On Sunday 18 June 2017, Pádraig Brady wrote: > tag 27420 notabug > close 27420 > stop > > On 18/06/17 00:22, John Shearing wrote: > > favorite > > <https://raspberrypi.stackexchange.com/questions/68635/self-destruc > >t-self-erase-of-all-data-on-sd-card-using-shred-dd-or-some-other#> > > > > I will be using a raspberry pi as an air-gapped computer to make > > secure encrypted transactions on the Ethereum BlockChain. Once in > > awhile I will want to update the software I am using which will > > mean taking the SD card out of the pi and inserting it into a > > laptop computer which is connected to the Internet. I would like to > > use some program or command line utility on the raspberry pi to > > securely erase everything on the SD card before removing it as this > > will eliminate all possibility of sensitive information being read > > off the SD card by bad actors which may have compromised my laptop. > > > > The following command typed in at the pi terminal conveys the idea > > of what I hope to accomplish: > > shred --verbose *.* > > > > Is this possible using shred? > > shred already supports passing multiple files, however > you would be much safer shredding at the device level, > since there is all sort of reallocation etc. happening within > filesystems. I.E. something along the lines of: > > SDCARD=/dev/sdb1 > umount $SDCARD > shred --verbose $SDCARD > mkfs.ext4 $SDCARD > > Note you can partition the SDCARD if there only a portion that > you want to destructively recreate like this.
Does schred support SSD on the lowlevel? I don't think you can truly wipe na SSD by overwriting it, especially if you would overwrite only a file or partition If the drive supports "ATA Secure Erase commands" you should use "hdparm" like this: https://www.thomas-krenn.com/en/wiki/SSD_Secure_Erase#Step_3:_Secure_Erase Otherwise, and if you are not paranoid, you could also use "blkdiscard" (ATA TRIM). FYI, here somebody explains the issues with erasing SSDs very well https://superuser.com/a/856491/229214 Regarding shred, maybe it's worth to add something about SSDs in the CAUTION section of the man page. cu, Rudi
