>All of my NVME SSD's support TRIM until I encrypt them and that's by design
Why is this "by design"? There's no reason why disk encryption can't be compatible with trim. Yes, there's a small metadata leak, but that's fine in the overwhelming majority of cases.
This [1] is the answer and I have no control over it. It works on LUKS2 but not dm-crypt plain which I use for external backups as it is headerless and does not expose cipher and hash or that there is explicitly encrypted data despite the fact one can infer. There was talk of removing the restriction and maybe everything I said is no longer correct by now. I have not tested it in a while. The discussion was around adding the option 'cryptsetup --allow-discards' for dm-crypt plain instead of just LUKS2.
Why is this "by design"? There's no reason why disk encryption can't be compatible with trim. Yes, there's a small metadata leak, but that's fine in the overwhelming majority of cases.