Re: Advice on encrypted filesystem
On 6/27/20 6:00 AM, David Christensen wrote:
On 2020-06-26 18:25, David Wright wrote:
There's still the problem of what one does about sensitive data if
one has been rash enough to write it unencrypted onto an SSD. Would
shred -n 1 be preferable? Not really, because that doesn't hit the
ex-file areas. What then?
The best option is to command the SSD firmware to do a "secure
delete". Some SSD manufacturers provide utilities for doing this.
Alternatively, it can be done from the command line with Linux.
On 2020-06-27 01:05, Admin4 wrote:
> 1) backup your data to external usb drive
> 2) reinstall with encrypted enabled
> 3) restore data
That process is likely to leave both host-accessible and hidden
unencrypted blocks from the prior installation on the device.
> = a lot of unencrypted data get's overwritten (if user does not have a
> lot of data, generate some X-D)
"a lot" is not the same as "all". The ATA secure erase command is
designed to erase all blocks, both host-accessible and hidden.