[Cryptography] Security on TRIM for full-disk encrypted SSDs

[Valmiky Arquissandas]

Hello, list!

While this is more of a filesystems question, I believe it is 
appropriate for this topic, which is why I chose to bring it here.

I have heard that TRIMming unused blocks in an SSD is bad from a 
security standpoint, as it reveals information about the underlying 
filesystem - which blocks are available, and potentially what that 
filesystem is.

But in a practical perspective - especially since SSDs have a limited 
write lifetime and TRIM gives them a better judgement about which blocks 
to reuse - is that really important?

I understand at least some of the theory - encrypted information is 
supposed to be indistinguishable from random noise, and TRIM reveals 
patterns; and a plausible deniability scenario would probably be 
unacceptable.

My use case is the "stolen laptop" scenario. While it contains sensitive 
information that neither I nor my employer would be exactly happy about 
losing, I don't see any actor - either criminal or from law enforcement 
- being interested enough in devoting resources to it, so in practice I 
am trying to avoid revealing information from a random thief, in which 
case I believe that full-disk encryption, even with TRIM, more than 
suffices.

If we consider that this random thief happens to be a 
cryptography/infosec/dfir expert, what's the worse they would be able to 
find out? That I (hypothetically) would be using ext4 and 70% of the 
drive? Or what the partition scheme is? Or the sizes of each file?
I would find it unlikely that they would be able to recover actual 
mission-critical contents that could jeopardize me, my employer or our 
clients.

(This is somewhat academic - I believe that for about 90% of the cases, 
simply using Linux is already enough obfuscation for the random thief 
:-) )

Thanks,
Valmiky Arquissandas