On Nov 11, 2009, at 17:40, Bob Friesenhahn wrote:
Zfs is absolutely useless for this if the underlying storage uses
copy-on-write. Therefore, it is absolutely useless to put it in
zfs. No one should even consider it.
The use of encrypted blocks is much better, even though encrypted
blocks may be subject to freeze-spray attack if the whole computer
is compromised while it is still running. Otherwise use a sledge-
hammer followed by incineration.
There seem to be 'secure erase' methods available for some SSDs:
Zeus Solid State Drives are available with secure erase methods to
support a wide variety of requirements. MilPurge provide secure
erase procedure that comply with several agency guidelines,
including: DoD 5220.22-M, NSA 130-2, AFSSI 5020, AR 380-19, and
Navso 5239. Additional capabilities include Intelligent Destructive
Purge where the flash media is physically damaged and rendered
totally and irrevocably unusable.
http://www.stec-inc.com/products/zeus/
The Intel X25-M is reported to mark all cells as free / empty via
ATA's secure erase:
http://ata.wiki.kernel.org/index.php/ATA_Secure_Erase
Marking them and actually resetting them are two different things
though. Hopefully more products will actually do a proper reset / wipe
in the future.
_______________________________________________
zfs-discuss mailing list
zfs-discuss@opensolaris.org
http://mail.opensolaris.org/mailman/listinfo/zfs-discuss
