So I made a full VM and installed Debian 9.3 using full-disk encryption. Now, Proxmox uses LVM-Thin to store VM drives, which is smart, because LVM-Thin only allocates data when it is actually written. However, when using FDE, Proxmox can't tell what is written and what is not (at installation, Debian automatically overwrote the whole drive with random data during the implementation of FDE). Therefor, according to Proxmox, the VM has used its entire drive. This is obviously problematic. Not only is it using a lot of my local-lvm storage, but backing it also takes forever and results in an uncompressable, huge archive.
Given the nature of this problem, a simple "fstrim /" throws the "the discard operation is not supported" error, even with the Discard option enabled on the VM's SCSI drive (since we're dealing with a LUKS mapping on top of nested LVM). Using DD to overwrite all unallocated space with zeros also won't work because again, according to Proxmox, they won't be zeros, it'll just be random data (encrypted by the OS).
This is an issue, and I can't think of a solution for it. I personally don't believe there is a solution, but it's worth asking the community. Is there some way to better lessen the size of this VM with or without compromising its security?
Given the nature of this problem, a simple "fstrim /" throws the "the discard operation is not supported" error, even with the Discard option enabled on the VM's SCSI drive (since we're dealing with a LUKS mapping on top of nested LVM). Using DD to overwrite all unallocated space with zeros also won't work because again, according to Proxmox, they won't be zeros, it'll just be random data (encrypted by the OS).
This is an issue, and I can't think of a solution for it. I personally don't believe there is a solution, but it's worth asking the community. Is there some way to better lessen the size of this VM with or without compromising its security?