search

PartialVolume / shredos.x86_64

Shredos Disk Eraser 64 bit for all Intel 64 bit processors as well as processors from AMD and other vendors which make compatible 64 bit chips. ShredOS - Secure disk erasure/wipe
Other
1.46k stars 61 forks source link

Documentation: Sata and SAS SSD support #272

Open fthobe opened 2 months ago

fthobe commented 2 months ago

Issue

The current documentation does not outline the state of features regarding the process of sanitising SSDs (neither SAS / SCSI nor Sata). Information is scattered across multiple issues leaving a lot of unclarity.

Therefor I pose following questions to later on produce a merge request against the current documentation and where necessary and (if desired) evaluate the sponsoring for the closing eventual gaps in functionality by our organisation.

  1. Can SSDs currently be wiped with the same degree of security as rotating disks?
  2. If not, what are the information lacking?
  3. Plenty of manufacturers offer Linux Tools for sanitisation of SSDs, are those currently utilized?
  4. Should manufacturer tools be implemented if the are provided in a Linux version?
  5. If manufacturer tools should not be implemented what is the reasoning behind it?

Background

SSDs have been a dramatically growing segment within the storage technology space posing new challenges to the sanitisation of storage media when reaching end of life events. Particular challenges are caused by the fact that control over data allocation on the disk is left to intransparent controllers and / or firmwares. Some manufacturers do provide sanitisation tools for linux, while others do not.

By 2022 the situation was following:

Manufacturer Marketshare Wipe Tool
Samsung 53.60% Samsung DC Toolkit 2.1
Intel 15.20% Solidigm™ Storage Tool
Western Digital / Sandisk 7.30% N/A (supports SAS / SCSI format unit command)
SK Hynix 8.60% Unconfirmed for Linux
Kioxia 7.10% Unconfirmed for Linux
Micron 5.60% Unconfirmed for Linux
Kingston 0.20% Unconfirmed for Linux
Others 2.40% N/A

The increase of usage of directly PCI attached storage technologies such as NVME and the growing market share of large size SSD s make lack of documentation and control over sanitisation an ever increasing vector of attack for data theft. Many companies rely therefor on physical destruction (eg shredding) to avoid missuse, but plenty are not sufficiently informed about the neccessaty to approach data sanitisation differently on solid state disks.

Notes

This issue has been crossposted to nwipe.

PartialVolume commented 2 months ago

Anybody that would like to add to this discussion, please can you comment on the nwipe issue linked below, so we can keep the comments in the same thread. Thanks.

https://github.com/martijnvanbrummelen/nwipe/issues/587