From f7a55480fbb4ce1cf2ea38e3156e5c7c35c97298 Mon Sep 17 00:00:00 2001 From: mfwmyfacewhen <94880365+mfwmyfacewhen@users.noreply.github.com> Date: Wed, 25 May 2022 08:07:04 +0000 Subject: [PATCH] Add article about erasing data securely (#1256) Co-Authored-By: Daniel Gray --- docs/assets/img/erasing-data/shredos.png | Bin 0 -> 3970 bytes docs/basics/erasing-data.md | 39 +++++++++++++++++++++++ mkdocs.yml | 1 + 3 files changed, 40 insertions(+) create mode 100644 docs/assets/img/erasing-data/shredos.png create mode 100644 docs/basics/erasing-data.md diff --git a/docs/assets/img/erasing-data/shredos.png b/docs/assets/img/erasing-data/shredos.png new file mode 100644 index 0000000000000000000000000000000000000000..c64299047de4f388fe81fb714d6def59c5e289b3 GIT binary patch literal 3970 zcmds4_fr#GvyKW9BTDZWKtQ?>M35GGlOjrjf`En)0|KG*QiDn$QIH_TfI%^$sI(9i zq9~w25fhtnaDJO}^)9CC5C zKL-Hpy#WC1`Mr1FZls@G?zap3Vr*StKp>Dkdgj;eQ7+cuLabNBmDqm}(I@~K6A_Nm zi$O-CP?(tDh*<8v7U*u0-oHt9(I`Z0NCZY177~sEI7Wvk8yYCPBNBJP&`{aH#O&lr zGb00K8+T%L+rScj&JVrEaEv7cf3cwm z6EvV}c+V;B34t-ViQTm+t-pfmKGEWrF2-XbHi>M33e=}dnzt;<)z(@whvuazOYu}*kF;_|#8C?%_W z|A1;?RSl#Px42WT#lzX792Ut>ncW&p$eeRDSxdZMN4~M+Z>#+@+OSB*OZ`oVe)&+K zRJ`h@W><)qM`f+Tn~=y2V~Q87Jgz7H+jNAya9xX5ws78;k%AIoL1xam>}_`!`eNhs z1RFO5i(|lUbxoYzB=@P5xV4|IJA8)Te$36-2A}JTR#{>DD!_X&O_F3zLA=)lO25ZE zMofEiiJn^$$}~~>loff8<4bQp&cFoGskpL$9nh%JLDRys8tLz!7ctB0i#r@Ywm)JU z<>W<3iaThixW!^p&A*#V%EvMu+5LbhIgFpI{rttFtdsg}y*X+9(lp6DXuB!xcz&yu z*4Dn=|D*oBm3!FjvrMXHDxai=wm8Nk6_rxdBZ=E?!q z`kn$Hn4(Dozn^HeLNgS8Q(3aoCnoApA)^^4jcszbRF+ITr`ZgeO1({`^K%Wr&+%4b z4YSB(bxeP&dB($UyPW&3DW06wZo!os?cc5^F$RR(|%veYm-$|N%4()HP3N=XrWEe;aIPMtCr^* zUC1M;FlT$omH3%BWY`FKpCl3dC9}zS6+9+ZorD||uk%*AnU43G@XI7<63*cEUtH`=zNt+(jXr)91*xQtpAis)40`PeGXtU}ObF!zlb z`GA@4v&NZkYM$}@1+)4iVKlaEt`GD{s+R5>wJT#?>>Y)~&ZGV@>`+`2e}U$fBu-7qD|l-2UfQ+YTBVQyaNIV>4cSW}rBy#_IcIL2q@ z)|(=t4dE(AKyll|f)|PDjHZdD!zBKBb z+qkyO`gXpu{yx%tvV%Z4DYsXfO94tE>;VqLW!BfNl_gh#!;XXfc+r(%-1j6P@)Em^ zta^EjK$yIM%QR%FQgIFyLdwYqBNEU1lIC|E%J)#pdQS$aY3uB>9-!(P1NfugE+=Wg zB2b#-NpM}wiX7_J4bvApO$r9b|7;j2Sq}Ul3o(jVPEZOJQtq|8ZzH;LV|YUrT_uL< z!dHPUJ5}fY++n5F_2-ZHYp&Au?Z*C*xdPqNSf&UWxKtr;h~_BO=Hy&4J6ghO?j^oW z(+}Gt`Jvo0_^=UvUGZTD#W1`6HccaA5EyslM0Udcg`@#TCF#1ai>(t8N4AYFPj{8E-Wy7aEE?mw%JAQPw<)v_eCH6w zaeOG$7dM8Sd6iplh6`8o=<}6ZT&E2xmL3#C{^r!y_WF_x?VYRZH|$tlP83YWa>5W| zls#pe_zIk~tVxqnaQ$E^tl{=^tnzt!nPU^(?KH3c~R#JxCwNZ{k>3t`U%!;c#H zm`RU>5R!f|hvKo~`zmpHRFW>XcjBcQy&u@~lxSy4>iU3}3=!oJ4e2o2dE1XXn;2}ulj50v$!#t?&hMYt18f@i_)T&Q^01(2eI zqwb8#14*;J<`fuRrC>Jx7x}YxfedgeX0WjuAJN+;LwU7ciNnvTxLMTTs=bNg*3PMq zz*tcxWK^K*`kYsy9n2BZ{AO@F;9HrSNfg`l(N*-Gn;|5eH0{Mqin6v=9o6 zgONHb5a*{4okV3uKi)R^6#2V#NL^Bh7kv@8cJp(l=WM`$Bj&A-h}ihO_h_e|CbmEN zT7Rfx#V~8p3a=N}?$iM%+LK;^IC&yYt})N?SqsrMseWnGbgEUhkERn9>gPLmXXxlg z(*B}7gl}D}7^K$E2@6Q-ZzfqUp7Ryb4NE&i<-xa`HRiYPVfhE!{6n}TV2fKU?{Smc zB`r4u$ZP!&gIkQ>qyO{ICDT$nkXI2yvV4Iq3ZigcBLSYQ$(jjLCt*2A&Uj?R)q<&U zE$TtT)_w+s@3;O)F6x1_{M|%Dre&A40BW#)EAQV(g>GvSGDYlR7O#l6w0vUBB41=P zMM#$bur6hlyo+M#flI`uiuvJ~LKR`$?Td1mo)tn3w#j1>D}uI*lVfz;*x!;`zVEl1 z3`#&_w~y~e52(l)o$ue4X=)y{a^n7@-@i#AGek9Y0elK5~DZv z*62E{AiIDTYu5}?D{k{^Q{(CLq;0#p+Ju7c+NM7_yc;P~t#sqbrL>a-#K zLQgU!IxKdSmn{k5((*^|^^9!n8>@C8YkZ)gGoJp4`#Bt!3axLG5cqILfwCSV-5e#I zll7IkenDXPZPcFqN|Lkn2Aw{ZqOmbKPwo1P-?mAKvOG@h+&=aqa!=;b&x+wXDY5!l z+>EhsKmQA)Vz)KhHqjg%HJ)up^76IX#K>mvPHX4YwdSqmXP&ajl+)E=;9I#-QW`kg zU=MV}U2W zjQaYJ<5QENp=CYw1AA8mnBT4L=N>1hDl3Krjm)ku^COElQ6!PJeP6M8 zB2!OLJ0SbzzBN^7fs&g0HtzULB{rMudc?lu9TChc|cP>wEr@z$}dx-T%drPWCgeJLV859@zPE zem*#Bdn08%PCi9V1B-@knH_@WNt|Fm{@?lhKco8p%T1%?wycg*mC}Cku>XDTC{=ui zpKLO)wK<}KyHo3!r`Ynty}hq6Xdq#~VB7ckx(C@Py&n+$j5~9unSY;G3h&_o`6m$c<(aCAAo}uBBivaXW-h!9yF8bVxbf)S zvGmupQsIgUiDRm7w2pZdrpO9Ts&#S^PH|R-Um(k^5QMP0DXq+?=hlYY%w%1tKRi8q|@f?|&trz|bZUux-nN1F@97Oo6 zZ61X+iF>%ZKj4h|sXE4#bztRfhv)+c!vn3-5ZznaZUs1+Yk&Lqp7D=Y?Zq0ed&aA5 zCRA5U4}i@(-C-JVll!F^HyL+PCbGKOvCEGnVnb*SLySM%)s=s*V12mk ypIst)MBu6of~3HSL<_v@X;|TQ8S@i17OmiXk_*;LckN$!>*C;HUt@du#(w~UNT6K+ literal 0 HcmV?d00001 diff --git a/docs/basics/erasing-data.md b/docs/basics/erasing-data.md new file mode 100644 index 00000000..bfdb69b1 --- /dev/null +++ b/docs/basics/erasing-data.md @@ -0,0 +1,39 @@ +--- +title: "Secure Data Erasure" +icon: 'material/harddisk-remove' +--- +**Erasing data** from your computer may seem like a simple task, but if you want to make sure the data is truly unrecoverable, there are some things you should consider. + +!!! tip + You should use [full disk encryption](../encryption.md#os-full-disk-encryption) on your storage devices. If your device is stolen or needs to be returned under warranty your privacy may be at risk. + +To erase a storage device **thoroughly**, you should securely erase the whole device and not individual files. + +## Erasing Your Entire Drive + +When you delete a file, the operating system marks the space where the deleted file was as "empty". That "empty" space can be fairly easily undeleted, yielding the original file. + + +### Magnetic storage + +If the disk is a magnetic storage device such as spinning hard disk we suggest using [`nwipe`](https://en.wikipedia.org/wiki/Nwipe). `nwipe` can be installed in most Linux distributions. If you wish to use a complete boot environment on a system, consider using [ShredOS Disk Eraser](https://github.com/PartialVolume/shredos.x86_64). ShredOS boots straight into `nwipe` and allows you to erase available disks. To install it to a flash USB stick see the [installation methods](https://github.com/PartialVolume/shredos.x86_64/blob/master/README.md#obtaining-and-writing-shredos-to-a-usb-flash-drive-the-easy-way-). + +Once you have your boot media, enter your system's UEFI settings and boot from the USB stick. Commonly used keys to access UEFI are ++f2++, ++f12++, or ++del++. Follow the on-screen prompts to wipe your data. + +![ShredOS](../assets/img/erasing-data/shredos.png) + +### Flash Storage + +For [flash memory](https://en.wikipedia.org/wiki/Flash_memory) (SSD, NVMe etc) devices we suggest the ATA Secure Erase command. Methods such as `nwipe` should not be used on flash storage devices as it may damage their performance. The "Secure Erase" feature is often accessible through the UEFI setup menu. + +It is also possible to complete a Secure Erase using the [`hdparm`](https://ata.wiki.kernel.org/index.php/ATA_Secure_Erase) command, or [Microsoft Secure Group Commands](https://docs.microsoft.com/en-us/windows-hardware/drivers/storage/security-group-commands). + +Physical destruction may be necessary to securely erase devices such as memory cards, USB sticks and unusable hard disks. + +## Erasing Specific Files + +Securely shredding **individual files** is difficult if not impossible. Copies can exist in a variety of ways such as through manual, or automatic backups, [wear leveling](https://en.wikipedia.org/wiki/Wear_leveling) (on modern [flash storage](https://en.wikipedia.org/wiki/Solid-state_drive)), caching and filesystem [journaling](https://en.wikipedia.org/wiki/Journaling_file_system). + +Wear leveled devices do not guarantee a fixed relationship between [logical blocks addressed](https://en.wikipedia.org/wiki/Logical_block_addressing) through the interface. This means that the physical locations in which the data is stored may be different to where it is actually located, therefore shredding may not provide adequate security. + +--8<-- "includes/abbreviations.en.md" diff --git a/mkdocs.yml b/mkdocs.yml index 84ed10f6..471b6d0f 100644 --- a/mkdocs.yml +++ b/mkdocs.yml @@ -145,6 +145,7 @@ nav: - 'basics/account-deletion.md' - 'basics/multi-factor-authentication.md' - 'basics/dns.md' + - 'basics/erasing-data.md' - 'Android': - 'android/overview.md' - 'android/grapheneos-vs-calyxos.md'