secure-delete is software which tailors well for your paranoid-based Librem laptop and smartphone and looks attractive for cryptopunk ideas of Purism.
It consists of several utitilities:
sdmem — cleans your RAM, filling free space of it with zeroes or random data in multiple cycles;
sfill — cleans free space on disks (with the same method);
swap — cleans your swap (same);
srm — deletes specified file securely (same), use it instead of rm when needed.
Install it with single command:
$ sudo apt install secure-delete
$ man secure-delete # IMHO, flags -f and -ll are the optimal choice for balance within perfomance and security, but do your own experiments
Then you can setup your cron daemon somehow, e. g. wipe your memory everyday at 05:00 and wipe your swap and memory cards (eMMC & microSD) on day-of-month 1.
I think this is complicated because in theory the SSD itself erases the ‘sector’ each time the sector is written. So a disk sector that becomes unused is going to be erased on way or another.
That would then make the choice of ‘random data’ a bad thing on an SSD, in the sense that the disk sector ends up being written twice in the process of going from used to unused to used.
Worse still is if the disk contains an encrypted file system and this is operating above the encryption layer (because in that case a sector of zeroes becomes ‘random data’ by the time it hits the disk). On the other hand, if this is operating below the encryption layer then this leaks information about the utilisation and placement of data on the disk.
Also just a reminder: little disks will loose life cycle faster than larger ones.
If that tool is good or bad depends on the personal needs. With disk encryption (and strong password) we usually don’t need to delete files in such way anymore.
It’s more important in specific cases like the two or three files your really really want to be deleted (so this tool can be used for specific very files instead of every deletion) and here you don’t have to be worry about disk life. Another case could be that someone has access to your devices (with your permission) and you don’t want this person to have access to your deleted files.
All that doesn’t save you from people who compromised your system, but in this case such erases also doesn’t help anymore (because files got read before).
So all around it can be useful, as long as it wont be taken on every file, especially on little SSDs.
It might be cryptopunk, but it’s absolutely not useful.
As has been pointed out, on flash drives you can’t overwrite a certain sector, as the flash device opaquely maps it to any sector it wants. Not even filling all sectors is a guarantee, as the disk has some hidden spare sectors, and the confidential data could end up there, if the disk decides to swap some sectors with spare sectors.
Oh, and of course… if you have more than one partition (main, boot, swap…) on one SSD, then all of them would have to be filled simultaneously, to reduce the risk of some sectors not being overwritten.
No, because the information that the sector is unused is not stored in that sector, but somewhere else.
So yes. Encrypted disk is a much better choice.
You could even create an encrypted mini-disk that can be deleted after use. (Just create a file of the desired size, and then encrypt/format it like any disk)
RAM cleaning is the closest to useful, but of course wipes the disk cache, too. Can also just reboot
I agree that it’s more complicated even than I suggested. What I meant is that if a logical sector is used and then it becomes unused and then it becomes used again then it must be written to and in order to write to it, it has to be erased.
It is much more complicated because each time you write to a logical sector, it can be remapped (wear levelling) so that the same underlying physical sector is not written to each time.
So basically SSD is a nightmare from a security perspective.
I thought though that TRIM is supposed to deal with that.?? But then in that case I don’t think you want software like the above writing to unused sectors before they get TRIMmed (since writing to them could cause a remap).
Disk encryption can’t help you if police arests you. You are helpless in this case, they would not ask you kindly, but force you to enter your password, at least, in Russia.
(Also, If your phone was stolen when turned on, the using of secure deleting may save you. You’d told it already.)
Generally speaking: no. TRIM just tells the disk that it’s now okay to use this sector for wear-leveling.
But it depends on the specific implementation. It might even “fake” a zero-read after TRIM, without actually having zeroed it. But there’s also a command that can zero a sector. (wikipedia)
(According to the German version, RZAT is just required to return zeroes on read, but not to actually write them)
Yes, therefore only one write cycle is suggested in topic
secure-delete are file-level utitilies, not byte-level.
You have to mount your filesystems with TRIM or without with FS option. (As I know, it is not needed for many years, because TRIM is enabled automatically. It should, at least.)
Luckily I don’t have to care about Russia myself (my Russian friends left the country to avoid that danger). If police arrests you there, you may have other troubles. If needed they just install/save things on your device that shows that you are the danger of the country. I mean, do you really think that regimes care about laws or fairness? Once you give the pass code for encryption, you have lost anyway. They just need to download a picture with “stop war” and say it was you. In Russia you have lost in any case if they want to get rid of you.
If you really fear that someone could have access to your data to harm you, you may should think about more secure ways to handle your data.
That’s why I want my phone to shut down after 3-5 attempts to get into strong disk encryption password. So people (or police) who steal my device have max a 0,0005% chance to get into it (password with 6 numbers). If I really fear this, I can choose even more secure login passwords with more digits and/or more different signs. Sadly right now L5 can be brute forced once each second. A standard password can be found out within 12 days.
I’d never said regimes cares about law, police there are not stopped by law and they go through it constantly. By requiring a password from you using force and agressive methods they definitely sick on law, people rights & privacy and constitution at once.
Its better to not collect data or or have it near any sensors. In the world we live today, drivers will leak data before the file system got involved. Apple will upload it to Cloud and Google will train its A.I. and Smart Devices will Collect Data you do not think about as a file in the first place. Like your Providers free WLAN plus Neural Network to follow every step your Body do in your Space, cause the water in your body will affect the WLAN connectivity. So every pet and human pose or walk will be visible…
Airtags, others Smartphones, you interact with, Teslar Cars (just an example), or some other self driving one with LIDAR you cross your way, will collect Data about you.
But i am with Caliga, about encrypton and deleted Data… just. Meta Data will still be in the logs. You have to take Care of some Trojan or App, which have the same rights as a user (/your) on your Phone and still collect this data! And of cause, most folks will use Servers to share and deliver Data with. This one will track your scrolling, google try to track your micro expressions and … it is really complicated.
But clear delete will kill your files, its just… on file layer you do the same with encryption. So i think its about Meta Data and Backups.
Thank you for your answer, Christal.
But topic is named “Harden your Librem…”
If someone of us has Librem (of course, there are many men around), he doesn’t have to think all about bad drivers (or spy hardware), apps, trojans.
And he still needs the secure wiping of ram, swap, filesystems. This theme has nothing common with data miners and ads giants like Meta and Google.