OpenSolaris needs support for the TRIM command for SSDs. This command is issued to an SSD to indicate that a block is no longer in use and the SSD may erase it in preparation for future writes.
A SECURE_FREE dataset property might be added that says that when a block is released to free space (and hence eligible for TRIM), ZFS should overwrite the block to zeros (or better, ones). If a dataset has such a property set then no "stray" copies of the data exist in free space and deletion of the file and snapshots is sufficient to remove all instances of the data. If a file exists before such a property is set that's a problem. If it's really important - and it might be in some cases because of legal mandates - there could be a per-file flag SECURELY_FREED that is set on file creation iff the dataset SECURE_FREE is set and is reset if the file is ever changed while SECURE_FREE is clear - this indicates if any file data "escaped" into free space at some point. Finally an UNLINK_SECURE call would be needed to avoid race conditions at the end so an app can be sure the data really was securely erased. PS. It is faster for an SSD to write a block of 0xFF than 0 and it's possible some might make that optimization. That's why I suggest erase-to-ones rather than erase-to-zero. -- This message posted from opensolaris.org _______________________________________________ zfs-discuss mailing list zfs-discuss@opensolaris.org http://mail.opensolaris.org/mailman/listinfo/zfs-discuss
