Background block scrubbing
Robert Krten
root at parse.com
Thu Apr 28 06:04:40 PDT 2005
=?iso-8859-1?q?Dag-Erling_Sm=F8rgrav?= sez...
>
> "Robert Krten" <root at parse.com> writes:
> > Is there a utility that does background unused block scrubbing?
> >
> > What I'm thinking of is something that looks for unused blocks on the
> > disk, and then writes zeros, then random, then more random, etc, to them
> > for security applications.
>
> That's not how it's done. Here's a good explanation of how to do it
> and why it must be done that way:
>
> http://www.cs.auckland.ac.nz/~pgut001/pubs/secure_del.html
Thanks!
> > It would need to have some cooperation from the filesystem so that it could
> > lock down a block (or ten, or some number) at a time that it could then go
> > and "scrub" during idle periods... Since it would only allocate a few
> > blocks at a time, it wouldn't need to have a mechanism to release them (IMHO).
>
> To do this safely, you have to first scrub the entire disk before
> partitioning / newfsing it, and when the disk is in use, scrub every
> single block that has held data but no longer does as soon as it is
> deallocated, and before reporting the I/O operation complete to the
> filesystem. Performance would be abysmal (it takes 35 passes to fully
> scrub each block), so in real life you'd be better off encrypting the
> disk (using gbde or something similar), and only scrubbing or bulk
> erasing it when you decomission it.
Gotcha. I wasn't aware it was *35* :-) I was thinking/hoping more like
3 or 4 with random garbage.
Thanks for the info!
Cheers,
-RK
--
Robert Krten, PARSE Software Devices +1 613 599 8316.
Realtime Systems Architecture, Consulting, Books and Training at www.parse.com
Looking for Digital Equipment Corp. PDP-1 through PDP-15 minicomputers!
More information about the freebsd-fs
mailing list