Re: [PATCH] Support for secure erase functionality

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Dear Johannes Thumshirn,

> How can this work with CoW filesystems?

Because we are a layer below filesystems, that depends on the actual
implementation.
If the discards are issued to the right sectors on the drive, we write
into those sectors.


>> Built against torvalds/linux
>
> This should go below the '---' so git am doesn't write it into the changelog.

Thanks for the hint, we messed that up.


> Which filesystems commonly used in production are left afterwards?

The list of filesystems you see in the code are the working ones
(except btrfs, that apparently
doesn't mount a block device, so it doesn't run into our code - we
have to look into that).
Which other filesystems do you miss?

> I'm sorry, but while I get that this sounds like a nice feature for a paper or
> reasearch project, I don't see why it should be used on production systems at
> all.

This feature could be used, if you can't afford to use a full disk
encryption, but still want to
erase sensitive data on the fly. As you probably read in the other
mails, this solution is
not forensic-proof, but with a normal data recovery tool, you
shouldn't be able to recover
more than the file name

Best regards,
Máté Horváth


2017-09-14 10:17 GMT+02:00 Johannes Thumshirn <jthumshirn@xxxxxxx>:
> On Wed, Sep 13, 2017 at 05:37:53PM +0200, Philipp Guendisch wrote:
>> This patch adds a software based secure erase option to improve data
>> confidentiality. The CONFIG_BLK_DEV_SECURE_ERASE option enables a mount
>> flag called 'sw_secure_erase'. When you mount a volume with this flag,
>> every discard call is prepended by an explicit write command to overwrite
>> the data before it is discarded. A volume without a discard compatibility
>> can be used as well but the discard calls will be enabled for this device
>> and suppressed after the write call is made.
>
> How can this work with CoW filesystems?
>
>>
>> Built against torvalds/linux
>
> This should go below the '---' so git am doesn't write it into the changelog.
>
>
> [...]
>
>> +     if (strcmp(fs_type->name, "ext4") != 0 &&
>> +         strcmp(fs_type->name, "btrfs") != 0 &&
>> +         strcmp(fs_type->name, "gfs2") != 0 &&
>> +         strcmp(fs_type->name, "gfs2meta") != 0 &&
>> +         strcmp(fs_type->name, "xfs") != 0 &&
>> +         strcmp(fs_type->name, "jfs") != 0) {
>> +             pr_warn("fs: The mounted %s filesystem on drive %s does not generate discards, secure erase won't work",
>> +                             fs_type->name, dev_name);
>> +     }
>> +skip:
>> +#endif
>
> Which filesystems commonly used in production are left afterwards?
>
> I'm sorry, but while I get that this sounds like a nice feature for a paper or
> reasearch project, I don't see why it should be used on production systems at
> all.
>
> Byte,
>         Johannes
> --
> Johannes Thumshirn                                          Storage
> jthumshirn@xxxxxxx                                +49 911 74053 689
> SUSE LINUX GmbH, Maxfeldstr. 5, 90409 Nürnberg
> GF: Felix Imendörffer, Jane Smithard, Graham Norton
> HRB 21284 (AG Nürnberg)
> Key fingerprint = EC38 9CAB C2C4 F25D 8600 D0D0 0393 969D 2D76 0850




[Index of Archives]     [Linux RAID]     [Linux SCSI]     [Linux ATA RAID]     [IDE]     [Linux Wireless]     [Linux Kernel]     [ATH6KL]     [Linux Bluetooth]     [Linux Netdev]     [Kernel Newbies]     [Security]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Device Mapper]

  Powered by Linux