MAAS should use secure disk erase, when possible
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| MAAS |
Fix Released
|
Wishlist
|
Blake Rouse | ||
Bug Description
Recently, MAAS added a feature to securely wipe disks in between provisioning runs, to secure user data from one machine usage to another. This was, roughly speaking, the feature request in Bug #1308194.
The current implementation actually rewrites all of the data using either dd or shred (I'm not sure which, honestly).
In any case, it's incredibly slow, especially on very large hard drives.
Many new drives, especially SSDs, have a feature colloquially known as "Secure Disk Erase". In short, all data is encrypted on the drive itself by the disk controller with a key that never leaves the firmware of the device. That key can be erased (or, in fact, rekeyed) very efficiently, and render all of the data on the device unreadable, more efficiently than dd or shred.
For more information, see:
https:/
MAAS should, opportunistically, use this erase procedure whenever possible.
Cheers,
Dustin
| Dustin Kirkland (kirkland) wrote | #1 |
| Changed in maas: | |
| assignee: | nobody → Blake Rouse (blake-rouse) |
| importance: | Undecided → Wishlist |
| status: | New → Triaged |
| milestone: | none → 1.9.0 |
| Christian Reis (kiko) wrote | #2 |
| Changed in maas: | |
| milestone: | 1.9.0 → 2.0.0 |
| Changed in maas: | |
| milestone: | 2.0.0 → 2.1.0 |
| Changed in maas: | |
| status: | Triaged → Fix Committed |
| Changed in maas: | |
| milestone: | 2.0.1 → 2.1.0 |
| Changed in maas: | |
| status: | Fix Committed → Fix Released |
All the magic is in hdparm!