Background block scrubbing

Dag-Erling Smørgrav des at
Wed Apr 27 14:17:58 PDT 2005

"Robert Krten" <root at> writes:
> Is there a utility that does background unused block scrubbing?
> What I'm thinking of is something that looks for unused blocks on the
> disk, and then writes zeros, then random, then more random, etc, to them
> for security applications.

That's not how it's done.  Here's a good explanation of how to do it
and why it must be done that way:

> It would need to have some cooperation from the filesystem so that it could
> lock down a block (or ten, or some number) at a time that it could then go
> and "scrub" during idle periods...  Since it would only allocate a few
> blocks at a time, it wouldn't need to have a mechanism to release them (IMHO).

To do this safely, you have to first scrub the entire disk before
partitioning / newfsing it, and when the disk is in use, scrub every
single block that has held data but no longer does as soon as it is
deallocated, and before reporting the I/O operation complete to the
filesystem.  Performance would be abysmal (it takes 35 passes to fully
scrub each block), so in real life you'd be better off encrypting the
disk (using gbde or something similar), and only scrubbing or bulk
erasing it when you decomission it.

Dag-Erling Smørgrav - des at

More information about the freebsd-fs mailing list