Managing the size of a FDE VM

TheFuzzyFish

Member
Feb 20, 2018
17
0
6
25
So I made a full VM and installed Debian 9.3 using full-disk encryption. Now, Proxmox uses LVM-Thin to store VM drives, which is smart, because LVM-Thin only allocates data when it is actually written. However, when using FDE, Proxmox can't tell what is written and what is not (at installation, Debian automatically overwrote the whole drive with random data during the implementation of FDE). Therefor, according to Proxmox, the VM has used its entire drive. This is obviously problematic. Not only is it using a lot of my local-lvm storage, but backing it also takes forever and results in an uncompressable, huge archive.

Given the nature of this problem, a simple "fstrim /" throws the "the discard operation is not supported" error, even with the Discard option enabled on the VM's SCSI drive (since we're dealing with a LUKS mapping on top of nested LVM). Using DD to overwrite all unallocated space with zeros also won't work because again, according to Proxmox, they won't be zeros, it'll just be random data (encrypted by the OS).

This is an issue, and I can't think of a solution for it. I personally don't believe there is a solution, but it's worth asking the community. Is there some way to better lessen the size of this VM with or without compromising its security?
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!