> On Wed, 2006-12-20 at 03:21 -0800, james hughes wrote:
> > This would be mostly a "vanity erase" not really a serious "security
> > erase" since it will not over write the remnants of remapped sectors.
>
> Yup. As usual, your milage will vary depending on your threat model.
>
> My gut feel is that there's a cost-benefit sweet spot near a mechanism
> which provides for the prompt overwrite of recently deallocated blocks
> with either zeros or newly allocated data, with more intensive bleaching
> reserved for when disks are taken out of service.
When SunFed first implemented format->analyze->purge to the
Magnetic Remnance specification of, IIRC, 3 overwrites each of
0000, 5555, AAAA, the instructions to the admins went something
like: When you first put the disk in service, record the factory
flaw map and retain it. When you later purge the disk, read out
and record the current flaw map. Purge the disk. If the factory
flaw map and current flaw map differ, remap the difference to
active and re-purge the disks.
I've been told, but haven't verified, that the current format -
disk driver - disk combinations no longer support both reporting the
flaw map and remapping flawed sectors back to active.
Gary..
_______________________________________________
zfs-discuss mailing list
zfs-discuss@opensolaris.org
http://mail.opensolaris.org/mailman/listinfo/zfs-discuss
