Site Navigation

Date:      Mon, 21 Mar 2022 10:17:33 -0500
From:      Sam Ricchio <sam.ricchio@gmail.com>
To:        Damian Weber <dweber@htwsaar.de>, freebsd-security@freebsd.org
Subject:   Re: SSD erase question
Message-ID:  <1ACC7A67-BDBA-4CD3-87EC-822C38CD7CE7@gmail.com>
In-Reply-To: <274c8cca-80b0-9460-6754-6bb77efbb4dd@htwsaar.de>
References:  <274c8cca-80b0-9460-6754-6bb77efbb4dd@htwsaar.de>

---

next in thread | previous in thread | raw e-mail | index | archive | help

---

--Apple-Mail=_F0850484-1739-4CA6-8CAF-A4F9D327999F
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;
	charset=utf-8

On and SSD if you have erased everything ssd =E2=80=9Cgarbage =
collection=E2=80=9D should help you if the drive it powered on.
But if you want to overwrite the drive
A simple overwrite with a text pattern with dc3dd.
dc3dd wipe=3D/dev/sdb tpat=3Dnothingtoseehere
However if you are still worried that some controller optimization is =
interfering
with and actual memory location overwrite.  Go old school with dd and =
write
a file of random to the existing file system until it runs out of space.
dd if=3D/dev/urandon of=3Dgarbagetxtfile.txt




On Mar 21, 2022, at 7:14 AM, Damian Weber <dweber@htwsaar.de> wrote:


Hi all,

I'd like to have an answer on a secure FreeBSD way to erase=20
SSDs before giving these away to someone for reusing it.=20

Is the following enough to protect confidential data=20
previously stored there?

1)  dd : overwriting with random bits (complete capacity)
2)  gpart create
3)  gpart add
4)  newfs

Details for an example with /dev/ada1 see below.

Thanks a lot,

  Damian


# fdisk ada1
******* Working on device /dev/ada1 *******
parameters extracted from in-core disklabel are:
cylinders=3D484521 heads=3D16 sectors/track=3D63 (1008 blks/cyl)

Figures below won't work with BIOS for partitions not in cyl 1
parameters to be used for BIOS calculations are:
cylinders=3D484521 heads=3D16 sectors/track=3D63 (1008 blks/cyl)

Media sector size is 512
Warning: BIOS sector numbering starts with sector 1
Information from DOS bootblock is:
The data for partition 1 is:
sysid 238 (0xee),(EFI GPT)
   start 1, size 488397167 (238475 Meg), flag 0
       beg: cyl 0/ head 0/ sector 2;
       end: cyl 1023/ head 255/ sector 63
The data for partition 2 is:
<UNUSED>
The data for partition 3 is:
<UNUSED>
The data for partition 4 is:
<UNUSED>

# gpart show ada1
=3D>       40  488397088  ada1  GPT  (233G)
        40       1024     1  freebsd-boot  (512K)
      1064  480246784     2  freebsd-ufs  [bootme]  (229G)
 480247848    8149280     3  freebsd-swap  (3.9G)

# dd if=3D/dev/random of=3D/dev/ada1 bs=3D512 count=3D488397088

# gpart create -s gpt ada1

# gpart add -t freebsd-ufs ada1

# newfs -U /dev/ada1p1




--Apple-Mail=_F0850484-1739-4CA6-8CAF-A4F9D327999F
Content-Transfer-Encoding: quoted-printable
Content-Type: text/html;
	charset=utf-8

<html><head><meta http-equiv=3D"Content-Type" content=3D"text/html; =
charset=3Dutf-8"></head><body style=3D"word-wrap: break-word; =
-webkit-nbsp-mode: space; line-break: after-white-space;" class=3D""><div =
class=3D"">On and SSD if you have erased everything ssd =E2=80=9Cgarbage =
collection=E2=80=9D should help you if the drive it powered =
on.</div><div class=3D"">But if you want to overwrite the =
drive</div><div class=3D"">A simple overwrite with a text pattern with =
dc3dd.</div><div class=3D""><div style=3D"margin: 0px 0px 0px 36px; =
text-indent: -36px; font-stretch: normal; font-size: 16px; line-height: =
normal;" class=3D""><span style=3D"font-kerning: none" class=3D"">dc3dd =
wipe=3D/dev/sdb tpat=3Dnothingtoseehere</span></div><div style=3D"margin: =
0px 0px 0px 36px; text-indent: -36px; font-stretch: normal; font-size: =
16px; line-height: normal;" class=3D""><span style=3D"font-kerning: =
none" class=3D"">However if you are still worried that some controller =
optimization is interfering</span></div><div style=3D"margin: 0px 0px =
0px 36px; text-indent: -36px; font-stretch: normal; font-size: 16px; =
line-height: normal;" class=3D""><span style=3D"font-kerning: none" =
class=3D"">with and actual memory location overwrite. &nbsp;Go old =
school with dd and write</span></div><div style=3D"margin: 0px 0px 0px =
36px; text-indent: -36px; font-stretch: normal; font-size: 16px; =
line-height: normal;" class=3D""><span style=3D"font-kerning: none" =
class=3D"">a file of random to the existing file system until it runs =
out of space.</span></div><div style=3D"margin: 0px 0px 0px 36px; =
text-indent: -36px; font-stretch: normal; font-size: 16px; line-height: =
normal;" class=3D""><span style=3D"font-kerning: none" class=3D"">dd =
if=3D/dev/urandon of=3Dgarbagetxtfile.txt</span></div><div =
style=3D"margin: 0px 0px 0px 36px; text-indent: -36px; font-stretch: =
normal; font-size: 16px; line-height: normal;" class=3D""><span =
style=3D"font-kerning: none" class=3D""><br class=3D""></span></div><div =
style=3D"margin: 0px 0px 0px 36px; text-indent: -36px; font-stretch: =
normal; font-size: 16px; line-height: normal;" class=3D""><span =
style=3D"font-kerning: none" class=3D""><br class=3D""></span></div><div =
style=3D"margin: 0px 0px 0px 36px; text-indent: -36px; font-stretch: =
normal; font-size: 16px; line-height: normal;" class=3D""><span =
style=3D"font-kerning: none" class=3D""><br class=3D""></span></div><div =
style=3D"margin: 0px 0px 0px 36px; text-indent: -36px; font-stretch: =
normal; font-size: 16px; line-height: normal;" class=3D""><br =
class=3D""></div><div class=3D""><div><div class=3D"">On Mar 21, 2022, =
at 7:14 AM, Damian Weber &lt;<a href=3D"mailto:dweber@htwsaar.de" =
class=3D"">dweber@htwsaar.de</a>&gt; wrote:</div><br =
class=3D"Apple-interchange-newline"><div class=3D""><div class=3D""><br =
class=3D"">Hi all,<br class=3D""><br class=3D"">I'd like to have an =
answer on a secure FreeBSD way to erase <br class=3D"">SSDs before =
giving these away to someone for reusing it. <br class=3D""><br =
class=3D"">Is the following enough to protect confidential data <br =
class=3D"">previously stored there?<br class=3D""><br class=3D"">1) =
&nbsp;dd : overwriting with random bits (complete capacity)<br =
class=3D"">2) &nbsp;gpart create<br class=3D"">3) &nbsp;gpart add<br =
class=3D"">4) &nbsp;newfs<br class=3D""><br class=3D"">Details for an =
example with /dev/ada1 see below.<br class=3D""><br class=3D"">Thanks a =
lot,<br class=3D""><br class=3D""> &nbsp;&nbsp;Damian<br class=3D""><br =
class=3D""><br class=3D""># fdisk ada1<br class=3D"">******* Working on =
device /dev/ada1 *******<br class=3D"">parameters extracted from in-core =
disklabel are:<br class=3D"">cylinders=3D484521 heads=3D16 =
sectors/track=3D63 (1008 blks/cyl)<br class=3D""><br class=3D"">Figures =
below won't work with BIOS for partitions not in cyl 1<br =
class=3D"">parameters to be used for BIOS calculations are:<br =
class=3D"">cylinders=3D484521 heads=3D16 sectors/track=3D63 (1008 =
blks/cyl)<br class=3D""><br class=3D"">Media sector size is 512<br =
class=3D"">Warning: BIOS sector numbering starts with sector 1<br =
class=3D"">Information from DOS bootblock is:<br class=3D"">The data for =
partition 1 is:<br class=3D"">sysid 238 (0xee),(EFI GPT)<br class=3D""> =
&nbsp;&nbsp;&nbsp;start 1, size 488397167 (238475 Meg), flag 0<br =
class=3D""> &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;beg: cyl 0/ head =
0/ sector 2;<br class=3D""> =
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;end: cyl 1023/ head 255/ =
sector 63<br class=3D"">The data for partition 2 is:<br =
class=3D"">&lt;UNUSED&gt;<br class=3D"">The data for partition 3 is:<br =
class=3D"">&lt;UNUSED&gt;<br class=3D"">The data for partition 4 is:<br =
class=3D"">&lt;UNUSED&gt;<br class=3D""><br class=3D""># gpart show =
ada1<br class=3D"">=3D&gt; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;40 =
&nbsp;488397088 &nbsp;ada1 &nbsp;GPT &nbsp;(233G)<br class=3D""> =
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;40 =
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;1024 &nbsp;&nbsp;&nbsp;&nbsp;1 =
&nbsp;freebsd-boot &nbsp;(512K)<br class=3D""> =
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;1064 &nbsp;480246784 =
&nbsp;&nbsp;&nbsp;&nbsp;2 &nbsp;freebsd-ufs &nbsp;[bootme] =
&nbsp;(229G)<br class=3D""> &nbsp;480247848 &nbsp;&nbsp;&nbsp;8149280 =
&nbsp;&nbsp;&nbsp;&nbsp;3 &nbsp;freebsd-swap &nbsp;(3.9G)<br =
class=3D""><br class=3D""># dd if=3D/dev/random of=3D/dev/ada1 bs=3D512 =
count=3D488397088<br class=3D""><br class=3D""># gpart create -s gpt =
ada1<br class=3D""><br class=3D""># gpart add -t freebsd-ufs ada1<br =
class=3D""><br class=3D""># newfs -U /dev/ada1p1<br class=3D""><br =
class=3D""><br class=3D""></div></div></div><br =
class=3D""></div></div></body></html>=

--Apple-Mail=_F0850484-1739-4CA6-8CAF-A4F9D327999F--

---

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1ACC7A67-BDBA-4CD3-87EC-822C38CD7CE7>

Legal Notices | © 1995-2024 The FreeBSD Project. All rights reserved.

Contact