From mboxrd@z Thu Jan 1 00:00:00 1970 Delivery-date: Thu, 23 Jan 2025 23:02:33 +0100 Received: from metis.whiteo.stw.pengutronix.de ([2a0a:edc0:2:b01:1d::104]) by lore.white.stw.pengutronix.de with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from ) id 1tb5HU-003c7X-24 for lore@lore.pengutronix.de; Thu, 23 Jan 2025 23:02:33 +0100 Received: from localhost ([127.0.0.1] helo=metis.whiteo.stw.pengutronix.de) by metis.whiteo.stw.pengutronix.de with esmtp (Exim 4.92) (envelope-from ) id 1tb5HV-0007eW-3h; Thu, 23 Jan 2025 23:02:33 +0100 Received: from ptz.office.stw.pengutronix.de ([2a0a:edc0:0:900:1d::77] helo=[127.0.0.1]) by metis.whiteo.stw.pengutronix.de with esmtp (Exim 4.92) (envelope-from ) id 1tb5HP-0007eH-6C; Thu, 23 Jan 2025 23:02:27 +0100 Message-ID: Date: Thu, 23 Jan 2025 23:02:26 +0100 MIME-Version: 1.0 User-Agent: Mozilla Thunderbird To: christian.melki@t2data.com References: <20250123205453.2841392-1-a.fatoum@pengutronix.de> <9872fef0-f5c6-41cb-894e-b67e884492a8@t2data.com> Content-Language: en-US From: Ahmad Fatoum In-Reply-To: <9872fef0-f5c6-41cb-894e-b67e884492a8@t2data.com> Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit Subject: Re: [ptxdist] [PATCH] util-linux: add option for building blkdiscard X-BeenThere: ptxdist@pengutronix.de X-Mailman-Version: 2.1.29 Precedence: list List-Id: PTXdist Development Mailing List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: ptxdist@pengutronix.de Cc: "ptxdist@pengutronix.de" Sender: "ptxdist" X-SA-Exim-Connect-IP: 127.0.0.1 X-SA-Exim-Mail-From: ptxdist-bounces@pengutronix.de X-SA-Exim-Scanned: No (on metis.whiteo.stw.pengutronix.de); SAEximRunCond expanded to false Hello Christian, On 23.01.25 22:55, Christian Melki wrote: > On 1/23/25 9:54 PM, Ahmad Fatoum wrote: >> We currently only have an option for BusyBox blkdiscard, but that one >> lacks some options like -z for zeroing the block device. >> >> This can be important as regular discard on an eMMC isn't guaranteed >> to clear data. >> >> Add a util-linux blkdiscard option to address this. >> > > Zeroing is certainly not guaranteed to do anything useful either to the > physical media. A normal FTL getting a full block zero will only move > the read index for that LBA to some zeroed return block index and do > nothing else (fast zeroed read, with no read perturbation from real media). > Depending on how one views the discarded blocks, it might also put the > zeroed block on the discard list anyway. > If you still can read real data from a zeroed (reindexed) or discarded > block you have other security issues with the device. > Having lower level access to the device with intentional holes isn't > going to protect you from leaking by anything, including key changes to > some transparent AES-XTS blocks. > If you mistrust the device, your best bet is going to be forcing fast > prng data on all accessible blocks, including whatever sideband blocks > you can get at. With no reusage between blocks, the drive won't have any > other choice than to write over data. It's slow though. > Smart drives will see various reoccuring fill patterns and create fast > read indexes for those too. My particular need for blkdiscard -z is not for mangling key material. I just want to clear the block device, so software that checks for partition magic doesn't see stale data. I am aware that this is no substitute for a blkdiscard -s (which busybox also supports) or randomized overwrite, but this is beyond what I need. Thanks, Ahmad > > regards, > Christian > >> Signed-off-by: Ahmad Fatoum >> --- >> rules/util-linux.in | 10 ++++++++++ >> rules/util-linux.make | 3 ++- >> 2 files changed, 12 insertions(+), 1 deletion(-) >> >> diff --git a/rules/util-linux.in b/rules/util-linux.in >> index 8bf035f3901e..83e075852689 100644 >> --- a/rules/util-linux.in >> +++ b/rules/util-linux.in >> @@ -62,6 +62,16 @@ config UTIL_LINUX_ADDPART >> help >> The addpart utility. >> >> +config UTIL_LINUX_BLKDISCARD >> + bool >> + depends on !BUSYBOX_BLKDISCARD || ALLYES >> + prompt "blkdiscard" >> + help >> + blkdiscard is used to discard device sectors. >> + >> +comment "BusyBox' blkdiscard is selected!" >> + depends on BUSYBOX_BLKDISCARD >> + >> config UTIL_LINUX_CFDISK >> bool >> select UTIL_LINUX_FDISKS >> diff --git a/rules/util-linux.make b/rules/util-linux.make >> index 579c165e6edb..02d83715c6f1 100644 >> --- a/rules/util-linux.make >> +++ b/rules/util-linux.make >> @@ -54,7 +54,7 @@ UTIL_LINUX_CONF_OPT := \ >> -Dbuild-agetty=$(call ptx/endis, PTXCONF_UTIL_LINUX_AGETTY)d \ >> -Dbuild-bash-completion=disabled \ >> -Dbuild-bfs=disabled \ >> - -Dbuild-blkdiscard=disabled \ >> + -Dbuild-blkdiscard=$(call ptx/endis, PTXCONF_UTIL_LINUX_BLKDISCARD)d \ >> -Dbuild-blkpr=disabled \ >> -Dbuild-blkzone=disabled \ >> -Dbuild-blockdev=disabled \ >> @@ -197,6 +197,7 @@ UTIL_LINUX_LIB-$(PTXCONF_UTIL_LINUX_LIBFDISK) += fdisk >> >> # disk-utils >> UTIL_LINUX_BIN-$(PTXCONF_UTIL_LINUX_ADDPART) += sbin/addpart >> +UTIL_LINUX_BIN-$(PTXCONF_UTIL_LINUX_BLKDISCARD) += sbin/blkdiscard >> UTIL_LINUX_BIN-$(PTXCONF_UTIL_LINUX_CFDISK) += sbin/cfdisk >> UTIL_LINUX_BIN-$(PTXCONF_UTIL_LINUX_DELPART) += sbin/delpart >> UTIL_LINUX_BIN-$(PTXCONF_UTIL_LINUX_RESIZEPART) += sbin/resizepart > > -- Pengutronix e.K. | | Steuerwalder Str. 21 | http://www.pengutronix.de/ | 31137 Hildesheim, Germany | Phone: +49-5121-206917-0 | Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 |