Bug#721360: blockdev-wipe can be very slow
<ben@decadent.org.uk> wrote:
> I have to wonder why this is so slow. We should be able to write
> about 100 MB/s sequentially to a recent HD, so 750 GB would take
> about 2 hours and not 36 hours.
I chose an encrypted swap volume, of size 16GB.
The Debian installer took close to an hour to wipe this. This result
is comparable to the speed reported upthread, five or six megabytes
per second, a truly absurd speed when the underlying disk is capable
of at least twenty times that.
> Is encryption really that expensive, and if so can we fix this by
> adding accelerated crypto drivers to d-i (such as aesni_intel)?
It should be clear that if all you want to do is wipe some disk
volume, by writing either zeros or random data to it, YOU DON'T HAVE
TO ENCRYPT THAT DATA, even if that volume will later be used for
encrypted data. It is of no use whatsoever to encrypt the wipe data.
In other words: wipe the underlying real volume, preferably with zeros
so as not to waste time computing /dev/urandom; don't wipe the
dm-crypt volume layered on top of it.
It could also be asked why it is any more relevant to wipe the
previous contents of a new encrypted volume than an unencrypted
one. Even if the physical disk previously contained sensitive data,
there is no reason to suppose that such data is exclusively contained
within the boundaries of a newly-created encrypted volume which uses
it.
There should be a (non-default) option to wipe the entire contents of
specific physical disks, with either zeros or pseudorandom
data. Whether the new usage of those disks will be encrypted or not,
is a completely irrelevant consideration.
-- Ian Bruce
Reply to: