Re: SDD partitioning and allocations

[David Christensen <dpchrist@holgerdanske.com>]

On 7/12/25 21:46, songbird wrote:
> rhkramer@gmail.com wrote:
> > On Thursday, July 10, 2025 10:41:18 PM David Christensen wrote:
> > > On 7/10/25 04:07, songbird wrote:
> > > >     I was able to get some SSD replacements and want to add them
> > > > to my existing setup,
> > >
> > > Be sure to do a secure erase before you put the SSD's into service:
> > >
> > > https://en.wikipedia.org/wiki/Secure_Erase#Secure_erase
> >
> > Why do you recommend that?  Are you assuming the SSDs songbird got are used,
> > or do you recommend that even for new SSDs -- if so, why?
>
>    beyond that what assurances do you have that with behind the
> scenes managment going on of the drive that any attempts at
> wiping it completely are actually happening?
>
>    aside from the original manufacturer hopefully not putting
> backdoors and ET Phone Home sorts of hooks?
>
>    i pretty much have always assumed that a new disk drive when
> it gets a new partition table and file systems created on it
> will be destroyed enough.  sometimes i have written random
> data on new disks but i have no illusion that this has been
> perfect as i know some people who have been able to get a lot
> of information from disks that have been somewhat scrubbed
> as long as they weren't outright destroyed and the metals
> recycled.
>
>
>    songbird


Yes, things get very bad when bad people control the SSD firmware.  I 
can only hope the firmware in my SSD's is legitimate, and updates are 
cryptographically signed.


When using d-i to initialize a physical volume for encryption, I have 
seen the option to fill the volume with random bytes.  AIUI 'discard' 
and 'trim' would gradually defeat such security-by-obfuscation as blocks 
are erased, but it does make sense if the incremental security gain is 
justified.  I don't do it to my SSD's because I want to save their erase 
cycles.


Please clarify "somewhat scrubbed".


David