search

PartialVolume / shredos.x86_64

Shredos Disk Eraser 64 bit for all Intel 64 bit processors as well as processors from AMD and other vendors which make compatible 64 bit chips. ShredOS - Secure disk erasure/wipe
Other
1.52k stars 64 forks source link

Feature request: Support for Nwipe configuration file, /etc/nwipe/nwipe.conf #173

Open Aterfax opened 1 year ago

Aterfax commented 1 year ago

https://github.com/martijnvanbrummelen/nwipe/releases/tag/v0.35

Nwipe now has a configuration file, /etc/nwipe/nwipe.conf. This is currently used to store PDF parameters but will be enhanced over the next versions to include default wipe parameters amongst other additions.

As part of generating erasure certificates, some configuration options are stored in the /etc/nwipe/nwipe.conf file. Similarly to nwipe_options="", we could do with a method for providing settings directly from the boot APPEND line so settings can be applied during netboots.

It may make sense for this configuration file to be supplied as a URL to CURL/wget download a configuration and use it, or simply as some form of inline.

Incidentally, the documented lftp="" lines can also be amended to copy these certificates back to an FTP server with the additional command mput *.pdf

e.g.

lftp="open 192.168.1.250; user shredosuser password12345; cd upload; mput nwipe_*.txt; mput *.pdf"

PartialVolume commented 1 year ago

Thanks for the reminder re lftp, I'll make the changes for that.

I might need some clarification regarding the boot append line. Do you mean have a typical grub boot menu where you can edit the command line from the grub menu?

PartialVolume commented 1 year ago

Incidentally, the documented lftp="" lines can also be amended to copy these certificates back to an FTP server with the additional command mput .pdf e.g. lftp="open 192.168.1.250; user shredosuser password12345; cd upload; mput nwipe_.txt; mput *.pdf"

Committed https://github.com/PartialVolume/shredos.x86_64/commit/a08811f60e34ca61c2309fd2ea62d169dfebab25

Aterfax commented 1 year ago

Apologies, this wasn't clear.

The APPEND line I refer to would be in the PXE boot configs, e.g.

DEFAULT menu.c32
PROMPT 0
TIMEOUT 200
ONTIMEOUT shredosautonuke
MENU TITLE ShredOS Autonuke 3 Pass

LABEL shredosautonuke
  MENU DEFAULT
  KERNEL shredos/shredos
  # Fully automatic formatting of ALL DISKS
  APPEND console=ttyS0,9600n8 loglevel=3 nwipe_options="--autonuke  --autopoweroff --nousb --method=dodshort --rounds=1 --verify=last" lftp="open 192.168.1.250; user shredosuser mypassword; cd upload; mput nwipe_*.txt; mput *.pdf"

e.g.

We could have a new nwipe_config_url="https://mydomain.com/nwipe.conf" and amend to:

  APPEND console=ttyS0,9600n8 loglevel=3 nwipe_options="--autonuke  --autopoweroff --nousb --method=dodshort --rounds=1 --verify=last" nwipe_config_url="https://mydomain.com/nwipe.conf" lftp="open 192.168.1.250; user shredosuser mypassword; cd upload; mput nwipe_*.txt; mput *.pdf"

I was just meaning to get at the fact we're going to need to pass this info during the netboot process as part of a command, so we're going to need another kernel line compatible argument like nwipe_options= to be passable.

Or in the ipxe parlance from Netboot.xyz

#!ipxe

goto ${menu} ||

:shredos
set os_arch ${arch}
iseq ${os_arch} x86_64 && set os_arch x86_64 ||
iseq ${os_arch} i386 && set os_arch i686 ||
menu ShredOS
item --gap THIS SOFTWARE DESTROYS DATA
item --gap EVERY BOOT OPTION IS DESTRUCTIVE
item --gap DO NOT PROCEED IF YOU DO NOT KNOW WHAT THIS IS
item shredos_exit ${space} Go Back
item shredos_options ${space} Proceed I know what I am doing
choose menu || goto shredos_exit
goto ${menu}

:shredos_options
clear menu
clear shredos_version
iseq ${os_arch} i686 && set kernel_url ${live_endpoint}/asset-mirror/releases/download/0.34_32-bit_20221231-570c24e6/shredos ||
set shredos_version 0.34_32-bit_20221231
iseq ${os_arch} x86_64 && set kernel_url ${live_endpoint}/asset-mirror/releases/download/0.34_20221231-212ce2e7/shredos ||
set shredos_version 0.3420221231
menu ShredOS ${shredos_version}
item --gap Choose a wipe method:
item dodshort ${space} Wipe all disks with the short DoD 5220.22-M method
item dod522022m ${space} Wipe all disks with the DoD 5220.22-M method
item dod3pass ${space} Wipe all disks with the DoD 5220.22-M method (3 pass)
item ops2 ${space} Wipe all disks with the RCMP TSSIT OPS-II method
item gutmann ${space} Wipe all disks with the Gutmann method
item prng ${space} Wipe all disks with the PRNG Stream method
choose nuke_method || goto shredos_exit
goto shredos_boot

:shredos_boot
imgfree
kernel ${kernel_url} console=tty3 loglevel=3 nwipe_options="--method=${nuke_method}" ${cmdline}
boot

:shredos_exit
clear menu
exit 0

Which could work like:


:shredos_boot
imgfree
kernel ${kernel_url} console=tty3 loglevel=3 nwipe_options="--method=${nuke_method}" nwipe_config_url="https://mydomain.com/nwipe.conf" ${cmdline}
boot
PartialVolume commented 1 year ago

Thanks for the clarification. I'll add this into the next point release 25.1 with the other changes/additions I'm currently making.