[CentOS] issue_discards in lvm.conf

Thu Jun 12 17:12:14 UTC 2014
m.roth at 5-cent.us <m.roth at 5-cent.us>

SilverTip257 wrote:
> On Thu, Jun 12, 2014 at 10:35 AM, James B. Byrne <byrnejb at harte-lyne.ca>
> wrote:
>> On Wed, June 11, 2014 18:31, Frank Cox wrote:
>> I have a question about SSD respecting security.  Recently I have been
>> investigating sanitizing these devices, together with 'smart-phones,
>> tablets and pads which use flash memory persistent storage. Not to
mention the
>> ubiquitous USB 'memory stick'.  I have come to the rather unsettling
>> conclusion that it is effectively impossible to 'sanitize' these things
>> short of complete and utter physical destruction, preferably by
>> Is this in fact the case?
> I've come to the same conclusion.  Due to controller wear leveling and
> TRIM, it is difficult to fully sanitize a flash memory (USB flash, SSD).
> A former employer of mine contracts out destruction of conventional hard
> drives with a machine that has a hydraulic arm and a wedge.  Effectively
> bending the platters and some of the drive.  Hardware destruction (prior
> to recycling/disposal) in certain business sectors is common place.

Where I work, some of the systems (which are behind an *internal*
firewall) have PII and HIPAA data - we're serious about protecting that
stuff. When we surplus a server, the drive must be certified to be
sanitized - that is, for the ones I do, which is most of them, I need to
sign my name to a form that gets stuck on the outside that it's sanitized,
making me *personally* responsible for that.

We use two methods: for the drives that are totally dead, or *sigh* the
SCSI drives, they get deGaussed. For SATA that's still running, we use
DBAN. *Great* software. From what I've read, one pass would probably be
good enough, given how data's written these days. With my name certifying
it, I do paranoid, and tell DBAN the full 7-pass, DoD 5220.22-M. I
*really* don't think anyone's getting anything off that.

We don't have any SSDs, so I can't speak to that. Bet you could deGauss
them, easily enough. Or maybe stick 'em on a burner on a stove to get over
the Curie point....*


* Techniques that a techie group I belong to refer to as "things to do in
someone else's kitchen"