On Mon, 2019-07-01 at 22:09 +0200, Philip Hands wrote: > "Karl O. Pinc" <kop@karlpinc.com> writes: > > > Package: debian-installer > > Severity: wishlist > > Tags: d-i > > > > Hello, > > > > It would be nice if the debian installer included the option to > > "secure erase" SSDs before creating a partition table during > > installation. > > > > A used SSD may have been "over-filled", especially a consumer grade > > device that is not over-provisioned. By this I mean that it has had > > enough cells written that writing requires erasure, which results in > > write-amplification and poor performance. A "secure erase" operation > > restores the original performance of the drive. > > > > I have not put any thought into whether this feature is feasible. > > I think it's probably rather hard to do safely, as IIRC one often needs > to try hdparm, then in order to cause the drive not to be locked do > something like suspend and resume the system, then set an admin > password, and only then do the secure erase ... which then takes > quite a while. I believe that modern drives (both HD and SSD) often have their own encryption layer, and secure erase is implemented by erasing the encryption key and (on an SSD) marking all blocks free in the flash translation layer. But of course we cannot assume that all drives work that way. > Doing that inside d-i reliably seems likely to be quite a challenge, and > then if someone gets bored and turns off the power, their first and last > experience of Debian might well be us converting their SSD into a brick. > > A suggestion for them to think about doing it before installation, in > the installation manual, might be better. That would certainly be a lot easier for us. Ben. -- Ben Hutchings It's easier to fight for one's principles than to live up to them.
Attachment:
signature.asc
Description: This is a digitally signed message part