Am 25.10.23 um 15:36 schrieb Simon Heimbach:
Hi everybody,
does anyone know how to securely format a btrfs-partition[1]? I have an unused SSD with a former root partition that I have to return and I want to make sure that all data is erased before giving it back.
The SSD controller will map arbitrary regions to arbitrary blocks of the disk, so just overwriting every block isn't working as you'd expect - usually, the controller will send writes to new, unused blocks and leave the old data alone to spread wear evenly. If you overwrite the whole disk with 0 bytes, the controller might even leave all data alone and redirect all "writes" to the same (empty) block. There are several ways to fix this: - Your BIOS might contain a function to securely erase SSDs. Try this if you bought the PC with the SSD already installed. - The manufacturer of the SSD might provide a utility for this purpose. - Send the ATA 'secure erase' command to the device. hdparm(1) can do this. - Use a tool like shred(1). This will overwrite most blocks with random data; but a bit of data will be left behind because the SSD has more capacity that you can access so it can replace bad blocks. How much that is depends on the specific device. - In the future, encrypt the SSD using hardware encryption BEFORE using it the first time. When you change or reset the hardware encryption key, there is (most likely) no way to restore the data. If hardware encryption isn't an option, at least use file system or LVM partition encryption. As long as no one can guess your key, the data is safe. See also: - https://www.thomas-krenn.com/en/wiki/Perform_a_SSD_Secure_Erase Regards, -- Aaron "Optimizer" Digulla a.k.a. Philmann Dark "It's not the universe that's limited, it's our imagination. Follow me and I'll show you something beyond the limits." http://blog.pdark.de/