Date: Mon, 21 Mar 2022 08:05:35 -0500 From: "J. Hellenthal" <jhellenthal@dataix.net> To: Damian Weber <dweber@htwsaar.de> Cc: freebsd-security@freebsd.org Subject: Re: SSD erase question Message-ID: <ACCA8787-EC3E-425B-86F5-B6AE9CA58A69@dataix.net> In-Reply-To: <BFCF6DBB-091E-4AEF-AF39-A6C4955CB4E4@dataix.net> References: <274c8cca-80b0-9460-6754-6bb77efbb4dd@htwsaar.de> <BFCF6DBB-091E-4AEF-AF39-A6C4955CB4E4@dataix.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Think I've mistaken dc3dd for bcwipe from ports. See bcwipe instead... = https://www.jetico.com/news/jetico-delivers-new-bcwipe-solution-wipe-drive= s-supporting-mac-nvme-secure-boot --=20 J. Hellenthal The fact that there's a highway to Hell but only a stairway to Heaven = says a lot about anticipated traffic volume. > On Mar 21, 2022, at 07:52, J. Hellenthal <jhellenthal@dataix.net> = wrote: >=20 > Personally I would use dc3dd from ports and you'll be plenty alright. >=20 > While dd would be enough in most occasions I won't assume your data is = of a typical user. It only writes the random bits to the disk once. In = some scenarios it's possible to reverse that. dc3dd takes care of that = by writing multiple times. >=20 > There is also dcfldd which was superseded by dc3dd. >=20 > --=20 > J. Hellenthal >=20 > The fact that there's a highway to Hell but only a stairway to Heaven = says a lot about anticipated traffic volume. >=20 >> On Mar 21, 2022, at 07:15, Damian Weber <dweber@htwsaar.de> wrote: >>=20 >> =EF=BB=BF >> Hi all, >>=20 >> I'd like to have an answer on a secure FreeBSD way to erase=20 >> SSDs before giving these away to someone for reusing it.=20 >>=20 >> Is the following enough to protect confidential data=20 >> previously stored there? >>=20 >> 1) dd : overwriting with random bits (complete capacity) >> 2) gpart create >> 3) gpart add >> 4) newfs >>=20 >> Details for an example with /dev/ada1 see below. >>=20 >> Thanks a lot, >>=20 >> Damian >>=20 >>=20 >> # fdisk ada1 >> ******* Working on device /dev/ada1 ******* >> parameters extracted from in-core disklabel are: >> cylinders=3D484521 heads=3D16 sectors/track=3D63 (1008 blks/cyl) >>=20 >> Figures below won't work with BIOS for partitions not in cyl 1 >> parameters to be used for BIOS calculations are: >> cylinders=3D484521 heads=3D16 sectors/track=3D63 (1008 blks/cyl) >>=20 >> Media sector size is 512 >> Warning: BIOS sector numbering starts with sector 1 >> Information from DOS bootblock is: >> The data for partition 1 is: >> sysid 238 (0xee),(EFI GPT) >> start 1, size 488397167 (238475 Meg), flag 0 >> beg: cyl 0/ head 0/ sector 2; >> end: cyl 1023/ head 255/ sector 63 >> The data for partition 2 is: >> <UNUSED> >> The data for partition 3 is: >> <UNUSED> >> The data for partition 4 is: >> <UNUSED> >>=20 >> # gpart show ada1 >> =3D> 40 488397088 ada1 GPT (233G) >> 40 1024 1 freebsd-boot (512K) >> 1064 480246784 2 freebsd-ufs [bootme] (229G) >> 480247848 8149280 3 freebsd-swap (3.9G) >>=20 >> # dd if=3D/dev/random of=3D/dev/ada1 bs=3D512 count=3D488397088 >>=20 >> # gpart create -s gpt ada1 >>=20 >> # gpart add -t freebsd-ufs ada1 >>=20 >> # newfs -U /dev/ada1p1 >>=20 >>=20
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?ACCA8787-EC3E-425B-86F5-B6AE9CA58A69>