Am 24.08.2012 17:06, schrieb Milan Broz: > For now LUKS keyslot deletion is the same as 2) but there is "secure discard" > in Linux supported already which should guarantee that data (and all its copies > inside the drive) is wiped (zeroed). > > Next release of cryptsetup will try to run this erase on non-rotatinal disks > for keyslots. (But most of drives do not support it yet anyway.) How can I find out if my SSD supports this? > Also the situation is complicated if image is not disk, but file in filesystem or there > are more device layers (sw RAID, thin provisioning). > For disk image, we can try to use "punch hole" mechanism. > > But there is no perfect solution. Interesting write-up. If you are really paranoid, it seems you must back up all data, perform ATA security erase and put the data back on the disk (and then perform ATA security erase on the backup).
Attachment:
signature.asc
Description: OpenPGP digital signature
_______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt
