Re: [dm-crypt] Is erasing hard disk drive mandatory?

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Thomas Bastiani <thom@codehawks.eu>
To: dm-crypt@saout.de
Subject: Re: [dm-crypt] Is erasing hard disk drive mandatory?
Date: Fri, 30 May 2014 18:24:32 +0100	[thread overview]
Message-ID: <5388BED0.90203@codehawks.eu> (raw)
In-Reply-To: <20140530171053.GA5729@fancy-poultry.org>

On 05/30/14 18:10, Heinz Diehl wrote:
> On 30.05.2014, Thomas Bastiani wrote: 
> 
>> On SSD's though, this would prevent TRIM from functioning properly 
>> and make the SSD appear as full to the controller which would 
>> hurt performance.
> 
> If you e.g. do a "dd if=/dev/urandom of=bigfile" to a SSD drive
> until the partition is fully overwritten, simply deleting "bigfile" 
> followed by a "fstrim" should restore performance to the same level as
> is was before. What am I missing?
> 

Your first step is to dd if=/dev/urandom of=/dev/sd<x> or an equivalent
operation. This is before you even create an encrypted container and
definitely below your file system... It may be that files that you
create and then delete will trigger a TRIM operation if dm-crypt (and
eventually LVM) are configured to pass TRIM through. But the rest of
your "securely erased" drive is still not TRIM-ed.

And also it doesn't make sense to configure dm-crypt to pass TRIM (with
--allow-discards) if you've written random data to your drive at
creation time because then you introduce another different type of
side-channel leak.

Does that make sense?

--
Thomas

next prev parent reply	other threads:[~2014-05-30 17:24 UTC|newest]

Thread overview: 17+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2014-05-29 13:33 [dm-crypt] Is erasing hard disk drive mandatory? Kenny Lake
2014-05-29 20:13 ` Arno Wagner
2014-05-30 13:32   ` Stephen Cousins
2014-05-30 13:42     ` Arno Wagner
2014-05-30 13:52       ` Stephen Cousins
2014-05-30 15:07         ` Heinz Diehl
2014-05-30 15:17           ` Stephen Cousins
2014-05-30 15:58             ` Thomas Bastiani
2014-05-30 17:10               ` Heinz Diehl
2014-05-30 17:24                 ` Thomas Bastiani [this message]
2014-05-30 17:47                   ` Heinz Diehl
2014-05-30 17:57                     ` Thomas Bastiani
2014-05-30 19:03                       ` Laurence Darby
2014-05-30 19:25                         ` Arno Wagner
2014-05-31  8:32                       ` Heinz Diehl
2014-05-30 18:08             ` Arno Wagner
2014-05-30 10:02 ` Andrew

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=5388BED0.90203@codehawks.eu \
    --to=thom@codehawks.eu \
    --cc=dm-crypt@saout.de \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.