[Freedombox-discuss] [liberationtech] secure wipe of flash memory

Mon Jul 16 20:05:57 UTC 2012

----- Forwarded message from Chris Ball <cjb at laptop.org> -----

From: Chris Ball <cjb at laptop.org>
Date: Mon, 16 Jul 2012 12:24:07 -0400
To: Michael Rogers <michael at briarproject.org>
Cc: liberationtech at lists.stanford.edu
Subject: Re: [liberationtech] secure wipe of flash memory
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.0.97 (gnu/linux)

Hi,

On Mon, Jul 16 2012, Michael Rogers wrote:
> I've heard that some Android devices use controller chips for their
> internal flash storage, making the storage appear as a block device
> from the kernel's point of view, while others allow the kernel to
> access the flash chips directly. In the former case the storage will
> contain an ordinary block-oriented filesystem like ext2, while in the
> latter case it will contain a flash-specific filesystem like YAFFS.
>
> I have no idea how common each case is, but it would be easy to find
> out by checking the contents of /etc/mtab on a sample of Android
> devices. Is anyone on the list in a position to do that?

Pretty much every Android device currently on the market is using an
eMMC (controller chip) now, not YAFFS.  (In an example of how the world
doesn't make sense, NAND flash plus a controller chip is much cheaper to
buy than the same NAND flash without a controller chip.  We used bare
NAND on the first OLPC laptop, but have since had to move to eMMC for
cost reasons.)

I agree with everything said in the thread so far.  You can't use a raw
NAND filesystem like YAFFS on an eMMC, and you can't perform secure
deletion on an eMMC yourself.

You can ask the eMMC's firmware to do it for you, though: there are
"secure erase" and "secure trim" commands, which the spec¹ mandates must
delete all copies of the data requested for deletion no matter where
they are on the media.

There's no good reason to trust this closed-source firmware to do the
right thing, though -- while I'm not aware of much testing on eMMC,
testing of a similar command on ATA SSD devices² found that most of the
devices left data still present after the command was completed, and one
device even reported a successful wipe while not erasing any data at all!

- Chris.

¹: http://www.jedec.org/sites/default/files/docs/JESD84-A441.pdf
²: http://static.usenix.org/events/fast11/tech/full_papers/Wei.pdf
-- 
Chris Ball   <cjb at laptop.org>   <http://printf.net/>
One Laptop Per Child
_______________________________________________
liberationtech mailing list
liberationtech at lists.stanford.edu

Should you need to change your subscription options, please go to:

https://mailman.stanford.edu/mailman/listinfo/liberationtech

If you would like to receive a daily digest, click "yes" (once you click above) next to "would you like to receive list mail batched in a daily digest?"

You will need the user name and password you receive from the list moderator in monthly reminders. You may ask for a reminder here: https://mailman.stanford.edu/mailman/listinfo/liberationtech

Should you need immediate assistance, please contact the list moderator.

Please don't forget to follow us on http://twitter.com/#!/Liberationtech
----- End forwarded message -----
-- 
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE