2 * utils_wipe - wipe a device
4 * Copyright (C) 2004-2007 Clemens Fruhwirth <clemens@endorphin.org>
5 * Copyright (C) 2009-2023 Red Hat, Inc. All rights reserved.
6 * Copyright (C) 2009-2023 Milan Broz
8 * This program is free software; you can redistribute it and/or
9 * modify it under the terms of the GNU General Public License
10 * as published by the Free Software Foundation; either version 2
11 * of the License, or (at your option) any later version.
13 * This program is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
18 * You should have received a copy of the GNU General Public License
19 * along with this program; if not, write to the Free Software
20 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
25 #include <sys/ioctl.h>
30 /* block device zeroout ioctls, introduced in Linux kernel 3.7 */
32 #define BLKZEROOUT _IO(0x12,127)
35 static int wipe_zeroout(struct crypt_device *cd, int devfd,
36 uint64_t offset, uint64_t length)
38 static bool zeroout_available = true;
39 uint64_t range[2] = { offset, length };
42 if (!zeroout_available)
45 r = ioctl(devfd, BLKZEROOUT, &range);
47 log_dbg(cd, "BLKZEROOUT ioctl not available (error %i), disabling.", r);
48 zeroout_available = false;
56 * Wipe using Peter Gutmann method described in
57 * https://www.cs.auckland.ac.nz/~pgut001/pubs/secure_del.html
58 * Note: used only for rotational device (and even there it is not needed today...)
60 static void wipeSpecial(char *buffer, size_t buffer_size, unsigned int turn)
64 unsigned char write_modes[][3] = {
65 {"\x55\x55\x55"}, {"\xaa\xaa\xaa"}, {"\x92\x49\x24"},
66 {"\x49\x24\x92"}, {"\x24\x92\x49"}, {"\x00\x00\x00"},
67 {"\x11\x11\x11"}, {"\x22\x22\x22"}, {"\x33\x33\x33"},
68 {"\x44\x44\x44"}, {"\x55\x55\x55"}, {"\x66\x66\x66"},
69 {"\x77\x77\x77"}, {"\x88\x88\x88"}, {"\x99\x99\x99"},
70 {"\xaa\xaa\xaa"}, {"\xbb\xbb\xbb"}, {"\xcc\xcc\xcc"},
71 {"\xdd\xdd\xdd"}, {"\xee\xee\xee"}, {"\xff\xff\xff"},
72 {"\x92\x49\x24"}, {"\x49\x24\x92"}, {"\x24\x92\x49"},
73 {"\x6d\xb6\xdb"}, {"\xb6\xdb\x6d"}, {"\xdb\x6d\xb6"}
76 for (i = 0; i < buffer_size / 3; ++i) {
77 memcpy(buffer, write_modes[turn], 3);
82 static int crypt_wipe_special(struct crypt_device *cd, int fd, size_t bsize,
83 size_t alignment, char *buffer,
84 uint64_t offset, size_t size)
90 for (i = 0; i < 39; ++i) {
92 r = crypt_random_get(cd, buffer, size, CRYPT_RND_NORMAL);
93 } else if (i >= 5 && i < 32) {
94 wipeSpecial(buffer, size, i - 5);
96 } else if (i >= 32 && i < 38) {
97 r = crypt_random_get(cd, buffer, size, CRYPT_RND_NORMAL);
98 } else if (i >= 38 && i < 39) {
99 memset(buffer, 0xFF, size);
105 written = write_lseek_blockwise(fd, bsize, alignment,
106 buffer, size, offset);
107 if (written < 0 || written != (ssize_t)size)
111 /* Rewrite it finally with random */
112 if (crypt_random_get(cd, buffer, size, CRYPT_RND_NORMAL) < 0)
115 written = write_lseek_blockwise(fd, bsize, alignment, buffer, size, offset);
116 if (written < 0 || written != (ssize_t)size)
122 static int wipe_block(struct crypt_device *cd, int devfd, crypt_wipe_pattern pattern,
123 char *sf, size_t device_block_size, size_t alignment,
124 size_t wipe_block_size, uint64_t offset, bool *need_block_init,
129 if (pattern == CRYPT_WIPE_SPECIAL)
130 return crypt_wipe_special(cd, devfd, device_block_size, alignment,
131 sf, offset, wipe_block_size);
133 if (*need_block_init) {
134 if (pattern == CRYPT_WIPE_ZERO) {
135 memset(sf, 0, wipe_block_size);
136 *need_block_init = false;
138 } else if (pattern == CRYPT_WIPE_RANDOM ||
139 pattern == CRYPT_WIPE_ENCRYPTED_ZERO) {
140 r = crypt_random_get(cd, sf, wipe_block_size,
141 CRYPT_RND_NORMAL) ? -EIO : 0;
142 *need_block_init = true;
150 if (blockdev && pattern == CRYPT_WIPE_ZERO &&
151 !wipe_zeroout(cd, devfd, offset, wipe_block_size)) {
152 /* zeroout ioctl does not move offset */
153 if (lseek(devfd, offset + wipe_block_size, SEEK_SET) < 0) {
154 log_err(cd, _("Cannot seek to device offset."));
160 if (write_blockwise(devfd, device_block_size, alignment, sf,
161 wipe_block_size) == (ssize_t)wipe_block_size)
167 int crypt_wipe_device(struct crypt_device *cd,
168 struct device *device,
169 crypt_wipe_pattern pattern,
172 size_t wipe_block_size,
173 int (*progress)(uint64_t size, uint64_t offset, void *usrptr),
178 size_t bsize, alignment;
181 bool need_block_init = true;
183 /* Note: LUKS1 calls it with wipe_block not aligned to multiple of bsize */
184 bsize = device_block_size(cd, device);
185 alignment = device_alignment(device);
186 if (!bsize || !alignment || !wipe_block_size)
189 /* if wipe_block_size < bsize, then a wipe is highly ineffective */
191 /* Everything must be aligned to SECTOR_SIZE */
192 if (MISALIGNED_512(offset) || MISALIGNED_512(length) || MISALIGNED_512(wipe_block_size))
195 if (device_is_locked(device))
196 devfd = device_open_locked(cd, device, O_RDWR);
198 devfd = device_open(cd, device, O_RDWR);
200 return errno ? -errno : -EINVAL;
202 if (fstat(devfd, &st) < 0) {
208 dev_size = offset + length;
210 r = device_size(device, &dev_size);
214 if (dev_size <= offset) {
220 r = posix_memalign((void **)&sf, alignment, wipe_block_size);
224 if (lseek(devfd, offset, SEEK_SET) < 0) {
225 log_err(cd, _("Cannot seek to device offset."));
230 if (progress && progress(dev_size, offset, usrptr)) {
231 r = -EINVAL; /* No change yet, treat this as a parameter error */
235 if (pattern == CRYPT_WIPE_SPECIAL && !device_is_rotational(device)) {
236 log_dbg(cd, "Non-rotational device, using random data wipe mode.");
237 pattern = CRYPT_WIPE_RANDOM;
240 while (offset < dev_size) {
241 if ((offset + wipe_block_size) > dev_size)
242 wipe_block_size = dev_size - offset;
244 r = wipe_block(cd, devfd, pattern, sf, bsize, alignment,
245 wipe_block_size, offset, &need_block_init, S_ISBLK(st.st_mode));
247 log_err(cd,_("Device wipe error, offset %" PRIu64 "."), offset);
251 offset += wipe_block_size;
253 if (progress && progress(dev_size, offset, usrptr)) {
259 device_sync(cd, device);
265 int crypt_wipe(struct crypt_device *cd,
266 const char *dev_path,
267 crypt_wipe_pattern pattern,
270 size_t wipe_block_size,
272 int (*progress)(uint64_t size, uint64_t offset, void *usrptr),
275 struct device *device;
286 device = crypt_data_device(cd);
288 r = device_alloc_no_check(&device, dev_path);
292 if (flags & CRYPT_WIPE_NO_DIRECT_IO)
293 device_disable_direct_io(device);
298 if (!wipe_block_size)
299 wipe_block_size = 1024*1024;
301 log_dbg(cd, "Wipe [%u] device %s, offset %" PRIu64 ", length %" PRIu64 ", block %zu.",
302 (unsigned)pattern, device_path(device), offset, length, wipe_block_size);
304 r = crypt_wipe_device(cd, device, pattern, offset, length,
305 wipe_block_size, progress, usrptr);
308 device_free(cd, device);