Date: Wed, 27 Apr 2005 23:17:50 +0200 From: des@des.no (=?iso-8859-1?q?Dag-Erling_Sm=F8rgrav?=) To: Robert Krten <root@parse.com> Cc: freebsd-fs@freebsd.org Subject: Re: Background block scrubbing Message-ID: <867jin2a2p.fsf@xps.des.no> In-Reply-To: <200504271918.PAA05842@parse.com> References: <200504271918.PAA05842@parse.com>
next in thread | previous in thread | raw e-mail | index | archive | help
"Robert Krten" <root@parse.com> writes: > Is there a utility that does background unused block scrubbing? > > What I'm thinking of is something that looks for unused blocks on the > disk, and then writes zeros, then random, then more random, etc, to them > for security applications. That's not how it's done. Here's a good explanation of how to do it and why it must be done that way: http://www.cs.auckland.ac.nz/~pgut001/pubs/secure_del.html > It would need to have some cooperation from the filesystem so that it cou= ld > lock down a block (or ten, or some number) at a time that it could then go > and "scrub" during idle periods... Since it would only allocate a few > blocks at a time, it wouldn't need to have a mechanism to release them (I= MHO). To do this safely, you have to first scrub the entire disk before partitioning / newfsing it, and when the disk is in use, scrub every single block that has held data but no longer does as soon as it is deallocated, and before reporting the I/O operation complete to the filesystem. Performance would be abysmal (it takes 35 passes to fully scrub each block), so in real life you'd be better off encrypting the disk (using gbde or something similar), and only scrubbing or bulk erasing it when you decomission it. DES --=20 Dag-Erling Sm=F8rgrav - des@des.no
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?867jin2a2p.fsf>