From nobody Mon Mar 21 17:26:25 2022 X-Original-To: freebsd-security@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 207491A328F2 for ; Mon, 21 Mar 2022 17:27:04 +0000 (UTC) (envelope-from royce.williams@gmail.com) Received: from mail-qk1-f170.google.com (mail-qk1-f170.google.com [209.85.222.170]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1D4" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4KMhPg36zZz3Hwg for ; Mon, 21 Mar 2022 17:27:03 +0000 (UTC) (envelope-from royce.williams@gmail.com) Received: by mail-qk1-f170.google.com with SMTP id s16so12191661qks.4 for ; Mon, 21 Mar 2022 10:27:03 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to; bh=hLOsabhXplDODONbg61OtruRxGpEyA658ITY2V7dpDc=; b=qlTfybMSq/EYzZ3EI3Q9hppKKLs1ea8x2svoTMl80ti6NhZxVlcFEJfXSRrrf686sw GSt0dvm838ZMSJKyKLp7U4BL//zrlNNMs5D8gTZdKeIDbipfn10uVq21ZG1GEg+XZtoO neqHblEgBbI+H1UV6PospLls+zUE44/OcD8kl8PC8ykR0FivVPYftiDq84CGottKQtsq ndJdHzXiUgiQYp03WSIsCp7axO/H/HdoXVAOtw9PrVH/5lJST7xaPh7hW3Hy6c6p/H/6 4Ah0vhEGLD7HpNFHFBT3Mj+avxMCMMj3AWpNeQ/lanaxBMvaoTXfhalN/U5RaSXzGBD5 nkMQ== X-Gm-Message-State: AOAM532D0FWCk1BXU63g6OLB4KmyRIk9Ptf4qNSp2JlHGzAHJWBafvtz gHbdZwIGhY3+89FRl9GArgZgKFqq1avwbuhSRMYl8I6VFX4= X-Google-Smtp-Source: ABdhPJzZlTxaknrpgvrkR5v6GS8wovvY/fxI7wQ9632QgnFRW1Vo5s9iNzKVvHVe4ZcEY85IZhVIZ5LXHGyfXqAl+IU= X-Received: by 2002:a05:620a:e0b:b0:60d:d4b3:6afa with SMTP id y11-20020a05620a0e0b00b0060dd4b36afamr13505102qkm.503.1647883622311; Mon, 21 Mar 2022 10:27:02 -0700 (PDT) List-Id: Security issues List-Archive: https://lists.freebsd.org/archives/freebsd-security List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-security@freebsd.org X-BeenThere: freebsd-security@freebsd.org MIME-Version: 1.0 References: <274c8cca-80b0-9460-6754-6bb77efbb4dd@htwsaar.de> <1ACC7A67-BDBA-4CD3-87EC-822C38CD7CE7@gmail.com> In-Reply-To: <1ACC7A67-BDBA-4CD3-87EC-822C38CD7CE7@gmail.com> From: Royce Williams Date: Mon, 21 Mar 2022 09:26:25 -0800 Message-ID: Subject: Re: SSD erase question To: freebsd-security@freebsd.org Content-Type: multipart/alternative; boundary="000000000000f06fb505dabdcdb7" X-Rspamd-Queue-Id: 4KMhPg36zZz3Hwg X-Spamd-Bar: -- Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=fail reason="SPF not aligned (relaxed), No valid DKIM" header.from=techsolvency.com (policy=none); spf=pass (mx1.freebsd.org: domain of roycewilliams@gmail.com designates 209.85.222.170 as permitted sender) smtp.mailfrom=roycewilliams@gmail.com X-Spamd-Result: default: False [-2.90 / 15.00]; ARC_NA(0.00)[]; FREEMAIL_ENVFROM(0.00)[gmail.com]; DMARC_POLICY_SOFTFAIL(0.10)[techsolvency.com : SPF not aligned (relaxed), No valid DKIM,none]; RCVD_TLS_ALL(0.00)[]; FROM_HAS_DN(0.00)[]; R_SPF_ALLOW(-0.20)[+ip4:209.85.128.0/17:c]; TO_MATCH_ENVRCPT_ALL(0.00)[]; MIME_GOOD(-0.10)[multipart/alternative,text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-security@freebsd.org]; TO_DN_NONE(0.00)[]; RCPT_COUNT_ONE(0.00)[1]; NEURAL_HAM_LONG(-1.00)[-1.000]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; NEURAL_HAM_SHORT(-1.00)[-1.000]; RCVD_IN_DNSWL_NONE(0.00)[209.85.222.170:from]; MLMMJ_DEST(0.00)[freebsd-security]; FORGED_SENDER(0.30)[royce@techsolvency.com,roycewilliams@gmail.com]; RWL_MAILSPIKE_POSSIBLE(0.00)[209.85.222.170:from]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+,1:+,2:~]; ASN(0.00)[asn:15169, ipnet:209.85.128.0/17, country:US]; TAGGED_FROM(0.00)[]; FROM_NEQ_ENVFROM(0.00)[royce@techsolvency.com,roycewilliams@gmail.com]; RCVD_COUNT_TWO(0.00)[2] X-ThisMailContainsUnwantedMimeParts: N --000000000000f06fb505dabdcdb7 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Even multi-pass overwrite of SSDs is not a sufficient purge, due to how writing is distributed / optimized on SSDs. So dd / dc3dd is insufficient. Only invoking the on-controller ATA Secure Erase / sanitize command (using 'camcontrol security -e' as Eugene said elsewhere in the thread) is the validated[1] method: camcontrol security -s anypass -e anypass -y ada[X] This also happens to be much faster than an overwrite, because it's implemented as "encrypt the entire medium with a random key, then discard the key". 1. https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-88r1.pdf, p. 36, Table A-8 --=20 Royce On Mon, Mar 21, 2022 at 7:19 AM Sam Ricchio wrote: > On and SSD if you have erased everything ssd =E2=80=9Cgarbage collection= =E2=80=9D should > help you if the drive it powered on. > But if you want to overwrite the drive > A simple overwrite with a text pattern with dc3dd. > dc3dd wipe=3D/dev/sdb tpat=3Dnothingtoseehere > However if you are still worried that some controller optimization is > interfering > with and actual memory location overwrite. Go old school with dd and wri= te > a file of random to the existing file system until it runs out of space. > dd if=3D/dev/urandon of=3Dgarbagetxtfile.txt > > > > > On Mar 21, 2022, at 7:14 AM, Damian Weber wrote: > > > Hi all, > > I'd like to have an answer on a secure FreeBSD way to erase > SSDs before giving these away to someone for reusing it. > > Is the following enough to protect confidential data > previously stored there? > > 1) dd : overwriting with random bits (complete capacity) > 2) gpart create > 3) gpart add > 4) newfs > > Details for an example with /dev/ada1 see below. > > Thanks a lot, > > Damian > > > # fdisk ada1 > ******* Working on device /dev/ada1 ******* > parameters extracted from in-core disklabel are: > cylinders=3D484521 heads=3D16 sectors/track=3D63 (1008 blks/cyl) > > Figures below won't work with BIOS for partitions not in cyl 1 > parameters to be used for BIOS calculations are: > cylinders=3D484521 heads=3D16 sectors/track=3D63 (1008 blks/cyl) > > Media sector size is 512 > Warning: BIOS sector numbering starts with sector 1 > Information from DOS bootblock is: > The data for partition 1 is: > sysid 238 (0xee),(EFI GPT) > start 1, size 488397167 (238475 Meg), flag 0 > beg: cyl 0/ head 0/ sector 2; > end: cyl 1023/ head 255/ sector 63 > The data for partition 2 is: > > The data for partition 3 is: > > The data for partition 4 is: > > > # gpart show ada1 > =3D> 40 488397088 ada1 GPT (233G) > 40 1024 1 freebsd-boot (512K) > 1064 480246784 2 freebsd-ufs [bootme] (229G) > 480247848 8149280 3 freebsd-swap (3.9G) > > # dd if=3D/dev/random of=3D/dev/ada1 bs=3D512 count=3D488397088 > > # gpart create -s gpt ada1 > > # gpart add -t freebsd-ufs ada1 > > # newfs -U /dev/ada1p1 > > > > --000000000000f06fb505dabdcdb7 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
Even multi-pass overwrite of SSDs is not = a sufficient purge, due to how writing is distributed / optimized on SSDs. = So=C2=A0 dd / dc3dd is insufficient.

Only invoking the on-control= ler ATA Secure Erase / sanitize command (using 'camcontrol security -e&= #39; as Eugene said elsewhere in the thread) is the validated[1] method:

=C2=A0 =C2=A0 camcontrol security -s anypass -e anyp= ass -y ada[X]

This also happens to be much fas= ter than an overwrite, because it's implemented as "encrypt the en= tire medium with a random key, then discard the key".

On Mon, Mar 21, 2022 at 7:19 AM Sam Ricchio <sam.ricchio@gmail.com> wrote:
=
On and SSD if you have erased everything ssd = =E2=80=9Cgarbage collection=E2=80=9D should help you if the drive it powere= d on.
But if you want to overwrite the drive
A simple o= verwrite with a text pattern with dc3dd.
dc3dd wipe=3D/dev/sdb tpat=3Dnothingtoseehere
However if y= ou are still worried that some controller optimization is interfering
with and actual = memory location overwrite.=C2=A0 Go old school with dd and write
a file of random to t= he existing file system until it runs out of space.
dd if=3D/dev/urandon of=3Dgarbage= txtfile.txt


<= /span>

=

On Mar 21, 2022, at 7:14 A= M, Damian Weber <= dweber@htwsaar.de> wrote:


Hi all,

I= 9;d like to have an answer on a secure FreeBSD way to erase
SSDs before= giving these away to someone for reusing it.

Is the following enou= gh to protect confidential data
previously stored there?

1) =C2= =A0dd : overwriting with random bits (complete capacity)
2) =C2=A0gpart = create
3) =C2=A0gpart add
4) =C2=A0newfs

Details for an exampl= e with /dev/ada1 see below.

Thanks a lot,

=C2=A0=C2=A0Damian=


# fdisk ada1
******* Working on device /dev/ada1 *******
= parameters extracted from in-core disklabel are:
cylinders=3D484521 head= s=3D16 sectors/track=3D63 (1008 blks/cyl)

Figures below won't wo= rk with BIOS for partitions not in cyl 1
parameters to be used for BIOS = calculations are:
cylinders=3D484521 heads=3D16 sectors/track=3D63 (1008= blks/cyl)

Media sector size is 512
Warning: BIOS sector numberin= g starts with sector 1
Information from DOS bootblock is:
The data fo= r partition 1 is:
sysid 238 (0xee),(EFI GPT)
=C2=A0=C2=A0=C2=A0start= 1, size 488397167 (238475 Meg), flag 0
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0= =C2=A0=C2=A0beg: cyl 0/ head 0/ sector 2;
=C2=A0=C2=A0=C2=A0=C2=A0=C2= =A0=C2=A0=C2=A0end: cyl 1023/ head 255/ sector 63
The data for partition= 2 is:
<UNUSED>
The data for partition 3 is:
<UNUSED><= br>The data for partition 4 is:
<UNUSED>

# gpart show ada1<= br>=3D> =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A040 =C2=A0488397088 =C2=A0ada= 1 =C2=A0GPT =C2=A0(233G)
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2= =A040 =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A01024 =C2=A0=C2=A0=C2=A0=C2=A01 = =C2=A0freebsd-boot =C2=A0(512K)
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0106= 4 =C2=A0480246784 =C2=A0=C2=A0=C2=A0=C2=A02 =C2=A0freebsd-ufs =C2=A0[bootme= ] =C2=A0(229G)
=C2=A0480247848 =C2=A0=C2=A0=C2=A08149280 =C2=A0=C2=A0= =C2=A0=C2=A03 =C2=A0freebsd-swap =C2=A0(3.9G)

# dd if=3D/dev/random = of=3D/dev/ada1 bs=3D512 count=3D488397088

# gpart create -s gpt ada1=

# gpart add -t freebsd-ufs ada1

# newfs -U /dev/ada1p1


--000000000000f06fb505dabdcdb7--