Security Erase over iSCSI
145 views
Skip to first unread message
Amit
Dec 3, 2012, 9:00:06 PM12/3/12
to open-...@googlegroups.com
Hi,
I am currently trying to perform a secure erase on a drive exported via
iSCSI. Using hdparm, the drive is reported not to support security
erase.
My setup:
1. Initiator: open-iscsi (debian wheezy)
2. Target: LIO Linux Kernel 3.6.6
Has anybody been able to perform a secure erase over iSCSI?
Thanks,
Amit
I am currently trying to perform a secure erase on a drive exported via
iSCSI. Using hdparm, the drive is reported not to support security
erase.
My setup:
1. Initiator: open-iscsi (debian wheezy)
2. Target: LIO Linux Kernel 3.6.6
Has anybody been able to perform a secure erase over iSCSI?
Thanks,
Amit
Ulrich Windl
Dec 4, 2012, 2:49:39 AM12/4/12
to open-...@googlegroups.com
Overwriting from start to end with random data should do, also. I don't know anything about "secure erase"...
>>> Amit <amit....@gmail.com> schrieb am 04.12.2012 um 03:00 in Nachricht
<loom.2012120...@post.gmane.org>:
>>> Amit <amit....@gmail.com> schrieb am 04.12.2012 um 03:00 in Nachricht
<loom.2012120...@post.gmane.org>:
Amit
Dec 4, 2012, 12:56:03 PM12/4/12
to open-...@googlegroups.com
Ulrich Windl <Ulrich.Windl@...> writes:
>
> Overwriting from start to end with random data should do, also. I
> don't know anything about "secure erase"...
>
Hello,
>
> Overwriting from start to end with random data should do, also. I
> don't know anything about "secure erase"...
>
Thanks for the reply. Yes, overwriting with random data should work.
Secure Erase is a feature in most drives that basically does the same as
overwriting data. However, a special ATA/SCSI command is defined for
this. An estimated time can also be obtained.
For example:
https://ata.wiki.kernel.org/index.php/ATA_Secure_Erase
Thanks,
Amit
Mika Boström
Dec 6, 2012, 11:53:47 AM12/6/12
to open-...@googlegroups.com
On Tue, Dec 04, 2012 at 05:56:03PM +0000, Amit wrote:
> Ulrich Windl <Ulrich.Windl@...> writes:
>
> >
> > Overwriting from start to end with random data should do, also. I
> > don't know anything about "secure erase"...
> >
>
> Hello,
>
> Thanks for the reply. Yes, overwriting with random data should work.
> Secure Erase is a feature in most drives that basically does the same as
> overwriting data. However, a special ATA/SCSI command is defined for
> this. An estimated time can also be obtained.
[Note: speaking as a user]
> Ulrich Windl <Ulrich.Windl@...> writes:
>
> >
> > Overwriting from start to end with random data should do, also. I
> > don't know anything about "secure erase"...
> >
>
> Hello,
>
> Thanks for the reply. Yes, overwriting with random data should work.
> Secure Erase is a feature in most drives that basically does the same as
> overwriting data. However, a special ATA/SCSI command is defined for
> this. An estimated time can also be obtained.
Invoking ATA-level secure erase over iSCSI does not really make sense.
Looking the docs, this command should affect a device, and only an
entire device. As such, the entire feature would be useful _only_ when a
target exports a full block device (ie. hard drive).
Just think of what would happen to a hard drive which has multiple
partitions and each of those is then exported as individual iSCSI
volumes. There's no guarantee that all of the volumes are used by the
same client instance - if any one of them could issue the secure erase
command, ALL the partitions would be lost.
And it gets better. What if a single exported volume was actually a
section of LVM? Now the command could potentially span multiple physical
devices. Come to think of it, the volume could also be a disk image...
So it really doesn't make any sense. iSCSI is after all a transport
mechanism, not a remote-physical-block-device mechanism.
(Remote block device, yes. Just not necessarily remote physical block
device.)
--
Mika Boström Individualisti, eksistentialisti,
www.iki.fi/bostik rationalisti ja mulkvisti
GPG: 0x2AED22CC; 6FC9 8375 31B7 3BA2 B5DC 484E F19F 8AD6 2AED 22CC
Reply all
Reply to author
Forward
0 new messages