Bug#931317: debian-installer: A feature to "secure erase" SSDs would be nice

To: 931317@bugs.debian.org
Subject: Bug#931317: debian-installer: A feature to "secure erase" SSDs would be nice
From: Philip Hands <phil@hands.com>
Date: Tue, 02 Jul 2019 09:18:38 +0200
Message-id: <[🔎] 87ef387vld.fsf@hands.com>
Reply-to: Philip Hands <phil@hands.com>, 931317@bugs.debian.org
In-reply-to: <[🔎] 651d40b925ec8d9ef28b2431aa6776e6cd5f28ed.camel@decadent.org.uk>
References: <[🔎] 156200670157.24692.2790861633041553541.reportbug@slate.karlpinc.com> <[🔎] 156200670157.24692.2790861633041553541.reportbug@slate.karlpinc.com> <[🔎] 87k1d17bzf.fsf@hands.com> <[🔎] 156200670157.24692.2790861633041553541.reportbug@slate.karlpinc.com> <[🔎] 651d40b925ec8d9ef28b2431aa6776e6cd5f28ed.camel@decadent.org.uk> <[🔎] 156200670157.24692.2790861633041553541.reportbug@slate.karlpinc.com>

Ben Hutchings <ben@decadent.org.uk> writes:

> On Mon, 2019-07-01 at 22:09 +0200, Philip Hands wrote:
>> "Karl O. Pinc" <kop@karlpinc.com> writes:
>> 
>> > Package: debian-installer
>> > Severity: wishlist
>> > Tags: d-i
>> > 
>> > Hello,
>> > 
>> > It would be nice if the debian installer included the option to
>> > "secure erase" SSDs before creating a partition table during
>> > installation.
>> > 
>> > A used SSD may have been "over-filled", especially a consumer grade
>> > device that is not over-provisioned.  By this I mean that it has had
>> > enough cells written that writing requires erasure, which results in
>> > write-amplification and poor performance.  A "secure erase" operation
>> > restores the original performance of the drive.
>> > 
>> > I have not put any thought into whether this feature is feasible.
>> 
>> I think it's probably rather hard to do safely, as IIRC one often needs
>> to try hdparm, then in order to cause the drive not to be locked do
>> something like suspend and resume the system, then set an admin
>> password, and only then do the secure erase ... which then takes
>> quite a while.
>
> I believe that modern drives (both HD and SSD) often have their own
> encryption layer, and secure erase is implemented by erasing the
> encryption key and (on an SSD) marking all blocks free in the flash
> translation layer.

Ah, good point -- in which case it would at least be quick.

It occurs to me that, given that the main thrust of this bug is about
performance rather than security, there is the option of using
blkdiscard on the device.

A quick look at the d-i code suggests that we're building blkdiscard
into busybox:

  .../busybox/debian/config/pkg/udeb:CONFIG_BLKDISCARD=y

but I don't seem to find it being called, so I'm guessing we're not
currently doing that.

BTW This would only seem to be useful in the case where the user had
selected to clean the whole drive but leave some fallow (which we don't
currently provide). If the drive is fully allocated it looks like the
filesystems try to do a 'discard' during mkfs (judging by e.g. the man
page for mkfs.ext4), which I'd hope would have pretty-much the same
effect as doing a blkdiscard earlier in the process.

Cheers, Phil.
-- 
|)|  Philip Hands  [+44 (0)20 8530 9560]  HANDS.COM Ltd.
|-|  http://www.hands.com/    http://ftp.uk.debian.org/
|(|  Hugo-Klemm-Strasse 34,   21075 Hamburg,    GERMANY

Attachment: signature.asc
Description: PGP signature

Reply to:

References:
- Bug#931317: debian-installer: A feature to "secure erase" SSDs would be nice
  - From: "Karl O. Pinc" <kop@karlpinc.com>
- Bug#931317: debian-installer: A feature to "secure erase" SSDs would be nice
  - From: Philip Hands <phil@hands.com>
- Bug#931317: debian-installer: A feature to "secure erase" SSDs would be nice
  - From: Ben Hutchings <ben@decadent.org.uk>

Prev by Date: Re: Please dak copy-installer 20190702
Next by Date: Processing of debian-installer-netboot-images_20190702_source.changes
Previous by thread: Bug#931317: debian-installer: A feature to "secure erase" SSDs would be nice
Next by thread: Bug#931317: debian-installer: A feature to "secure erase" SSDs would be nice
Index(es):
- Date
- Thread