Re: Wiping an unencrypted SSD in preparation for encryption
On Thu, Jun 10, 2021 at 11:31:07PM -0500, David Wright wrote:
> I'm about to install buster or bullseye on a newly acquired laptop
> with an SSD (a first for me). I'm intending to clean (zero or
> randomise) the entire drive with dd before I start, and am
> interested in any pitfalls with that.
>
Don't bother - as others have said, it won't help particularly
_especially_ since this is an NVME. Enjoy the speed :)
> I will also encrypt the new /home partition, but for the remaining
> partitions I need to decide whether to add mount's discard option,
> or use a weekly systemd trim, or leave it entirely up to the garbage
> collection in the SSD device itself (which is an nvme THNSN5512GPUK
> TOSHIBA, presumably an OEM model supplied for this HP Spectre).
>
Just install Debian with an expert install: use the guided partitioning
for encrypted LVM and set /home as a separate partition.
> The machine has 16GB of memory, so I wasn't intending to use swap.
> (It won't have to hibernate, and if push came to shove, there's
> always the possibility of setting up a swapfile or a ramdisk.)
>
If you install bullseye, the swap file is only 1G anyway (changed default
for Bullseye).
> Background:
>
> The July 2017 system was pre-installed with Windows 10.
>
> I have copied the entire disk to external spinning rust, and can
> mount partitions from this image. It's difficult to foresee my ever
> wanting to reload and run this Windows system.
>
> The drive has unencrypted information on it, either in existing files,
> or in deleted/overwritten/whatever ones (though I think that is
> irrelevant to the method for erasing them).
>
If you really do want to erase older spinning rust, DBAN is probably good
enough - but in many cases just doing a couple of installs of Debian over
the top may be enough :)
> I don't work for the CIA**, so "basic" erasure methods are sufficient,
> ie so-called logical and digital sanitisation, but not analogue
> sanitisation/purging. I'm just encrypting stuff like personal bank
> records etc, and not looking for anything like plausible deniability.
>
> Cheers,
> David.
>
Just my €0.02 - all best, as ever,
Andy C.
** You mentioned the CIA:
As I was going up the stair
I met a man who wasn't there
He wasn't there again today
I *think* he's from the CIA
Reply to: