-
Notifications
You must be signed in to change notification settings - Fork 87
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Meta List regarding satisfaction of Wipe Standards #595
Comments
I've gone through in depth, looks like a nice goal. |
This is a real-world issue right there. I encountered many, many drives with bad sectors/blocks which then fail to wipe properly and just seem to abort as there is no logic to jump over the bad blocks. |
Hey guys, Some notes:
|
fthobe, use cases are manyfold. Not everyone needs a cert at all times. Think for example server drives 'failing' due to SMART errors (usually hitting a treshold of bad blocks) and needing to be removed from production and moved into the re-use/recycling process. You still would want the data un the healthy blocks wiped, but you don't expect the drive to be certified sanitized on every block. |
I do absolutely agree, a certification is not an obstacle to an incomplete / partial wipe, it just can not be certified afterwards. I do not think a softfail (for example logging non wipe able block and continuing to write while logging the bad blocks with a certificate stating it) wrong, but it shouldn't be in this issue :) |
@Firminator I've bumped direct I/O and
which will show the range of contiguous bad blocks. None of the above would be possible if we continued to rely on the kernel to cache our writes. |
Hey, I am closing this up tomorrow, I added some standards and will tomorrow night publish a big update to this post. Some take aways: DoD standards are dead, literally. All American documents now point to NIST. Regional standards are either in the process of being revised or are either pointing to NIST or are a version of enhanced NIST. I have the feeling that some things might not be achievable without added features:
I would suggest to finish up the table and have a larger discussion to validate what @PartialVolume and @martijnvanbrummelen feel that can be achieved and where and maybe a more extensive community support is needed, I might be able to get some funding for some issues. In any case the big issues are from what i see:
I feel that there's a big research component also regarding the compliance of drives that should include manufacturer / vendor support. I have good reach at Samsung through my work in Italy. How do you people feel about that? |
Looks like the new standards are tailored or were influenced by Blancco. I guess they can only be achived if you have funding for several full time developers. Way over the goals of what ShredOS and nwipe try to provide: a wiping program for the rest of us that have no need for a multi-thousand dollar solution. Enthusiats, privacy-minded people, one-off wiping demands, educational institutions, and non-profits. |
Usually disk manufacturers have some proprietary APIs to query info like the actual bad block out of their firmware. |
@Knogle Actually no, it's not a private API problem, it's a disk response problem:
@Firminator actually NVME is definetly a step forward, given that it was an Open Source driven client implementation, situation got much better recently. |
I think they literally just default to pay for failed destruction and destruct physically. |
WARNING Rolling Release Base, Changes / Additions might occur
Current State of Issue
Missing Components in this issue
Full document:
Data Wipe Certification According to Standard
The current certification provides significant value, but does not contain all mandatory and / or optional fields to certify the destruction of the disk contained data. This issue outlines eventual shortcomings.
Applies to following standards
The following table illustrates the requirements for the documentation of a sanitisation according to various standards.
Currently documented are:
US: NIST SP 800-88 Rev. 1 requires a form similar to the appendix of the linked standard.
US: DoD I 8500.01 (refers to NIST SP 800-88) DOD M 4160.21 Vol 4 requires form 2500 similar to the document here.
US: DoD 5220.22-M requires a very reduced form
Canada: ITSP 40006: see US: NIST SP 800-88 Rev. 1
Germany: CON.6
Particular Requirements
Different Tool for Verification
Following standards require a different tool for verification:
Control of Disk Size
Following Standards require to mathematically compare disk size before cancellation and after verification:
Validation of Tool itself
Following standards require to validate if the tool used is tamper free (eg checksum of binary)
Tool needs to be bootable
Following standards require the applications to run from a bootable device:
Following Standards require to Destroy Disks with Bad Sectors
Following standards require to verify bad sectors for successful erasure or otherwise return failed:
Overwrite with Random Values
Following Standards require PNRG Streams to overwrite
DOES NOT APPLY TO FOLLOWING STANDARDS
Additional Sources
The text was updated successfully, but these errors were encountered: