1 files changed, 19 insertions, 3 deletions

diff --git a/core/cryptsetup/encrypt_hook b/core/cryptsetup/encrypt_hook
index 54aaa2236..956b18023 100644
--- a/core/cryptsetup/encrypt_hook
+++ b/core/cryptsetup/encrypt_hook
@@ -41,6 +41,7 @@ run_hook ()
             DEPRECATED_CRYPT=0
             cryptdev="$(echo "${cryptdevice}" | cut -d: -f1)"
             cryptname="$(echo "${cryptdevice}" | cut -d: -f2)"
+            cryptoptions="$(echo "${cryptdevice}" | cut -d: -f3)"
         else
             DEPRECATED_CRYPT=1
             cryptdev="${root}"
@@ -52,13 +53,28 @@ run_hook ()
             echo "Use 'cryptdevice=${root}:root root=/dev/mapper/root' instead."
         }
 
+        OLDIFS="${IFS}"
+        IFS=","
+        for cryptopt in ${cryptoptions}; do
+            case ${cryptopt} in
+                allow-discards)
+                    echo "Enabling TRIM/discard support."
+                    cryptargs="${cryptargs} --allow-discards"
+                    ;;
+                *)
+                    echo "Encryption option '${cryptopt}' not known, ignoring." >&2
+                    ;;
+            esac
+        done
+        IFS="${OLDIFS}"
+
         if  poll_device "${cryptdev}" ${rootdelay}; then
             if /sbin/cryptsetup isLuks ${cryptdev} >/dev/null 2>&1; then
                 [ ${DEPRECATED_CRYPT} -eq 1 ] && warn_deprecated
                 dopassphrase=1
                 # If keyfile exists, try to use that
                 if [ -f ${ckeyfile} ]; then
-                    if eval /sbin/cryptsetup --key-file ${ckeyfile} luksOpen ${cryptdev} ${cryptname} ${CSQUIET}; then
+                    if eval /sbin/cryptsetup --key-file ${ckeyfile} luksOpen ${cryptdev} ${cryptname} ${cryptargs} ${CSQUIET}; then
                         dopassphrase=0
                     else
                         echo "Invalid keyfile. Reverting to passphrase."
@@ -70,7 +86,7 @@ run_hook ()
                     echo "A password is required to access the ${cryptname} volume:"
 
                     #loop until we get a real password
-                    while ! eval /sbin/cryptsetup luksOpen ${cryptdev} ${cryptname} ${CSQUIET}; do
+                    while ! eval /sbin/cryptsetup luksOpen ${cryptdev} ${cryptname} ${cryptargs} ${CSQUIET}; do
                         sleep 2;
                     done
                 fi
@@ -90,7 +106,7 @@ run_hook ()
                     err "Non-LUKS decryption not attempted..."
                     return 1
                 fi
-                exe="/sbin/cryptsetup create ${cryptname} ${cryptdev}"
+                exe="/sbin/cryptsetup create ${cryptname} ${cryptdev} ${cryptargs}"
                 tmp=$(echo "${crypto}" | cut -d: -f1)
                 [ -n "${tmp}" ] && exe="${exe} --hash \"${tmp}\""
                 tmp=$(echo "${crypto}" | cut -d: -f2)