Linux zero free space

Securely wipe disk

Wiping a disk is done by writing new data over every single bit.

Contents

Common use cases

Wipe all data left on the device

The most common usecase for completely and irrevocably wiping a device is when the device is going to be given away or sold. There may be (unencrypted) data left on the device and you want to protect against simple forensic investigation that is mere child’s play with for example File recovery software.

If you want to quickly wipe everything from the disk, /dev/zero or simple patterns allow maximum performance while adequate randomness can be advantageous in some cases that should be covered up in #Data remanence.

Every overwritten bit means to provide a level of data erasure not allowing recovery with normal system functions (like standard ATA/SCSI commands) and hardware interfaces. Any file recovery software mentioned above then would need to be specialized on proprietary storage-hardware features.

In case of a HDD, data recreation will not be possible without at least undocumented drive commands or tinkering with the device’s controller or firmware to make them read out for example reallocated sectors (bad blocks that S.M.A.R.T. retired from use).

There are different wiping issues with different physical storage technologies. Most notably, all Flash memory based devices and older magnetic storage (old HDDs, floppy disks, tape).

Preparations for block device encryption

To prepare a drive for block device encryption inside the wiped area afterwards, it is recommended to use #Random data generated by a cryptographically strong random number generator (referred to as RNG in this article from now on).

Data remanence

See also Wikipedia:Data remanence. The representation of data may remain even after attempts have been made to remove or erase the data.

Operating system, programs and filesystem

The operating system, executed programs or journaling file systems may copy your unencrypted data throughout the block device. When writing to plain disks, this should only be relevant in conjunction with one of the above.

If the data can be exactly located on the disk and was never copied anywhere else, wiping with random data can be thoroughgoing and impressively quick as long there is enough entropy in the pool.

A good example is cryptsetup using /dev/urandom for wiping the LUKS keyslots.

Hardware-specific issues

Flash memory

Write amplification and other characteristics make Flash memory, including SSDs, a stubborn target for reliable wiping. As there is a lot of transparent abstraction in between data as seen by a device’s controller chip and the operating system, sight data is never overwritten in place and wiping particular blocks or files is not reliable.

Other «features» like transparent compression (all SandForce SSDs) can compress your zeros or repetitive patterns, so if wiping is fast beyond belief this might be the cause.

Disassembling Flash memory devices, unsoldering the chips and analyzing data content without the controller in between is feasible without difficulty using simple hardware. Data recovery companies do it for cheap money.

For more information see:

Marked Bad Sectors

If a hard drive marks a sector as bad, it cordons it off, and the section becomes impossible to write to via software. Thus a full overwrite would not reach it. However because of block sizes, these sections would only amount to a few theoretically recoverable KiB.

Residual magnetism

A single, full overwrite with zeros or random data does not lead to any recoverable data on a modern high-density storage device. Note that repeating the operation should not be necessary nowadays. [1] Indications otherwise refer to single residual bits; reconstruction of byte patterns is generally not feasible.[2] See also [3], [4] and [5].

Select a target

Use fdisk to locate all read/write devices the user has read access to.

Check the output for lines that start with devices such as /dev/sd»X» .

This is an example for a HDD formatted to boot a linux system:

Or another example with the Arch Linux image written to a 4GB USB thumb drive:

If you are worried about unintentional damage of important data on the primary computer, consider using an isolated environment such as a virtual environment (VirtualBox, VMWare, QEMU, etc. ) with direct connected disk drives to it or a single computer only with a storage disk(s) that need to be wiped booted from a Live Media (USB, CD, PXE, etc. ) or use a script to prevent wiping mounted partitions by typo.

Select a data source

To wipe sensitive data, one can use any data pattern matching the needs.

Zeros

Overwriting with /dev/zero or simple patterns is considered secure in most situations. With today’s HDDs, it is deemed appropriate and fast for disk wiping.

However, a drive that is abnormally fast in writing patterns or zeroing could be doing transparent compression. It is obviously presumable not all blocks get wiped this way. Some #Flash memory devices do «feature» that.

To setup block device encryption afterwards, one should wipe the area with random data (see next section) to avoid weakening the encryption.

Random data

True random data source using /dev/random is impractical for wiping large capacities as it will take too long to wait for the entropy generation. /dev/urandom can be used as a reasonable source of pseudorandom data. For differences between random and pseudorandom data as source, please see Random number generation.

Another alternative for pseudorandom data generation is to use an encrypted datastream. For example, if one wants to prepare a device for block encryption and will use AES for the encrypted partition, it is appropriate to wipe it with a similar cipher prior to creating the filesystem to make the empty space not distinguishable from the used space.

Select a block size

If you have an Advanced Format hard drive it is recommended that you specify a block size larger than the default 512 bytes. To speed up the overwriting process choose a block size matching your drive’s physical geometry by appending the block size option to the dd command (i.e. bs=4096 for 4 KiB).

fdisk prints physical and logical sector size for every disk. Alternatively sysfs does expose information:

Calculate blocks to wipe manually

A block storage devices contains sectors and a size of a single sector that can be used to calculate the whole size of device in bytes. You can do it by multiplying sectors with size of the sector.

As an example we use the parameters with the dd command to wipe a partition:

Here, to illustrate with a practical example, we will show the output of the fdisk command on the partition /dev/sdX :

• The first line of the fdisk output shows the disk size in bytes and in logical sectors.
• The size in bytes of the storage device or of the partition can also be obtained with the command blockdev —getsize64 /dev/sdXY .
• The Units line of the fdisk output shows the size of single logical sector; the logical sector size can also be derived from the number of bytes divided by the number of logical sectors, here use: echo $((2000398934016 / 3907029168)) .
• To know the physical sector size in bytes (that will make it work faster), we can use the next line.
• To get the disk size in physical sectors, one can divide the disk size in bytes by the size of a single physical sector, here echo $((2000398934016 / 4096)) ,

To wipe partition /dev/sdX1 , the example parameters with logical sectors would be used like follows.

• By using the starting address of the partition on the device using the seek= parameter:

with Start=2048 , End=3839711231 and BytesInSector=512 .

• Or by using the partitions size in logical sectors:

Or, to wipe the whole disk by using physical sectors:

with AllDiskPhysicalSectors=488378646 and PhysicalSectorSizeBytes=4096 .

Overwrite the target

You can choose from several utilities to overwrite a drive. If you only want to wipe a single file, Securely wipe disk/Tips and tricks#Wipe a single file has considerations in addition to the utilities mentioned below.

By redirecting output

The redirected output can be used to create files, rewrite free space on the partition, and to wipe the whole device or a single partition on it.

The following examples show how to rewrite the partition or a block device by redirecting stdout from other utilities:

The file copy command cp can also be used to rewrite the device, because it ignores the type of the destination:

To show speed and time you can use pv :

Zero-fill the disk by writing a zero byte to every addressable location on the disk using the /dev/zero stream.

The process is finished when dd reports No space left on device and returns control back:

To speed up wiping a large drive, see also:

A program specialized on wiping files. It is available as part of the wipe package. To make a quick wipe of a destination, you can use something like:

See also wipe(1) . The tool was last updated in 2009. Its SourceForge page suggests that it is currently unmaintained.

shred

shred (from the coreutils package) is a Unix command that can be used to securely delete individual files or full devices so that they can be recovered only with great difficulty with specialised hardware, if at all. By default shred uses three passes, writing pseudo-random data to the device during each pass. This can be reduced or increased.

The following command invokes shred with its default settings and displays the progress.

Shred can also be used on a single partition, e.g. to wipe the first partition use shred -v /dev/sdX1 .

Alternatively, shred can be instructed to do only one pass, with entropy from e.g. /dev/urandom .

Badblocks

The tool badblocks from e2fsprogs is able to perform destructive read-write test, effectively wiping the device. By default, it performs four passes and can take very long.

hdparm

hdparm supports ATA Secure Erase, which is functionally equivalent to zero-filling a disk. It is however handled by the hard drive firmware itself, and includes «hidden data areas». As such, it can be seen as a modern-day «low-level format» command. SSD drives reportedly achieve factory performance after issuing this command, but may not be sufficiently wiped (see #Flash memory).

Some drives support Enhanced Secure Erase, which uses distinct patterns defined by the manufacturer. If the output of hdparm -I for the device indicates a manifold time advantage for the Enhanced erasure, the device probably has a hardware encryption feature and the wipe will be performed to the encryption keys only.

For detailed instructions on using ATA Secure Erase, see Solid state drive/Memory cell clearing and the Linux ATA wiki.

Источник

Supratim Sanyal’s Computing Blog | Wandering Digital Wastelands as a Geek

Playing with computers since age 13, time to start documenting all the wonderful things and treasures I have discovered and developed — also a blog to serve as a time-saver by not having to reinvent the wheel.

Search

Saturday, December 3, 2016

Zero Out Free Disk Space on Virtual Machines and Compact them Before Backup: Solaris, Linux, Windows, OpenVMS

Before taking backups of my hobbyist and production virtual machines, I follow the popular recommendation of zeroing out all unused free virtual hard drive space and compacting them using the virtual disk compacting tool that comes with Oracle Virtualbox.

Download: All the tools, utilities and scripts described in this post are available for direct download from my google drive.

1. Linux

To zero out unused disk space on my virtual hard disks on Linux virtual appliances, I use Ron Yorston’s nice «zerofree» tool.

Start off by building zerofree from source and installing it on your Linux VM. The steps are:

# yum -y install e2fsprogs-devel
# wget http://frippery.org/uml/zerofree-1.0.3.tgz
# tar xvzf zerofree-1.0.3.tgz
# cd zerofree-1.0.3
# make
# cp zerofree /usr/sbin/

Here is a screen-log of me executing the above steps in a directory /tmp/x :

]# cd /tmp
[root@sanyalnet-cloud-vps tmp]# mkdir x
[root@sanyalnet-cloud-vps tmp]# cd x
[root@sanyalnet-cloud-vps x]# yum install e2fsprogs-devel -y
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
* base: centos.mirror.globo.tech
* epel: mirror.math.princeton.edu
* extras: centos.mirror.globo.tech
* updates: centos.mirror.netelligent.ca
Resolving Dependencies
—> Running transaction check
—> Package e2fsprogs-devel.x86_64 0:1.42.9-7.el7 will be installed
—> Finished Dependency Resolution

Dependencies Resolved

================================================================================================================================================
Package Arch Version Repository Size
================================================================================================================================================
Installing:
e2fsprogs-devel x86_64 1.42.9-7.el7 base 70 k

Transaction Summary
================================================================================================================================================
Install 1 Package

Total download size: 70 k
Installed size: 161 k
Downloading packages:
e2fsprogs-devel-1.42.9-7.el7.x86_64.rpm | 70 kB 00:00:00
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Installing : e2fsprogs-devel-1.42.9-7.el7.x86_64 1/1
Verifying : e2fsprogs-devel-1.42.9-7.el7.x86_64 1/1

Installed:
e2fsprogs-devel.x86_64 0:1.42.9-7.el7

Complete!
[root@sanyalnet-cloud-vps x]# wget http://frippery.org/uml/zerofree-1.0.3.tgz
—2016-12-04 00:32:03— http://frippery.org/uml/zerofree-1.0.3.tgz
Resolving frippery.org (frippery.org). 93.93.131.127, 2a00:1098:0:86:1000::10
Connecting to frippery.org (frippery.org)|93.93.131.127|:80. connected.
HTTP request sent, awaiting response. 200 OK
Length: 8506 (8.3K) [application/x-gzip]
Saving to: ‘zerofree-1.0.3.tgz’

100%[======================================================================================================>] 8,506 —.-K/s in 0s

2016-12-04 00:32:03 (64.9 MB/s) — ‘zerofree-1.0.3.tgz’ saved [8506/8506]

[root@sanyalnet-cloud-vps x]# tar -zxf zerofree-1.0.3.tgz
[root@sanyalnet-cloud-vps x]# cd zerofree-1.0.3
[root@sanyalnet-cloud-vps zerofree-1.0.3]# make
gcc -o zerofree zerofree.c -lext2fs
[root@sanyalnet-cloud-vps zerofree-1.0.3]# ls -lrt
total 44
-rw-r—r— 1 root root 17921 Aug 12 2007 COPYING
-rw-rw-r— 1 root root 3870 Aug 9 2012 zerofree.c
-rw-rw-r— 1 root root 109 Aug 9 2012 Makefile
-rwx—— 1 root root 13353 Dec 4 00:32 zerofree
[root@sanyalnet-cloud-vps zerofree-1.0.3]# which zerofree
/usr/bin/which: no zerofree in (/sbin:/bin:/usr/sbin:/usr/bin)
[root@sanyalnet-cloud-vps zerofree-1.0.3]# cp zerofree /usr/sbin/
[root@sanyalnet-cloud-vps zerofree-1.0.3]# which zerofree
/sbin/zerofree
[root@sanyalnet-cloud-vps zerofree-1.0.3]#

zerofree works only with inactive partitions that are not mounted (it correctly refuses to manipulate mounted active read-write partitions). We need to boot into single-user mode and dismount the partitions one by one, running zerofree on each.

To boot into single-user mode, I edit the grub boot command line to add a «s» at the end. To do this, I reboot the virtual machine, and when it comes back to the grub menu, I press «e» to edit. Note: I am using a CentOS release 6.8 Linux virtual machine (kernel 2.6.32-642.11.1.el6.x86_64) for this walk-through.

grub boot menu — hit «e» to edit the boot command

On the next screen, I choose the «kernel» line by pressing the down arrow, and press «e» again to edit the kernel boot parameters line.

Grub Kernel Boot Parameters Selection — press «e» ti edit

In the minimal line editor that opens up, I add a «s» at the end of the existing line, after » quiet «, for single-user boot.

add «s» at end of grub boot command line to boot into single-user mode

Pressing Enter after adding the «s» at the end brings me back to the boot screen, where I can now press «b» to boot into single-user.

after adding «s» to the boot command line, press «b» to boot into single-user

The computer boots up into single-user, and drops me into a root shell.



single user boot — root shell

I type in the » mount » command to look at the mount-points to identify the partitions to run zerofree on.

single-user root shell — mount points and partitions

In this case, there are two disk drives. The first disk, sda, has the logical volume managed (LVM) ext4 file-system » /dev/mapper/vg_dormarth-lv_root » mounted on » / «, and the ext4 partition /dev/sda1 mouted at file-system » /boot » . The second disk, sdb, has the /dev/sdb1 partition mounted as the ext4 file-system at /home/tracks .

Therefore, we will dismount each of the following in turn and run zerofree on each dismounted file-system:

• /dev/mapper/vg_dormarth-lv_root mounted as /
• /dev/sda1 mounted as /boot
• /dev/sdb1 mounted as /home/tracks

Источник