From nobody Mon Mar 21 12:14:36 2022 X-Original-To: freebsd-security@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 090B11A26B1F for ; Mon, 21 Mar 2022 12:14:48 +0000 (UTC) (envelope-from dweber@htwsaar.de) Received: from thyone.hiz-saarland.de (thyone.hiz-saarland.de [134.96.7.232]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4KMYTL6nqMz3lwN for ; Mon, 21 Mar 2022 12:14:46 +0000 (UTC) (envelope-from dweber@htwsaar.de) Received: from localhost (localhost [127.0.0.1]) by thyone.hiz-saarland.de (Postfix) with ESMTP id BD8DF4019827 for ; Mon, 21 Mar 2022 13:14:39 +0100 (CET) Received: from thyone.hiz-saarland.de ([127.0.0.1]) by localhost (thyone.hiz-saarland.de [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uqpev5QExnRJ for ; Mon, 21 Mar 2022 13:14:38 +0100 (CET) Received: from triton.rz.uni-saarland.de (old-smtp.uni-saarland.de.local [134.96.7.25]) by thyone.hiz-saarland.de (Postfix) with ESMTPS for ; Mon, 21 Mar 2022 13:14:38 +0100 (CET) Received: from localhost (localhost [127.0.0.1]) by triton.rz.uni-saarland.de (Postfix) with ESMTP id 6280760001BB for ; Mon, 21 Mar 2022 13:14:38 +0100 (CET) Received: from triton.rz.uni-saarland.de ([127.0.0.1]) by localhost (triton.rz.uni-saarland.de [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0XgZ8TMZDvK8 for ; Mon, 21 Mar 2022 13:14:36 +0100 (CET) Received: from htw-mail.htwsaar.de (htw-mail.htw-saarland.de [134.96.210.140]) by triton.rz.uni-saarland.de (Postfix) with ESMTPS for ; Mon, 21 Mar 2022 13:14:36 +0100 (CET) Received: from localhost (localhost [127.0.0.1]) by htw-mail.htwsaar.de (Postfix) with ESMTP id 0E9C682AA62 for ; Mon, 21 Mar 2022 13:14:36 +0100 (CET) X-Quarantine-ID: X-Virus-Scanned: amavisd-new at htw-mail.htwsaar.de Received: from htw-mail.htwsaar.de ([127.0.0.1]) by localhost (htw-mail.htwsaar.de [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id f6QsN7mTYCsw for ; Mon, 21 Mar 2022 13:14:35 +0100 (CET) Received: from isl-dw.htw-saarland.de (isl-dw.htw-saarland.de [134.96.218.251]) by htw-mail.htwsaar.de (Postfix) with ESMTPS for ; Mon, 21 Mar 2022 13:14:35 +0100 (CET) Date: Mon, 21 Mar 2022 13:14:36 +0100 (CET) From: Damian Weber To: freebsd-security@freebsd.org Subject: SSD erase question Message-ID: <274c8cca-80b0-9460-6754-6bb77efbb4dd@htwsaar.de> List-Id: Security issues List-Archive: https://lists.freebsd.org/archives/freebsd-security List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-security@freebsd.org X-BeenThere: freebsd-security@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII X-Rspamd-Queue-Id: 4KMYTL6nqMz3lwN X-Spamd-Bar: --- Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=pass (mx1.freebsd.org: domain of dweber@htwsaar.de designates 134.96.7.232 as permitted sender) smtp.mailfrom=dweber@htwsaar.de X-Spamd-Result: default: False [-3.40 / 15.00]; RCVD_TLS_LAST(0.00)[]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; FROM_HAS_DN(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; R_SPF_ALLOW(-0.20)[+ip4:134.96.7.0/24]; MIME_GOOD(-0.10)[text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-security@freebsd.org]; TO_DN_NONE(0.00)[]; RCPT_COUNT_ONE(0.00)[1]; NEURAL_HAM_LONG(-1.00)[-1.000]; DMARC_NA(0.00)[htwsaar.de]; NEURAL_HAM_SHORT(-1.00)[-1.000]; MLMMJ_DEST(0.00)[freebsd-security]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:680, ipnet:134.96.0.0/16, country:DE]; RCVD_COUNT_SEVEN(0.00)[10]; MID_RHS_MATCH_FROM(0.00)[]; RCVD_IN_DNSWL_LOW(-0.10)[134.96.7.25:received] X-ThisMailContainsUnwantedMimeParts: N Hi all, I'd like to have an answer on a secure FreeBSD way to erase SSDs before giving these away to someone for reusing it. Is the following enough to protect confidential data previously stored there? 1) dd : overwriting with random bits (complete capacity) 2) gpart create 3) gpart add 4) newfs Details for an example with /dev/ada1 see below. Thanks a lot, Damian # fdisk ada1 ******* Working on device /dev/ada1 ******* parameters extracted from in-core disklabel are: cylinders=484521 heads=16 sectors/track=63 (1008 blks/cyl) Figures below won't work with BIOS for partitions not in cyl 1 parameters to be used for BIOS calculations are: cylinders=484521 heads=16 sectors/track=63 (1008 blks/cyl) Media sector size is 512 Warning: BIOS sector numbering starts with sector 1 Information from DOS bootblock is: The data for partition 1 is: sysid 238 (0xee),(EFI GPT) start 1, size 488397167 (238475 Meg), flag 0 beg: cyl 0/ head 0/ sector 2; end: cyl 1023/ head 255/ sector 63 The data for partition 2 is: The data for partition 3 is: The data for partition 4 is: # gpart show ada1 => 40 488397088 ada1 GPT (233G) 40 1024 1 freebsd-boot (512K) 1064 480246784 2 freebsd-ufs [bootme] (229G) 480247848 8149280 3 freebsd-swap (3.9G) # dd if=/dev/random of=/dev/ada1 bs=512 count=488397088 # gpart create -s gpt ada1 # gpart add -t freebsd-ufs ada1 # newfs -U /dev/ada1p1