Bug#931317: debian-installer: A feature to "secure erase" SSDs would be nice

To: Ben Hutchings <ben@decadent.org.uk>, 931317@bugs.debian.org
Cc: Philip Hands <phil@hands.com>
Subject: Bug#931317: debian-installer: A feature to "secure erase" SSDs would be nice
From: Philipp Kern <pkern@debian.org>
Date: Wed, 03 Jul 2019 12:16:42 +0200
Message-id: <[🔎] 2d1739e24213eafcf03461aad95de770@debian.org>
Reply-to: Philipp Kern <pkern@debian.org>, 931317@bugs.debian.org
In-reply-to: <[🔎] 651d40b925ec8d9ef28b2431aa6776e6cd5f28ed.camel@decadent.org.uk>
References: <[🔎] 156200670157.24692.2790861633041553541.reportbug@slate.karlpinc.com> <[🔎] 156200670157.24692.2790861633041553541.reportbug@slate.karlpinc.com> <[🔎] 87k1d17bzf.fsf@hands.com> <[🔎] 156200670157.24692.2790861633041553541.reportbug@slate.karlpinc.com> <[🔎] 651d40b925ec8d9ef28b2431aa6776e6cd5f28ed.camel@decadent.org.uk> <[🔎] 156200670157.24692.2790861633041553541.reportbug@slate.karlpinc.com>

On 2019-07-02 00:33, Ben Hutchings wrote:

On Mon, 2019-07-01 at 22:09 +0200, Philip Hands wrote:

I think it's probably rather hard to do safely, as IIRC one oftenneeds

to try hdparm, then in order to cause the drive not to be locked do
something like suspend and resume the system, then set an admin
password, and only then do the secure erase ... which then takes
quite a while.

I believe that modern drives (both HD and SSD) often have their own
encryption layer, and secure erase is implemented by erasing the
encryption key and (on an SSD) marking all blocks free in the flash
translation layer.

Unfortunately the locking bit is still true for many machines, so evenif it is quick, it can be hard to get the drive into the state where theBIOS did not have an opportunity to block the user from triggering theerase operation.


Kind regards
Philipp Kern

Reply to:

References:
- Bug#931317: debian-installer: A feature to "secure erase" SSDs would be nice
  - From: "Karl O. Pinc" <kop@karlpinc.com>
- Bug#931317: debian-installer: A feature to "secure erase" SSDs would be nice
  - From: Philip Hands <phil@hands.com>
- Bug#931317: debian-installer: A feature to "secure erase" SSDs would be nice
  - From: Ben Hutchings <ben@decadent.org.uk>

Prev by Date: Bug#931368: Can't set hungarian keyboard layout with preseeded installer
Next by Date: Re: Debian Installer Buster RC 3 release
Previous by thread: Bug#931317: debian-installer: A feature to "secure erase" SSDs would be nice
Next by thread: Bug#931318: debian-installer: A feature to manually reserve space and so "over-provision" SSDs would be nice
Index(es):
- Date
- Thread