From 09833e094273380ec06d22d50434ddf70b8801e1 Mon Sep 17 00:00:00 2001
From: Mounir IDRASSI <mounir.idrassi@idrix.fr>
Date: Sun, 5 Nov 2023 18:06:20 +0100
Subject: Documentation: Add more information about TRIM behavior in VeraCrypt

---
 doc/html/Trim Operation.html | 20 +++++++++++++-------
 1 file changed, 13 insertions(+), 7 deletions(-)

(limited to 'doc/html/Trim Operation.html')

diff --git a/doc/html/Trim Operation.html b/doc/html/Trim Operation.html
index be4cec73..0b8182ad 100644
--- a/doc/html/Trim Operation.html	
+++ b/doc/html/Trim Operation.html	
@@ -38,13 +38,19 @@
 <h1>Trim Operation</h1>
 <div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
 Some storage devices (e.g., some solid-state drives, including USB flash drives) use so-called 'trim' operation to mark drive sectors as free e.g. when a file is deleted. Consequently, such sectors may contain unencrypted zeroes or other undefined data (unencrypted)
- even if they are located within a part of the drive that is encrypted by VeraCrypt. VeraCrypt does not block the trim operation on partitions that are within the key scope of
-<a href="System%20Encryption.html" style="text-align:left; color:#0080c0; text-decoration:none.html">
-system encryption</a> (unless a <a href="Hidden%20Operating%20System.html" style="text-align:left; color:#0080c0; text-decoration:none.html">
-hidden operating system</a> is running) and under Linux on all volumes that use the Linux native kernel cryptographic services. In those cases, the adversary will be able to tell which sectors contain free space (and may be able to use this information for
+ even if they are located within a part of the drive that is encrypted by VeraCrypt.<br>
+<br>
+On Windows, VeraCrypt allows users to control the trim operation for both non-system and system volumes:
+<ul>
+<li>For non-system volumes, trim is blocked by default. Users can enable trim through VeraCrypt's interface by navigating to "Settings -> Performance/Driver Configuration" and checking the option "Allow TRIM command for non-system SSD partition/drive."</li>
+<li>For <a href="System%20Encryption.html">system encryption</a>, trim is enabled by default (unless a <a href="Hidden%20Operating%20System.html">hidden operating system</a> is running). Users can disable trim by navigating to "System -> Settings" and checking the option "Block TRIM command on system partition/drive."</li>
+</ul>
+
+Under Linux, VeraCrypt does not block the trim operation on volumes using the native Linux kernel cryptographic services, which is the default setting. To block TRIM on Linux, users should either enable the "do not use kernel cryptographic services" option in VeraCrypt's Preferences (applicable only to volumes mounted afterward) or use the <code>--mount-options=nokernelcrypto</code> switch in the command line when mounting.
+<br>
+<br>
+In cases where trim operations occur, the adversary will be able to tell which sectors contain free space (and may be able to use this information for
  further analysis and attacks) and <a href="Plausible%20Deniability.html" style="text-align:left; color:#0080c0; text-decoration:none.html">
-plausible deniability</a> may be negatively affected. If you want to avoid those issues, do not use
-<a href="System%20Encryption.html" style="text-align:left; color:#0080c0; text-decoration:none.html">
-system encryption</a> on drives that use the trim operation and, under Linux, either configure VeraCrypt not to use the Linux native kernel cryptographic services or make sure VeraCrypt volumes are not located on drives that use the trim operation.</div>
+plausible deniability</a> may be negatively affected. In order to avoid these issues, users should either disable trim in VeraCrypt settings as previously described or make sure VeraCrypt volumes are not located on drives that use the trim operation.</div>
 <p>To find out whether a device uses the trim operation, please refer to documentation supplied with the device or contact the vendor/manufacturer.</p>
 </div><div class="ClearBoth"></div></body></html>
-- 
cgit v1.2.3