On Thu, Nov 24, 2011 at 4:47 AM, Joachim Schrod <jschrod@acm.org> wrote:
Greg Freemyer wrote:
On Wed, Nov 23, 2011 at 7:19 PM, Joachim Schrod <jschrod@acm.org> wrote:
Greg Freemyer wrote:
On Tue, Nov 22, 2011 at 7:44 PM, Joachim Schrod <jschrod@acm.org> wrote:
If you can afford it, don't use 15% of the disk. To get this free space, use secure erase to reset the disk's firmware notion of what you're using, and then don't allocate 15% of the disk during partitioning.
Undocumented feature time. First secure erase is not always implemented on SSDs, so don't trust it.
That's new for me, I haven't found this information via Google.
Can you give more information, maybe perhaps some links, about that issue? I've always thought I can rely on secure erase via hdparm, while respecting the frozen issue/state.
My knowledge is under NDA. I will just say that for a while a major manufacturer returned success for secure erase commands, but if you disassembled (desoldered) the chips and took a look, data was still present.
Yes, that I've read. But that was not my use case. My use case is "SSD firmware uses all sectors for wear levelling after secure erase". I don't care if the data is still on it.
Does your NDA-knowledge include information about that use case?
Please note that my posted steps include one step to unlock an SSD, so locked devices are covered.
Joachim
My NDA knowledge doesn't cover that use case. We were worried about drive sanitation (getting rid of data.) But there are rumors of SSDs that immediately return a success upon receiving a Secure Erase command (ie. less than a second). That seems pretty hard to believe they were even doing anything with the command. ie. It takes several seconds to process a full set of trim commands even from hdparm (which is extremely efficient. See the wiper.sh script that comes with hdparm. It will invoke hdparm on a few different filesystems to trim them fully. fstrim is the new "supported" way, but it is no where near as efficient as how hdparm does it.) Greg -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org