please confirm here if it works)

[spamik]

Opening with --persistent works (on running system also works cryptsetup --allow-discards --persistent refresh /dev/xxx)

[ElectricFighter]

Pull #317 added support for optional arguments to be passed to cryptsetup but for some reason, even if added to master since February 6th 2023, it has not been added to Clevis releases.

This enables LUKS1 encrypted disks to use trim since --allow-discards can be passed through Clevis as follows (instead of using persistent flags)

clevis luks unlock -d $DEV -n $NAME -o "--allow-discards"

You can either overwrite the clevis-lusk-unlock script packaged in your install (usually at /usr/bin) with what's found in src/luks/clevis-luks-unlock on the master branch (this is just a bash script executed by clevis) or, if you wanna do things right, repackage clevis-luks, replacing the unlock script and adding a meta section to the version so that you can still have proper versioning through package managers (and pin your version if needed).

Optionally also update what's found in /usr/share/man/man1/clevis-luks-unlock.1.gz to have the updated documentation for the command.

To repackage for Debian/Ubuntu just use dpkg-deb, a nifty little guide to repack with this method can be found here.

I tested this on Ubuntu 22 with Clevis 18 and Ubuntu 23 with Clevis 19 and it works flawlessly.