Site Navigation

Date:      Mon, 21 Mar 2022 09:26:25 -0800
From:      Royce Williams <royce@techsolvency.com>
To:        freebsd-security@freebsd.org
Subject:   Re: SSD erase question
Message-ID:  <CA%2BE3k92viWQTgkS9zyXwCdBC5rgjyOmSvLFgGo%2BOF8WxkDuVWA@mail.gmail.com>
In-Reply-To: <1ACC7A67-BDBA-4CD3-87EC-822C38CD7CE7@gmail.com>
References:  <274c8cca-80b0-9460-6754-6bb77efbb4dd@htwsaar.de> <1ACC7A67-BDBA-4CD3-87EC-822C38CD7CE7@gmail.com>

---

next in thread | previous in thread | raw e-mail | index | archive | help

---

--000000000000f06fb505dabdcdb7
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

Even multi-pass overwrite of SSDs is not a sufficient purge, due to how
writing is distributed / optimized on SSDs. So  dd / dc3dd is insufficient.

Only invoking the on-controller ATA Secure Erase / sanitize command (using
'camcontrol security -e' as Eugene said elsewhere in the thread) is the
validated[1] method:

    camcontrol security -s anypass -e anypass -y ada[X]

This also happens to be much faster than an overwrite, because it's
implemented as "encrypt the entire medium with a random key, then discard
the key".

1.
https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-88r1.pdf,
p. 36, Table A-8

--=20
Royce


On Mon, Mar 21, 2022 at 7:19 AM Sam Ricchio <sam.ricchio@gmail.com> wrote:

> On and SSD if you have erased everything ssd =E2=80=9Cgarbage collection=
=E2=80=9D should
> help you if the drive it powered on.
> But if you want to overwrite the drive
> A simple overwrite with a text pattern with dc3dd.
> dc3dd wipe=3D/dev/sdb tpat=3Dnothingtoseehere
> However if you are still worried that some controller optimization is
> interfering
> with and actual memory location overwrite.  Go old school with dd and wri=
te
> a file of random to the existing file system until it runs out of space.
> dd if=3D/dev/urandon of=3Dgarbagetxtfile.txt
>
>
>
>
> On Mar 21, 2022, at 7:14 AM, Damian Weber <dweber@htwsaar.de> wrote:
>
>
> Hi all,
>
> I'd like to have an answer on a secure FreeBSD way to erase
> SSDs before giving these away to someone for reusing it.
>
> Is the following enough to protect confidential data
> previously stored there?
>
> 1)  dd : overwriting with random bits (complete capacity)
> 2)  gpart create
> 3)  gpart add
> 4)  newfs
>
> Details for an example with /dev/ada1 see below.
>
> Thanks a lot,
>
>   Damian
>
>
> # fdisk ada1
> ******* Working on device /dev/ada1 *******
> parameters extracted from in-core disklabel are:
> cylinders=3D484521 heads=3D16 sectors/track=3D63 (1008 blks/cyl)
>
> Figures below won't work with BIOS for partitions not in cyl 1
> parameters to be used for BIOS calculations are:
> cylinders=3D484521 heads=3D16 sectors/track=3D63 (1008 blks/cyl)
>
> Media sector size is 512
> Warning: BIOS sector numbering starts with sector 1
> Information from DOS bootblock is:
> The data for partition 1 is:
> sysid 238 (0xee),(EFI GPT)
>    start 1, size 488397167 (238475 Meg), flag 0
>        beg: cyl 0/ head 0/ sector 2;
>        end: cyl 1023/ head 255/ sector 63
> The data for partition 2 is:
> <UNUSED>
> The data for partition 3 is:
> <UNUSED>
> The data for partition 4 is:
> <UNUSED>
>
> # gpart show ada1
> =3D>       40  488397088  ada1  GPT  (233G)
>         40       1024     1  freebsd-boot  (512K)
>       1064  480246784     2  freebsd-ufs  [bootme]  (229G)
>  480247848    8149280     3  freebsd-swap  (3.9G)
>
> # dd if=3D/dev/random of=3D/dev/ada1 bs=3D512 count=3D488397088
>
> # gpart create -s gpt ada1
>
> # gpart add -t freebsd-ufs ada1
>
> # newfs -U /dev/ada1p1
>
>
>
>

--000000000000f06fb505dabdcdb7
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr"><div dir=3D"ltr">Even multi-pass overwrite of SSDs is not =
a sufficient purge, due to how writing is distributed / optimized on SSDs. =
So=C2=A0
dd / dc3dd is insufficient.<div><br></div><div>Only invoking the on-control=
ler ATA Secure Erase / sanitize command (using &#39;camcontrol security -e&=
#39; as Eugene said elsewhere in the thread) is the validated[1] method:</d=
iv><div><br></div><div>=C2=A0 =C2=A0 camcontrol security -s anypass -e anyp=
ass -y ada[X]<br></div><div><br></div><div>This also happens to be much fas=
ter than an overwrite, because it&#39;s implemented as &quot;encrypt the en=
tire medium with a random key, then discard the key&quot;.</div><div><br></=
div><div>1.=C2=A0<a href=3D"https://nvlpubs.nist.gov/nistpubs/SpecialPublic=
ations/NIST.SP.800-88r1.pdf">https://nvlpubs.nist.gov/nistpubs/SpecialPubli=
cations/NIST.SP.800-88r1.pdf</a>, p. 36, Table A-8<br clear=3D"all"><div><d=
iv dir=3D"ltr" class=3D"gmail_signature" data-smartmail=3D"gmail_signature"=
><div dir=3D"ltr"><div><br></div><div>--=C2=A0</div><div>Royce</div></div><=
/div></div><br></div></div><br><div class=3D"gmail_quote"><div dir=3D"ltr" =
class=3D"gmail_attr">On Mon, Mar 21, 2022 at 7:19 AM Sam Ricchio &lt;<a hre=
f=3D"mailto:sam.ricchio@gmail.com">sam.ricchio@gmail.com</a>&gt; wrote:<br>=
</div><blockquote class=3D"gmail_quote" style=3D"margin:0px 0px 0px 0.8ex;b=
order-left:1px solid rgb(204,204,204);padding-left:1ex"><div style=3D"overf=
low-wrap: break-word;"><div>On and SSD if you have erased everything ssd =
=E2=80=9Cgarbage collection=E2=80=9D should help you if the drive it powere=
d on.</div><div>But if you want to overwrite the drive</div><div>A simple o=
verwrite with a text pattern with dc3dd.</div><div><div style=3D"margin:0px=
 0px 0px 36px;font-stretch:normal;font-size:16px;line-height:normal"><span =
style=3D"font-kerning:none">dc3dd wipe=3D/dev/sdb tpat=3Dnothingtoseehere</=
span></div><div style=3D"margin:0px 0px 0px 36px;font-stretch:normal;font-s=
ize:16px;line-height:normal"><span style=3D"font-kerning:none">However if y=
ou are still worried that some controller optimization is interfering</span=
></div><div style=3D"margin:0px 0px 0px 36px;font-stretch:normal;font-size:=
16px;line-height:normal"><span style=3D"font-kerning:none">with and actual =
memory location overwrite.=C2=A0 Go old school with dd and write</span></di=
v><div style=3D"margin:0px 0px 0px 36px;font-stretch:normal;font-size:16px;=
line-height:normal"><span style=3D"font-kerning:none">a file of random to t=
he existing file system until it runs out of space.</span></div><div style=
=3D"margin:0px 0px 0px 36px;font-stretch:normal;font-size:16px;line-height:=
normal"><span style=3D"font-kerning:none">dd if=3D/dev/urandon of=3Dgarbage=
txtfile.txt</span></div><div style=3D"margin:0px 0px 0px 36px;font-stretch:=
normal;font-size:16px;line-height:normal"><span style=3D"font-kerning:none"=
><br></span></div><div style=3D"margin:0px 0px 0px 36px;font-stretch:normal=
;font-size:16px;line-height:normal"><span style=3D"font-kerning:none"><br><=
/span></div><div style=3D"margin:0px 0px 0px 36px;font-stretch:normal;font-=
size:16px;line-height:normal"><span style=3D"font-kerning:none"><br></span>=
</div><div style=3D"margin:0px 0px 0px 36px;font-stretch:normal;font-size:1=
6px;line-height:normal"><br></div><div><div><div>On Mar 21, 2022, at 7:14 A=
M, Damian Weber &lt;<a href=3D"mailto:dweber@htwsaar.de" target=3D"_blank">=
dweber@htwsaar.de</a>&gt; wrote:</div><br><div><div><br>Hi all,<br><br>I&#3=
9;d like to have an answer on a secure FreeBSD way to erase <br>SSDs before=
 giving these away to someone for reusing it. <br><br>Is the following enou=
gh to protect confidential data <br>previously stored there?<br><br>1) =C2=
=A0dd : overwriting with random bits (complete capacity)<br>2) =C2=A0gpart =
create<br>3) =C2=A0gpart add<br>4) =C2=A0newfs<br><br>Details for an exampl=
e with /dev/ada1 see below.<br><br>Thanks a lot,<br><br> =C2=A0=C2=A0Damian=
<br><br><br># fdisk ada1<br>******* Working on device /dev/ada1 *******<br>=
parameters extracted from in-core disklabel are:<br>cylinders=3D484521 head=
s=3D16 sectors/track=3D63 (1008 blks/cyl)<br><br>Figures below won&#39;t wo=
rk with BIOS for partitions not in cyl 1<br>parameters to be used for BIOS =
calculations are:<br>cylinders=3D484521 heads=3D16 sectors/track=3D63 (1008=
 blks/cyl)<br><br>Media sector size is 512<br>Warning: BIOS sector numberin=
g starts with sector 1<br>Information from DOS bootblock is:<br>The data fo=
r partition 1 is:<br>sysid 238 (0xee),(EFI GPT)<br> =C2=A0=C2=A0=C2=A0start=
 1, size 488397167 (238475 Meg), flag 0<br> =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0beg: cyl 0/ head 0/ sector 2;<br> =C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0end: cyl 1023/ head 255/ sector 63<br>The data for partition=
 2 is:<br>&lt;UNUSED&gt;<br>The data for partition 3 is:<br>&lt;UNUSED&gt;<=
br>The data for partition 4 is:<br>&lt;UNUSED&gt;<br><br># gpart show ada1<=
br>=3D&gt; =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A040 =C2=A0488397088 =C2=A0ada=
1 =C2=A0GPT =C2=A0(233G)<br> =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A040 =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A01024 =C2=A0=C2=A0=C2=A0=C2=A01 =
=C2=A0freebsd-boot =C2=A0(512K)<br> =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0106=
4 =C2=A0480246784 =C2=A0=C2=A0=C2=A0=C2=A02 =C2=A0freebsd-ufs =C2=A0[bootme=
] =C2=A0(229G)<br> =C2=A0480247848 =C2=A0=C2=A0=C2=A08149280 =C2=A0=C2=A0=
=C2=A0=C2=A03 =C2=A0freebsd-swap =C2=A0(3.9G)<br><br># dd if=3D/dev/random =
of=3D/dev/ada1 bs=3D512 count=3D488397088<br><br># gpart create -s gpt ada1=
<br><br># gpart add -t freebsd-ufs ada1<br><br># newfs -U /dev/ada1p1<br><b=
r><br></div></div></div><br></div></div></div></blockquote></div></div>

--000000000000f06fb505dabdcdb7--

---

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CA%2BE3k92viWQTgkS9zyXwCdBC5rgjyOmSvLFgGo%2BOF8WxkDuVWA>

Legal Notices | © 1995-2024 The FreeBSD Project. All rights reserved.

Contact