DaemonForums  

Go Back   DaemonForums > OpenBSD > OpenBSD Security

OpenBSD Security Functionally paranoid!

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 21st June 2020
attilio attilio is offline
Port Guard
 
Join Date: Jun 2015
Posts: 42
Default Secure erasing of HD with dd

Hi
In order to do begin a secure erase of the hard disk of my hp530,
I wanted to use a command like the following:

Code:
# dd if=/dev/zero of=/dev/<deviceFileOfHardDisk>
This works if, for example, I boot with a live cd of a linux distribution.

I tried also with OpenBSD, but I found a problem.
I booted with an usb key with install67.fs for i386.
At the first prompt, I chose (S) to have a shell.
I looked for the name of the disk with

Code:
#sysctl
and the answer was

Code:
hw.disknames=cd0:,sd0:,rd0:cca629fbd647ae2c,sd1:d38e63c5f7d95f4a
I verified (with disklabel) that rd0 was associated with the usb key I used to boot.
I don't know what sd1 is.
I tried the dd command with of=/dev/sd1c but the response was "no such file or directory" and
indeed in /dev there was not such a file. I tried also with other names, with no success.

It is difficult for me to show you the complete content of /dev, because I can't write it to any file at this stage.
But I'm relatively sure that there is nothing associated with the HD.

Is it possible to do what I want using the usb key of installation and the dd command?
Reply With Quote
  #2   (View Single Post)  
Old 21st June 2020
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 7,093
Default

The RAMDISK kernel included with installation media does not have a lot of space, so many things are left out of it, including many device special files. They are intended to be created dynamically when needed. Use # cd /dev && sh MAKEDEV sd0 sd1 to create these two sets of device special files for these two disk drives.

rd0 is a the small RAM disk where the OpenBSD system is running from. The root directory /, the /dev directory, /bin, /sbin, /usr, /var, .... are all in RAM. This small kernel and RAM disk are loaded into RAM during boot.

Your USB stick is likely to be sd1, with sd0 being the workstation's hard drive.

When you have determined exactly which of the two devices has the data you want to destroy on it, use the raw device special file for the "c" partition -- rsd0c or rsd1c -- to overlay the data sectors with zeros. The "c" partition is a special partition containing all sectors of the drive. Example: # dd if=/dev/zero of=/dev/rsd0c bs=32m

Please note, dd(1) will only overwrite data sectors addressable by the OS. Sectors that have been set aside as bad by the drive electronics will not be erased. To overwrite the entire drive including non-addressable sectors, the drive's Secure Erase command must be used. On an installed OpenBSD system, this can be performed with the built-in atactl(8) utility for ATA drives.

Last edited by jggimi; 21st June 2020 at 12:48 PM. Reason: ./ changed to sh. MAKEDEV(8) is not an executable file in the RAMDISK kernel.
Reply With Quote
  #3   (View Single Post)  
Old 21st June 2020
attilio attilio is offline
Port Guard
 
Join Date: Jun 2015
Posts: 42
Default

Thanks jggimi.
It works!
I only had to use a buffer size smaller than that in your example.
With bs=32M I got

Code:
dd: input buffer: Cannot allocate memory
Perhaps due to the limitations of ram kernel you spoke about?
A super prudential bs=1M worked (and is still working.....)

I didn't know anything about atactl. Interesting.
Thanks again!
Reply With Quote
  #4   (View Single Post)  
Old 21st June 2020
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 7,093
Default

Various secure erase commands have been included as part of the ATA standards for a very long time. In these modern times, many SSDs encrypt by default, and the fastest way to "erase" the data is to have the electronics merely delete the key.
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
The most secure OS bsdcord Other OS 3 8th May 2019 02:58 PM
How is this secure ? bsd007 OpenBSD Security 11 1st October 2018 05:21 PM
Hardware Self-erasing flash drives destroy court evidence J65nko News 0 2nd March 2011 05:43 PM
how to secure my ftp? milo974 OpenBSD Security 3 4th August 2009 03:47 PM
Is this secure? Ungenious OpenBSD Security 4 30th November 2008 02:27 AM


All times are GMT. The time now is 08:58 AM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2020, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick