Problem/Justification
(What is the problem you are trying to solve with this feature/improvement or why should it be considered?)
The UI only provides crude wiping methods (quick, full with zeros, full with random). If a drive supports crypto scrambling, these methods are much more time-consuming and arguably less secure, or may not even work at all if the drive has issues.
What is crypto scrambling?
It is a sanitation feature supported by some SATA, SAS, and NVMe drives. Such drives store a cryptographic key which is used for all data going in and out. If that key is reset, the contents of the drive no longer make sense.
How can crypto scrambling be done?
For SATA drives, this is managed by hdparm
. The command hdparm --sanitize-status /dev/sdX
can be used to check if a drive supports Secure Erase. To initiate a crypto scramble: hdparm --yes-i-know-what-i-am-doing --sanitize-crypto-scramble /dev/sdX
. This should take just a few seconds. To check the status: hdparm --sanitize-status /dev/sdX
.
For SAS drives, crypto scrambling is initiated with sg_sanitize [--quick] --crypto /dev/sdX
. The drive must be SED (self-encrypted drive).
For NVMe drives: nvme sanitize /dev/nvmeX -a start-crypto-erase
Impact
(How is this feature going to impact all TrueNAS users? What are the benefits and advantages? Are there disadvantages?)
This feature will allow TrueNAS users to quickly yet very securely erase drives that support crypto-scrambling.
User Story
(Please give a short description on how you envision some user taking advantage of this feature, what are the steps a user will follow to accomplish it)
A user wants to wipe a drive with crypto scrambling. They go to the TrueNAS UI, select the disk, click āWipeā, select āCrypto Scramblingā, and within seconds have a drive cryptographically wiped.