On Fri, Jun 13, 2014 at 10:20:54AM -0400, Theodore Ts'o wrote: > > If you really want this to work, and be 100% secure, you really need > to do the secure discard at the file system layer. The file system > could make sure that every single block gets a secure discard before > it gets reused. BTW, one major downside of doing a secure trim after every time that a block has been released is that it will massively increase the flash wear, since if you do a secure trim on a single 4k block in 512k erase block, assuming that secure trim has been implemented properly from a security perspective, it will need to copy out all of the used portion of the 512k erase block, and then erase it. This is one of the reasons why I asked if you really need to worry about securely discarding all of the blocks on the file system, or just blocks containing specific really security-sensitive information (i.e., for Google Wallet, etc.) If so, you might be better off either doing per-file encryption, or per-file secure discard. Cheers, - Ted -- To unsubscribe from this list: send the line "unsubscribe linux-ext4" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
