From nobody Tue Mar 22 01:39:05 2022 X-Original-To: freebsd-security@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id BACD91A22ABA; Tue, 22 Mar 2022 01:39:07 +0000 (UTC) (envelope-from grarpamp@gmail.com) Received: from mail-ua1-x929.google.com (mail-ua1-x929.google.com [IPv6:2607:f8b0:4864:20::929]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1D4" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4KMvKR0Nhyz4g3P; Tue, 22 Mar 2022 01:39:07 +0000 (UTC) (envelope-from grarpamp@gmail.com) Received: by mail-ua1-x929.google.com with SMTP id v20so6165628uat.9; Mon, 21 Mar 2022 18:39:07 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=5MAOBw825fEf1bPHXGHYaOsYnLGKWhKjcUa39kM2yKk=; b=WMoIqxlmBWVdCaiCbv19sqsfrBmkdJRwOPawWbzdvjCvsZE0W30zwxarNRG//ugU7J ADY7+v7NpRkYvqpp1kdp3Q1Z7lJpNPn+g1y7mP0ZER4A1rLBxKhLlDgWCcLjw+Fl+5Fr VVsVpjpP4hIryUyjKmuQZOvvqxGz56RT6Z/hEmmwnAEQHzFD1UNjTkXrotiwGiLQb6O9 F0SxQKKvKSFyLJWQwOiNBUXkPPZ+Gh+LzXVMhxFKrgLG715yMbxrQxCrqzOU22Ajhk/f jGIYYfZmVYD+NViw9TJZVrgAPD8AFjWDfz9WNzS5D9Nl4cW26P1QdV9EwThgxtXzprsn e2cA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=5MAOBw825fEf1bPHXGHYaOsYnLGKWhKjcUa39kM2yKk=; b=PODSRvAcGBisegcwY5zziMRVz68OPfVlzZ4UHksedVOWywIqhOJ3P1ZNfpeaI2UK56 rk/naYZHCdq4nB2PiRAzsJLSJk2fWg7GVIZgsNUiIvooT+lx3aU+eGgoWjThgyM/JaU1 w6ngJNsOjW7m6W2JUG5h9LpqGV7fCLp3pZBO5u9riIJ0GHQMgoLSPGevR6siBHcg1rJ8 /+hu2Ri3st31IOQP36CRiUI3GbyrLkYaWXvfwgvGLogzRVwN/HVsxX0R4JOOyN3xYdD7 21vP9F/fzSF70ulkqzyclxgJmisnniakNN6aCpbI9n8sVrRcZ65ExmfIxGJN5GMICdgB au2A== X-Gm-Message-State: AOAM531kwkGmbUpepvaTaxeUP6QqViHqp9/isJMvrKiJEbe53lcSz+v8 Cu3a8yaRit3Wu/1b49RNBsy9VjahwgYAlugy6AYuh6wfZ3S2Wh94ess= X-Google-Smtp-Source: ABdhPJythqN+qFlJuc1fDjQOyH/LyTTr3IIhMwKzvvPtHT2zuV/iBSnXAk4z7o/D6r9FjapPI/0a9QBVRoO0jYyTPew= X-Received: by 2002:ab0:4ac1:0:b0:351:ed7d:e65c with SMTP id t1-20020ab04ac1000000b00351ed7de65cmr7925201uae.36.1647913146225; Mon, 21 Mar 2022 18:39:06 -0700 (PDT) List-Id: Security issues List-Archive: https://lists.freebsd.org/archives/freebsd-security List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-security@freebsd.org X-BeenThere: freebsd-security@freebsd.org MIME-Version: 1.0 Received: by 2002:a05:612c:14c1:b0:2a2:beee:4b76 with HTTP; Mon, 21 Mar 2022 18:39:05 -0700 (PDT) In-Reply-To: <274c8cca-80b0-9460-6754-6bb77efbb4dd@htwsaar.de> References: <274c8cca-80b0-9460-6754-6bb77efbb4dd@htwsaar.de> From: grarpamp Date: Mon, 21 Mar 2022 21:39:05 -0400 Message-ID: Subject: Re: SSD erase question To: freebsd-security@freebsd.org Cc: freebsd-questions@freebsd.org Content-Type: text/plain; charset="UTF-8" X-Rspamd-Queue-Id: 4KMvKR0Nhyz4g3P X-Spamd-Bar: --- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=gmail.com header.s=20210112 header.b=WMoIqxlm; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (mx1.freebsd.org: domain of grarpamp@gmail.com designates 2607:f8b0:4864:20::929 as permitted sender) smtp.mailfrom=grarpamp@gmail.com X-Spamd-Result: default: False [-3.07 / 15.00]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; R_DKIM_ALLOW(-0.20)[gmail.com:s=20210112]; FROM_HAS_DN(0.00)[]; R_SPF_ALLOW(-0.20)[+ip6:2607:f8b0:4000::/36:c]; FREEMAIL_FROM(0.00)[gmail.com]; MIME_GOOD(-0.10)[text/plain]; TO_DN_NONE(0.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000]; TO_MATCH_ENVRCPT_ALL(0.00)[]; MID_RHS_MATCH_FROMTLD(0.00)[]; DKIM_TRACE(0.00)[gmail.com:+]; RCPT_COUNT_TWO(0.00)[2]; DMARC_POLICY_ALLOW(-0.50)[gmail.com,none]; RCVD_IN_DNSWL_NONE(0.00)[2607:f8b0:4864:20::929:from]; MLMMJ_DEST(0.00)[freebsd-security,freebsd-questions]; NEURAL_HAM_SHORT(-0.07)[-0.068]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+]; FREEMAIL_ENVFROM(0.00)[gmail.com]; ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US]; RCVD_COUNT_TWO(0.00)[2]; RCVD_TLS_ALL(0.00)[]; DWL_DNSWL_NONE(0.00)[gmail.com:dkim] X-ThisMailContainsUnwantedMimeParts: N On 3/21/22, Damian Weber wrote: > https://lists.freebsd.org/archives/freebsd-security/2022-March/000022.html > I'd like to have an answer on a secure FreeBSD way to erase > SSDs before giving these away to someone for reusing it. https://lists.freebsd.org/archives/freebsd-security/2022-January/000013.html All data storage devices are completely untrustworthy closed source opaque black box blobs, nor will any insurer write a policy over, nor any manufacturer indemnify, those products keying / erasure / inaccessibility claims. If you want at least some level of opensource verifiable independent "secure erase" function you have to integrate the crypto of 4 below before using the drive... 1) Buy drive [1] 2) Apply drive hardware based encryption 3) dd if=/dev/random of=drive bs=1m 4) Apply OS based full disk encryption 5) Use drive 6) Destroy OS FDE keys 7) dd if=/dev/random of=drive bs=1m 8) Run drive hardware based blackening and/or sanitization 9) Reuse, or destroy, or release if desired 2,8) Many storage devices do not offer embedded hardware encryption, and many users don't use it, some users use it in composition with the OS FDE (4) since OS's are unaudited and change, nor are opensource crypto algos guaranteed either. And there have been some news of instances where hardware crypto and/or wipe were broken thus recoverable. Defense in depth. As always... not your keys, not your crypto... https://www.youtube.com/watch?v=IwP1DOHYLaE nyknyc [1] Via secure and/or anon channels as desired to avoid interception backdooring by various actors, this is realworld and in the news since years.