From: "Máté Horváth" <horvatmate@gmail.com>
To: Johannes Thumshirn <jthumshirn@suse.de>
Cc: Philipp Guendisch <philipp.guendisch@fau.de>,
linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org,
linux-block@vger.kernel.org, damien.lemoal@wdc.com,
axboe@kernel.dk, viro@zeniv.linux.org.uk,
bart.vanassche@sandisk.com, martin.petersen@oracle.com,
hare@suse.de, osandov@fb.com, dan.j.williams@intel.com,
ming.lei@redhat.com, linux-kernel@i4.cs.fau.de
Subject: Re: [PATCH] Support for secure erase functionality
Date: Fri, 22 Sep 2017 11:54:36 +0200 [thread overview]
Message-ID: <CA+3umMVAc1LiuHsY=Sj6p-5d6ubyZJW1gMoYi0d5gYOQEgrCfg@mail.gmail.com> (raw)
In-Reply-To: <20170914081757.c64qa6pp2zi5hmda@linux-x5ow.site>
Dear Johannes Thumshirn,
> How can this work with CoW filesystems?
Because we are a layer below filesystems, that depends on the actual
implementation.
If the discards are issued to the right sectors on the drive, we write
into those sectors.
>> Built against torvalds/linux
>
> This should go below the '---' so git am doesn't write it into the changelog.
Thanks for the hint, we messed that up.
> Which filesystems commonly used in production are left afterwards?
The list of filesystems you see in the code are the working ones
(except btrfs, that apparently
doesn't mount a block device, so it doesn't run into our code - we
have to look into that).
Which other filesystems do you miss?
> I'm sorry, but while I get that this sounds like a nice feature for a paper or
> reasearch project, I don't see why it should be used on production systems at
> all.
This feature could be used, if you can't afford to use a full disk
encryption, but still want to
erase sensitive data on the fly. As you probably read in the other
mails, this solution is
not forensic-proof, but with a normal data recovery tool, you
shouldn't be able to recover
more than the file name
Best regards,
Máté Horváth
2017-09-14 10:17 GMT+02:00 Johannes Thumshirn <jthumshirn@suse.de>:
> On Wed, Sep 13, 2017 at 05:37:53PM +0200, Philipp Guendisch wrote:
>> This patch adds a software based secure erase option to improve data
>> confidentiality. The CONFIG_BLK_DEV_SECURE_ERASE option enables a mount
>> flag called 'sw_secure_erase'. When you mount a volume with this flag,
>> every discard call is prepended by an explicit write command to overwrite
>> the data before it is discarded. A volume without a discard compatibility
>> can be used as well but the discard calls will be enabled for this device
>> and suppressed after the write call is made.
>
> How can this work with CoW filesystems?
>
>>
>> Built against torvalds/linux
>
> This should go below the '---' so git am doesn't write it into the changelog.
>
>
> [...]
>
>> + if (strcmp(fs_type->name, "ext4") != 0 &&
>> + strcmp(fs_type->name, "btrfs") != 0 &&
>> + strcmp(fs_type->name, "gfs2") != 0 &&
>> + strcmp(fs_type->name, "gfs2meta") != 0 &&
>> + strcmp(fs_type->name, "xfs") != 0 &&
>> + strcmp(fs_type->name, "jfs") != 0) {
>> + pr_warn("fs: The mounted %s filesystem on drive %s does not generate discards, secure erase won't work",
>> + fs_type->name, dev_name);
>> + }
>> +skip:
>> +#endif
>
> Which filesystems commonly used in production are left afterwards?
>
> I'm sorry, but while I get that this sounds like a nice feature for a paper or
> reasearch project, I don't see why it should be used on production systems at
> all.
>
> Byte,
> Johannes
> --
> Johannes Thumshirn Storage
> jthumshirn@suse.de +49 911 74053 689
> SUSE LINUX GmbH, Maxfeldstr. 5, 90409 Nürnberg
> GF: Felix Imendörffer, Jane Smithard, Graham Norton
> HRB 21284 (AG Nürnberg)
> Key fingerprint = EC38 9CAB C2C4 F25D 8600 D0D0 0393 969D 2D76 0850
next prev parent reply other threads:[~2017-09-22 9:54 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-09-13 15:37 [PATCH] Support for secure erase functionality Philipp Guendisch
2017-09-14 8:17 ` Johannes Thumshirn
2017-09-22 9:54 ` Máté Horváth [this message]
2017-09-14 8:46 ` Damien Le Moal
2017-09-14 12:51 ` Philipp
2017-09-15 2:46 ` Damien Le Moal
2017-11-15 21:12 ` Pavel Machek
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CA+3umMVAc1LiuHsY=Sj6p-5d6ubyZJW1gMoYi0d5gYOQEgrCfg@mail.gmail.com' \
--to=horvatmate@gmail.com \
--cc=axboe@kernel.dk \
--cc=bart.vanassche@sandisk.com \
--cc=damien.lemoal@wdc.com \
--cc=dan.j.williams@intel.com \
--cc=hare@suse.de \
--cc=jthumshirn@suse.de \
--cc=linux-block@vger.kernel.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@i4.cs.fau.de \
--cc=linux-kernel@vger.kernel.org \
--cc=martin.petersen@oracle.com \
--cc=ming.lei@redhat.com \
--cc=osandov@fb.com \
--cc=philipp.guendisch@fau.de \
--cc=viro@zeniv.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).