Search Mailing List Archives


Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

[liberationtech] Fwd: Re: secure wipe of flash memory

Seth David Schoen schoen at eff.org
Sun Jul 15 13:52:28 PDT 2012


oli writes:

> take the liberty...

So I think there are a couple of interesting questions about how well you
can clear flash storage by simple overwriting of free space.  Remember
that you have several layers in between your write operation and the
actual flash blocks.  Wei et al. say from experiments that overwriting
free space is _not_ very effective.

https://www.usenix.org/events/fast11/tech/full_papers/Wei.pdf

One issue I wonder about is whether a regular user program can succeed in
filling the whole flash device.  On Linux filesystems in the ext2 series,
there is a notion of "blocks reserved for the superuser".  E.g., from
tune2fs(8):

     Set the percentage of the filesystem which may only be allocated
     by privileged processes.   Reserving some number  of  filesystem
     blocks for use by privileged processes is done to avoid filesys‐
     tem fragmentation, and to allow system  daemons,  such  as  sys‐
     logd(8),  to continue to function correctly after non-privileged
     processes are prevented from writing to  the  filesystem.   Nor‐
     mally, the default percentage of reserved blocks is 5%.

Some Android systems may use these filesystems on their flash storage; I
don't know if the same concept exists in other filesystems.  (Due to wear
leveling, I guess you would have a different 5% of the underlying blocks
that you fail to overwrite each time.)

The other is whether the controller actually keeps some blocks in reserve
relative to those that it reports the existence of to software.  My
understanding is that for magnetic storage, there are more blocks on the
physical disk than are reported to the ATA layer, and the controller uses
the extra blocks for transparent remapping in case of physical errors, and
maybe for other purposes.  If I understand Wei et al. correctly, they found
this issue was even _more_ pronounced on flash devices and is a major reason
that overwriting free space is not so effective.  They say that "[t]he SSDs
we tested contain between 6 and 25% more physical flash storage than they
advertise as their logical capacity".

-- 
Seth Schoen  <schoen at eff.org>
Senior Staff Technologist                       https://www.eff.org/
Electronic Frontier Foundation                  https://www.eff.org/join
454 Shotwell Street, San Francisco, CA  94110   +1 415 436 9333 x107



More information about the liberationtech mailing list