https://github.com/vt-alt/dm-secdel

dm-linear with secure deletion (wipe, erase) on discard
https://github.com/vt-alt/dm-secdel

device-mapper erase kernel-module sanitization secure-delete shred shredder shredding-files wipe

Last synced: 7 days ago
JSON representation

dm-linear with secure deletion (wipe, erase) on discard

• Host: GitHub
• URL: https://github.com/vt-alt/dm-secdel
• Owner: vt-alt
• Created: 2018-05-24T05:26:43.000Z (almost 7 years ago)
• Default Branch: sisyphus
• Last Pushed: 2023-02-02T04:08:31.000Z (about 2 years ago)
• Last Synced: 2024-11-06T06:48:16.207Z (6 months ago)
• Topics: device-mapper, erase, kernel-module, sanitization, secure-delete, shred, shredder, shredding-files, wipe
• Language: C
• Homepage:
• Size: 76.2 KB
• Stars: 6
• Watchers: 2
• Forks: 2
• Open Issues: 0
• Metadata Files:
  • Readme: README.md

Awesome Lists containing this project

README

        
dm-linear like target which provides discard, but replaces it with write of

erase pattern data to a discarded region. Thus, discarded data is securely

deleted (sanitized). Because of abstract nature, it could support many

file-systems which support discard (such as ext3, ext4, xfs, btrfs).

Operation notes:

Create a mapped device with `secdelsetup` tool. Make sure file-system is

mounted from that device and not from the underlying device. Make sure

file-system is mounted with `-o discard` option. Do not enable data journaling

(such as `-o data=journal` do not enable it).  Note, that when you `rm` files

discards will be sent (and, thus, erasing will performed) asynchronously, so,

to make sure data is already erased issue `sync` or remount file-system with

`-o sync` option before `rm`.  If you wish that filenames are wiped too, first,

make sure file-system is created completely without journaling (such as

`mkfs.ext4 -O ^has_journal`, and second, delete the directory itself, so its

blocks are discarded and erased. If you issue `fstrim` all free blocks of

file-system will be discarded and thus erased too (make sure that file-system

is still mounted with `-o discard` though.)

Usage:

```

secdelsetup /dev/sda5 [/dev/mapper/secdel5]

```

- will map `sda5` to `secdel5`. (With default erase more which is single pass of

(crng) random data). Alternatively:

```

secdelsetup /dev/sda5 [/dev/mapper/secdel5] 1R0

```

- Will work same as above but with with three pass overwriting: first pass of 1-bits,

second pass of (crng) random bits, and third pass of 0-bits.

Then, file-system on `secdel5` should be mounted with `-o discard`.

```

secdeltab --all or secdeltab --list

```

- show current maps.

```

secdelsetup --save

```

- save current maps to `/etc/secdeltab` which will be automatically activated

after reboot (by `secdeltab.service` systemd unit).

```

secdeltab --detach-all

```

- detach all active maps.

Based on the code of `dm-linear` from Linux kernel of their respective authors.

 (C) 2018,2019 ; License GPL-2.0-only.