[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#27420: Self Destruct - Self Erase of All Data On SD Card Using Shred
From: |
Ruediger Meier |
Subject: |
bug#27420: Self Destruct - Self Erase of All Data On SD Card Using Shred, |
Date: |
Thu, 22 Jun 2017 10:02:16 +0200 |
User-agent: |
KMail/1.9.10 |
On Sunday 18 June 2017, Pádraig Brady wrote:
> tag 27420 notabug
> close 27420
> stop
>
> On 18/06/17 00:22, John Shearing wrote:
> > favorite
> > <https://raspberrypi.stackexchange.com/questions/68635/self-destruc
> >t-self-erase-of-all-data-on-sd-card-using-shred-dd-or-some-other#>
> >
> > I will be using a raspberry pi as an air-gapped computer to make
> > secure encrypted transactions on the Ethereum BlockChain. Once in
> > awhile I will want to update the software I am using which will
> > mean taking the SD card out of the pi and inserting it into a
> > laptop computer which is connected to the Internet. I would like to
> > use some program or command line utility on the raspberry pi to
> > securely erase everything on the SD card before removing it as this
> > will eliminate all possibility of sensitive information being read
> > off the SD card by bad actors which may have compromised my laptop.
> >
> > The following command typed in at the pi terminal conveys the idea
> > of what I hope to accomplish:
> > shred --verbose *.*
> >
> > Is this possible using shred?
>
> shred already supports passing multiple files, however
> you would be much safer shredding at the device level,
> since there is all sort of reallocation etc. happening within
> filesystems. I.E. something along the lines of:
>
> SDCARD=/dev/sdb1
> umount $SDCARD
> shred --verbose $SDCARD
> mkfs.ext4 $SDCARD
>
> Note you can partition the SDCARD if there only a portion that
> you want to destructively recreate like this.
Does schred support SSD on the lowlevel? I don't think you can truly
wipe na SSD by overwriting it, especially if you would overwrite only a
file or partition
If the drive supports "ATA Secure Erase commands" you should
use "hdparm" like this:
https://www.thomas-krenn.com/en/wiki/SSD_Secure_Erase#Step_3:_Secure_Erase
Otherwise, and if you are not paranoid, you could also use "blkdiscard"
(ATA TRIM).
FYI, here somebody explains the issues with erasing SSDs very well
https://superuser.com/a/856491/229214
Regarding shred, maybe it's worth to add something about SSDs in the
CAUTION section of the man page.
cu,
Rudi