[UI] Allow wiping a disk using cryptographic scrambling

Problem/Justification
(What is the problem you are trying to solve with this feature/improvement or why should it be considered?)

The UI only provides crude wiping methods (quick, full with zeros, full with random). If a drive supports crypto scrambling, these methods are much more time-consuming and arguably less secure, or may not even work at all if the drive has issues.

What is crypto scrambling?

It is a sanitation feature supported by some SATA, SAS, and NVMe drives. Such drives store a cryptographic key which is used for all data going in and out. If that key is reset, the contents of the drive no longer make sense.

How can crypto scrambling be done?

For SATA drives, this is managed by hdparm. The command hdparm --sanitize-status /dev/sdX can be used to check if a drive supports Secure Erase. To initiate a crypto scramble: hdparm --yes-i-know-what-i-am-doing --sanitize-crypto-scramble /dev/sdX. This should take just a few seconds. To check the status: hdparm --sanitize-status /dev/sdX.

For SAS drives, crypto scrambling is initiated with sg_sanitize [--quick] --crypto /dev/sdX. The drive must be SED (self-encrypted drive).

For NVMe drives: nvme sanitize /dev/nvmeX -a start-crypto-erase

Impact
(How is this feature going to impact all TrueNAS users? What are the benefits and advantages? Are there disadvantages?)

This feature will allow TrueNAS users to quickly yet very securely erase drives that support crypto-scrambling.

User Story
(Please give a short description on how you envision some user taking advantage of this feature, what are the steps a user will follow to accomplish it)

A user wants to wipe a drive with crypto scrambling. They go to the TrueNAS UI, select the disk, click ā€œWipeā€, select ā€œCrypto Scramblingā€, and within seconds have a drive cryptographically wiped.

2 Likes

Nice !. I did not know that such thing existed.
But am posting to tell you that you too can vote on it. :wink:

1 Like

If this feature is not already in TrueNAS Enterprise, I guess it would be appreciated there.

1 Like

And lets not forget to run the commands to make the drive usable again. If you are tossing the drive in garbage, no problem, however if you are expecting to use this drive elsewhere, there are more commands otherwise the drive may be left locked.

Out of curiosity, does it take long to use hdparm to perform this action? Based on your posting it sounds like the key is destroyed and thus the data cannot be recovered, and that sounds very fast. I really like that idea.

However, if it takes a considerable amount of time (hours) then there should be a few Wipe options of course (quick, secure). The quick would be the simple wipe we have today, or the ā€˜secureā€™ option to use the crypto way, however if a drive does not support this feature, then drop in preferably the fasted alternate option. Iā€™m not sure if that is dd (using urandom), shred, badblocks or something else.

@ joeschmuck

if you are expecting to use this drive elsewhere, there are more commands otherwise the drive may be left locked.

Can you elaborate? AFAIK the drive is usable after the commands I posted.

it sounds like the key is destroyed and thus the data cannot be recovered

when using that command, a new encryption key is generated by the drive, which is instant. AFAIK you cannot set the encryption key yourself.

See ATA Sanitize and hdparm for more info.

The quick would be the simple wipe we have today, or the ā€˜secureā€™ option to use the crypto way

I believe it is better to have them separate.

I also think ATA Secure Erase (see ATA Secure Erase (SE) and hdparm) should be made available on top of the existing dd based methods.

I personally have not done this so take it for what it is worth but wouldnā€™t you need to unlock the drive afterword to make it usable again. Commands specifically: hdparm --user-master u --security-unlock p /dev/sdX or hdparm --user-master u --security-disable p /dev/sdXl ?

To be honest, I donā€™t know if those are required however have you tested this secure erase and then had the drive be usable again?

Indeed I have. A drive is usable again, whether through crypto scramble or security erase.

1 Like