| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 13 Jun 2014 10:31:57 -0400 From: Theodore Ts'o <tytso@....edu> To: Dave Chinner <david@...morbit.com> Cc: JP Abgrall <jpa@...gle.com>, Eric Sandeen <sandeen@...hat.com>, linux-ext4@...r.kernel.org, Geremy Condra <gcondra@...gle.com>, "linux-fsdevel@...r.kernel.org" <linux-fsdevel@...r.kernel.org> Subject: Re: [PATCH] ext4: Add support for SFITRIM, an ioctl for secure FITRIM. On Fri, Jun 13, 2014 at 10:20:54AM -0400, Theodore Ts'o wrote: > > If you really want this to work, and be 100% secure, you really need > to do the secure discard at the file system layer. The file system > could make sure that every single block gets a secure discard before > it gets reused. BTW, one major downside of doing a secure trim after every time that a block has been released is that it will massively increase the flash wear, since if you do a secure trim on a single 4k block in 512k erase block, assuming that secure trim has been implemented properly from a security perspective, it will need to copy out all of the used portion of the 512k erase block, and then erase it. This is one of the reasons why I asked if you really need to worry about securely discarding all of the blocks on the file system, or just blocks containing specific really security-sensitive information (i.e., for Google Wallet, etc.) If so, you might be better off either doing per-file encryption, or per-file secure discard. Cheers, - Ted -- To unsubscribe from this list: send the line "unsubscribe linux-ext4" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists