Re: Best GPG practices before sending computer to maintenance.
On Sat, 12 Nov 2016, Paul Wise wrote:
> On Sat, Nov 12, 2016 at 1:26 PM, Johannes Schauer wrote:
> > If you are just worried about GPG, then removing .gnupg should be all you need
> > to do.
>
> Deleting files does not remove the data from the block device, it only
> removes metadata.
It is pretty much impossible, short of using the secure erase features
of an SSD and trusting it to implement that correctly -- or using
undocumented SSD firmware bypass commands, which might not even exist in
the first place, etc -- to get an SSD to really erase data from the RAW
flash.
> Even overwriting the block device does not necessarily remove them from an SSD:
In any SSD worth something, overwriting a sector will *never* remove the
old data, as it will always be directed to some other flash block. It
just schedules the old block for eventual garbage collection and
erasure.
Even trimming a sector won't erase the flash. The only thing that is
supposed to work is to command the SSD to secure-erase itself, and that
depends on the manufacturer doing its job right in the first place.
Alternatively, using dmcrypt-based FDE, and trashing the encryption key
will give you an erase level that is at least as strong as the strength
of your passphrase.
> I strongly suggest removing the SSD before sending the device.
Indeed.
--
Henrique Holschuh
Reply to: