Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 21 Mar 2022 10:17:33 -0500
From:      Sam Ricchio <sam.ricchio@gmail.com>
To:        Damian Weber <dweber@htwsaar.de>, freebsd-security@freebsd.org
Subject:   Re: SSD erase question
Message-ID:  <1ACC7A67-BDBA-4CD3-87EC-822C38CD7CE7@gmail.com>
In-Reply-To: <274c8cca-80b0-9460-6754-6bb77efbb4dd@htwsaar.de>
index | next in thread | previous in thread | raw e-mail 

[-- Attachment #1 --]
On and SSD if you have erased everything ssd “garbage collection” should help you if the drive it powered on.
But if you want to overwrite the drive
A simple overwrite with a text pattern with dc3dd.
dc3dd wipe=/dev/sdb tpat=nothingtoseehere
However if you are still worried that some controller optimization is interfering
with and actual memory location overwrite.  Go old school with dd and write
a file of random to the existing file system until it runs out of space.
dd if=/dev/urandon of=garbagetxtfile.txt




On Mar 21, 2022, at 7:14 AM, Damian Weber <dweber@htwsaar.de> wrote:


Hi all,

I'd like to have an answer on a secure FreeBSD way to erase 
SSDs before giving these away to someone for reusing it. 

Is the following enough to protect confidential data 
previously stored there?

1)  dd : overwriting with random bits (complete capacity)
2)  gpart create
3)  gpart add
4)  newfs

Details for an example with /dev/ada1 see below.

Thanks a lot,

  Damian


# fdisk ada1
******* Working on device /dev/ada1 *******
parameters extracted from in-core disklabel are:
cylinders=484521 heads=16 sectors/track=63 (1008 blks/cyl)

Figures below won't work with BIOS for partitions not in cyl 1
parameters to be used for BIOS calculations are:
cylinders=484521 heads=16 sectors/track=63 (1008 blks/cyl)

Media sector size is 512
Warning: BIOS sector numbering starts with sector 1
Information from DOS bootblock is:
The data for partition 1 is:
sysid 238 (0xee),(EFI GPT)
   start 1, size 488397167 (238475 Meg), flag 0
       beg: cyl 0/ head 0/ sector 2;
       end: cyl 1023/ head 255/ sector 63
The data for partition 2 is:
<UNUSED>
The data for partition 3 is:
<UNUSED>
The data for partition 4 is:
<UNUSED>

# gpart show ada1
=>       40  488397088  ada1  GPT  (233G)
        40       1024     1  freebsd-boot  (512K)
      1064  480246784     2  freebsd-ufs  [bootme]  (229G)
 480247848    8149280     3  freebsd-swap  (3.9G)

# dd if=/dev/random of=/dev/ada1 bs=512 count=488397088

# gpart create -s gpt ada1

# gpart add -t freebsd-ufs ada1

# newfs -U /dev/ada1p1




[-- Attachment #2 --]
<html><head><meta http-equiv="Content-Type" content="text/html; charset=utf-8"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;" class=""><div class="">On and SSD if you have erased everything ssd “garbage collection” should help you if the drive it powered on.</div><div class="">But if you want to overwrite the drive</div><div class="">A simple overwrite with a text pattern with dc3dd.</div><div class=""><div style="margin: 0px 0px 0px 36px; text-indent: -36px; font-stretch: normal; font-size: 16px; line-height: normal;" class=""><span style="font-kerning: none" class="">dc3dd wipe=/dev/sdb tpat=nothingtoseehere</span></div><div style="margin: 0px 0px 0px 36px; text-indent: -36px; font-stretch: normal; font-size: 16px; line-height: normal;" class=""><span style="font-kerning: none" class="">However if you are still worried that some controller optimization is interfering</span></div><div style="margin: 0px 0px 0px 36px; text-indent: -36px; font-stretch: normal; font-size: 16px; line-height: normal;" class=""><span style="font-kerning: none" class="">with and actual memory location overwrite. &nbsp;Go old school with dd and write</span></div><div style="margin: 0px 0px 0px 36px; text-indent: -36px; font-stretch: normal; font-size: 16px; line-height: normal;" class=""><span style="font-kerning: none" class="">a file of random to the existing file system until it runs out of space.</span></div><div style="margin: 0px 0px 0px 36px; text-indent: -36px; font-stretch: normal; font-size: 16px; line-height: normal;" class=""><span style="font-kerning: none" class="">dd if=/dev/urandon of=garbagetxtfile.txt</span></div><div style="margin: 0px 0px 0px 36px; text-indent: -36px; font-stretch: normal; font-size: 16px; line-height: normal;" class=""><span style="font-kerning: none" class=""><br class=""></span></div><div style="margin: 0px 0px 0px 36px; text-indent: -36px; font-stretch: normal; font-size: 16px; line-height: normal;" class=""><span style="font-kerning: none" class=""><br class=""></span></div><div style="margin: 0px 0px 0px 36px; text-indent: -36px; font-stretch: normal; font-size: 16px; line-height: normal;" class=""><span style="font-kerning: none" class=""><br class=""></span></div><div style="margin: 0px 0px 0px 36px; text-indent: -36px; font-stretch: normal; font-size: 16px; line-height: normal;" class=""><br class=""></div><div class=""><div><div class="">On Mar 21, 2022, at 7:14 AM, Damian Weber &lt;<a href="mailto:dweber@htwsaar.de" class="">dweber@htwsaar.de</a>&gt; wrote:</div><br class="Apple-interchange-newline"><div class=""><div class=""><br class="">Hi all,<br class=""><br class="">I'd like to have an answer on a secure FreeBSD way to erase <br class="">SSDs before giving these away to someone for reusing it. <br class=""><br class="">Is the following enough to protect confidential data <br class="">previously stored there?<br class=""><br class="">1) &nbsp;dd : overwriting with random bits (complete capacity)<br class="">2) &nbsp;gpart create<br class="">3) &nbsp;gpart add<br class="">4) &nbsp;newfs<br class=""><br class="">Details for an example with /dev/ada1 see below.<br class=""><br class="">Thanks a lot,<br class=""><br class=""> &nbsp;&nbsp;Damian<br class=""><br class=""><br class=""># fdisk ada1<br class="">******* Working on device /dev/ada1 *******<br class="">parameters extracted from in-core disklabel are:<br class="">cylinders=484521 heads=16 sectors/track=63 (1008 blks/cyl)<br class=""><br class="">Figures below won't work with BIOS for partitions not in cyl 1<br class="">parameters to be used for BIOS calculations are:<br class="">cylinders=484521 heads=16 sectors/track=63 (1008 blks/cyl)<br class=""><br class="">Media sector size is 512<br class="">Warning: BIOS sector numbering starts with sector 1<br class="">Information from DOS bootblock is:<br class="">The data for partition 1 is:<br class="">sysid 238 (0xee),(EFI GPT)<br class=""> &nbsp;&nbsp;&nbsp;start 1, size 488397167 (238475 Meg), flag 0<br class=""> &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;beg: cyl 0/ head 0/ sector 2;<br class=""> &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;end: cyl 1023/ head 255/ sector 63<br class="">The data for partition 2 is:<br class="">&lt;UNUSED&gt;<br class="">The data for partition 3 is:<br class="">&lt;UNUSED&gt;<br class="">The data for partition 4 is:<br class="">&lt;UNUSED&gt;<br class=""><br class=""># gpart show ada1<br class="">=&gt; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;40 &nbsp;488397088 &nbsp;ada1 &nbsp;GPT &nbsp;(233G)<br class=""> &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;40 &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;1024 &nbsp;&nbsp;&nbsp;&nbsp;1 &nbsp;freebsd-boot &nbsp;(512K)<br class=""> &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;1064 &nbsp;480246784 &nbsp;&nbsp;&nbsp;&nbsp;2 &nbsp;freebsd-ufs &nbsp;[bootme] &nbsp;(229G)<br class=""> &nbsp;480247848 &nbsp;&nbsp;&nbsp;8149280 &nbsp;&nbsp;&nbsp;&nbsp;3 &nbsp;freebsd-swap &nbsp;(3.9G)<br class=""><br class=""># dd if=/dev/random of=/dev/ada1 bs=512 count=488397088<br class=""><br class=""># gpart create -s gpt ada1<br class=""><br class=""># gpart add -t freebsd-ufs ada1<br class=""><br class=""># newfs -U /dev/ada1p1<br class=""><br class=""><br class=""></div></div></div><br class=""></div></div></body></html>
help

Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1ACC7A67-BDBA-4CD3-87EC-822C38CD7CE7>