Re: [PATCH] ext4: Add support for SFITRIM, an ioctl for secure FITRIM.
From: Theodore Ts'o <tytso@mit.edu>
Date: 2014-06-13 14:31:57
Also in:
linux-fsdevel
From: Theodore Ts'o <tytso@mit.edu>
Date: 2014-06-13 14:31:57
Also in:
linux-fsdevel
On Fri, Jun 13, 2014 at 10:20:54AM -0400, Theodore Ts'o wrote:
If you really want this to work, and be 100% secure, you really need to do the secure discard at the file system layer. The file system could make sure that every single block gets a secure discard before it gets reused.
BTW, one major downside of doing a secure trim after every time that a block has been released is that it will massively increase the flash wear, since if you do a secure trim on a single 4k block in 512k erase block, assuming that secure trim has been implemented properly from a security perspective, it will need to copy out all of the used portion of the 512k erase block, and then erase it. This is one of the reasons why I asked if you really need to worry about securely discarding all of the blocks on the file system, or just blocks containing specific really security-sensitive information (i.e., for Google Wallet, etc.) If so, you might be better off either doing per-file encryption, or per-file secure discard. Cheers, - Ted