secure-wipe/wipe_disk - mirrors/cros/chromiumos/platform2 - Git at Google

 #!/bin/sh
 #
 # Copyright 2019 The Chromium OS Authors. All rights reserved.
 # Use of this source code is governed by a BSD-style license that can be
 # found in the LICENSE file.

 . /usr/sbin/secure-wipe.sh

 # Fully erase the disks on the device via firmware and verify it is erased
 # properly.
 main() {
   local dev
   local dev_size
   local overwrite_exit_code
   local verify_pattern_exit_code
   local wipe_exit_code
   local verify_wipe_exit_code
   local exit_code=0
   local disk_found=0

   for dev in $(list_fixed_ata_disks) $(list_fixed_mmc_disks) \
       $(list_fixed_nvme_nss); do
     disk_found=1
     # Before secure_erase, disk is written with a checksummed random pattern
     # and verified if the pattern is written correctly. This part can only be
     # executed using block devices.
     dev_size="$(blockdev --getsize64 /dev/${dev})"

     perform_fio_op "/dev/${dev}" "${dev_size}" "write"
     overwrite_exit_code=$?
     if [ "${overwrite_exit_code}" -ne 0 ]; then
       exit_code="${overwrite_exit_code}"
     fi

     perform_fio_op "/dev/${dev}" "${dev_size}" "verify"
     verify_pattern_exit_code=$?
     if [ "${verify_pattern_exit_code}" -ne 0 ]; then
       exit_code="${verify_pattern_exit_code}"
     fi
   done

   for dev in $(list_fixed_ata_disks) $(list_fixed_mmc_disks) \
       $(list_fixed_nvme_disks); do
     # To ensure NVMe device is physically erased, set strict option to 1.
     # To avoid running secure_erase multiple times with different
     # namespaces for the same NVMe device, character device is given as
     # argument.
     secure_erase "/dev/${dev}" 1
     wipe_exit_code=$?
     if [ "${wipe_exit_code}" -ne 0 ]; then
       exit_code="${wipe_exit_code}"
     fi
   done

   for dev in $(list_fixed_ata_disks) $(list_fixed_mmc_disks) \
       $(list_fixed_nvme_nss); do
     # After secure_erase, verify the disk is zeroed. This part can only be
     # executed using block devices.
     perform_fio_op "/dev/${dev}" "${dev_size}" "verify_disk_wipe"
     verify_wipe_exit_code=$?
     if [ "${verify_wipe_exit_code}" -ne 0 ]; then
       exit_code="${verify_wipe_exit_code}"
     fi
   done

   if [ ${disk_found} -eq 1 ]; then
     return ${exit_code}
   else
     return 1
   fi
 }

 main
	#!/bin/sh
	#
	# Copyright 2019 The Chromium OS Authors. All rights reserved.
	# Use of this source code is governed by a BSD-style license that can be
	# found in the LICENSE file.

	. /usr/sbin/secure-wipe.sh

	# Fully erase the disks on the device via firmware and verify it is erased
	# properly.
	main() {
	local dev
	local dev_size
	local overwrite_exit_code
	local verify_pattern_exit_code
	local wipe_exit_code
	local verify_wipe_exit_code
	local exit_code=0
	local disk_found=0

	for dev in $(list_fixed_ata_disks) $(list_fixed_mmc_disks) \
	$(list_fixed_nvme_nss); do
	disk_found=1
	# Before secure_erase, disk is written with a checksummed random pattern
	# and verified if the pattern is written correctly. This part can only be
	# executed using block devices.
	dev_size="$(blockdev --getsize64 /dev/${dev})"

	perform_fio_op "/dev/${dev}" "${dev_size}" "write"
	overwrite_exit_code=$?
	if [ "${overwrite_exit_code}" -ne 0 ]; then
	exit_code="${overwrite_exit_code}"
	fi

	perform_fio_op "/dev/${dev}" "${dev_size}" "verify"
	verify_pattern_exit_code=$?
	if [ "${verify_pattern_exit_code}" -ne 0 ]; then
	exit_code="${verify_pattern_exit_code}"
	fi
	done

	for dev in $(list_fixed_ata_disks) $(list_fixed_mmc_disks) \
	$(list_fixed_nvme_disks); do
	# To ensure NVMe device is physically erased, set strict option to 1.
	# To avoid running secure_erase multiple times with different
	# namespaces for the same NVMe device, character device is given as
	# argument.
	secure_erase "/dev/${dev}" 1
	wipe_exit_code=$?
	if [ "${wipe_exit_code}" -ne 0 ]; then
	exit_code="${wipe_exit_code}"
	fi
	done

	for dev in $(list_fixed_ata_disks) $(list_fixed_mmc_disks) \
	$(list_fixed_nvme_nss); do
	# After secure_erase, verify the disk is zeroed. This part can only be
	# executed using block devices.
	perform_fio_op "/dev/${dev}" "${dev_size}" "verify_disk_wipe"
	verify_wipe_exit_code=$?
	if [ "${verify_wipe_exit_code}" -ne 0 ]; then
	exit_code="${verify_wipe_exit_code}"
	fi
	done

	if [ ${disk_found} -eq 1 ]; then
	return ${exit_code}
	else
	return 1
	fi
	}

	main