On Sun, Jan 11, 2009 at 7:21 PM, Dongjun Shin <d.j.shin@xxxxxxxxxxx> wrote: > Greg, > > The short answer is "it's dependent on the manufacturer's implementation". > > The technical details are as follows. > > SSD translates the LBA from host into the physical address (flash block/page) > using the mapping table which acts like the metadata of filesystem. > For the recovery to work, both the mapping table of the original data _and_ > the physical data should be available. > > The trim command can invalidate the mapping only _or_ the mapping and > the physical data as well. This is manufacturer-specific or sometimes > requested as spec (ex. enterprise notebook where security is important). > From the perspective of host, the trimmed are can be seen as (1) original data > (2) all zero or 0xff (3) indeterminate. > > There are following discussion and proposal about the behavior of trim at T13. > (named "deterministic read after trim") > > http://www.t10.org/ftp/t10/document.08/08-347r1.pdf > http://www.t13.org/Documents/UploadedDocuments/docs2008/e08137r2-DRAT_-_Deterministic_Read_After_Trim.pdf > > However, this spec also does not meet your expectation because it does not > guarantee the safety of the original data. > > Regards, > Dongjun > > ------- Original Message ------- > Sender : Greg Freemyer<greg.freemyer@xxxxxxxxxxxxxxxxx> > Date : 2009-01-10 07:27 (GMT+09:00) > Title : Data Recovery from SSDs - Impact of trim? > > Dongjun (with linux-ide in copy), > > I got your name from a Linux Kernel posting and I was wondering if you > could help me understand if data recovery will be possible with SSDs > in the future. > > I work a lot with data recovery and forensic imaging. With both, > access to what the filesystem considers unallocated sectors / blocks / > clusters is key to the process. ie. A user deletes a file, but needs > to restore it. Lots of recovery tools exist to assist in this, but > obviously they need to be able to read the no longer allocated > clusters. > > With a DISCARD enabled filesystem / kernel and with both current and > future generation SSDs, I'm curious if our tools are going to be able > to read this information anymore. > > Per the proposed spec Tejun posted a link to a couple months ago, the > response to a ATA read request of a trimmed sector can either be the > original data or all zeros. > > http://t13.org/Documents/UploadedDocuments/docs2007/e07154r3-Data_Set_Management_Proposal_for_ATA-ACS2.pdf > > From my industries perspective we would very much like the original > data to be returned as long as it is available. > > Can you provide any insight into how the manufacturers are planning to > implement such reads? > > Thanks > Greg Dongjun, I just read the T13/e08137r2 draft you linked to and the powerpoint which addresses security issues caused by the 2007 proposed specs implementations. I'm very concerned not with the discarded sectors, but with the fact that I see no way to know which sectors hold valid / reliable data vs. those that have been discarded and thus hold unreliable data. The T13/e08137r2 draft It is not strong enough to address this issue in my opinion. == Details As I understand it there is no way for a OS / kernel / etc. to know whether a given sector on a SSD contains reliable data or not. And even for SSDs that provide "deterministic" data in response to sector reads, the data itself could have been randomly modified/corrupted by the SSD, but the data returned regardless with no indication from the SSD that it is not the original data associated with that sector. The spec merely says that once a determistic SSD has a sector read, all subsequent sector reads from that sector will provide the same data. That does not prevent the SSD from randomly modifying the discarded sectors prior to the first read. Lacking any specific indication from the SSD that data read from it is reliable vs. junk seems to make it unusable for many needs. ie. I am talking about all sectors here, not just the discarded ones. The kernel can't tell the difference between them anyway. In particular I am very concerned about using a SSD to hold data that would eventually be used in a court of law. How could I testify that the data retrieved from the SSD is the same as the data written to the SSD since per the spec. the SSD does not even have a way to communicate the validity of data back to the kernel. I would far prefer that reads from "discarded" sectors be flagged in some way. Then tools, kernels, etc. could be modified to check the flag and only depend on sector data retrieved from the SSD that is flagged reliable. Or inversely, not tagged unreliable. Greg -- Greg Freemyer Litigation Triage Solutions Specialist http://www.linkedin.com/in/gregfreemyer First 99 Days Litigation White Paper - http://www.norcrossgroup.com/forms/whitepapers/99%20Days%20whitepaper.pdf The Norcross Group The Intersection of Evidence & Technology http://www.norcrossgroup.com -- To unsubscribe from this list: send the line "unsubscribe linux-ide" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
