blob: 2656d20c24c026498d048f532dbbd47b2998d060 [file] [log] [blame]
// Copyright 2017 The Chromium OS Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#ifndef SECURE_ERASE_FILE_SECURE_ERASE_FILE_H_
#define SECURE_ERASE_FILE_SECURE_ERASE_FILE_H_
#include <base/files/file_path.h>
#include <brillo/brillo_export.h>
namespace secure_erase_file {
// Returns true if the backing store for the file path supports secure erase.
//
// This can be used as a high-level check if we think the target file can be
// securely erased, but SecureErase() is not guaranteed to succeed.
BRILLO_EXPORT bool IsSupported(const base::FilePath& path);
// Securely erase a file, returning true on success and false on failure.
//
// Requires that:
// - the file is a regular file.
// - the file is stored on an eMMC device.
// - the file is stored on a filesystem that supports FS_IOC_FIEMAP.
// - the file does not span more than 32 extents.
// - the underlying eMMC device and kernel support FITRIM.
// - the underlying block point is not "anonymous", as with btrfs.
//
// This function internally calls IsSupported on the requested path, so it's not
// necessary to call IsSupported() before SecureErase().
//
// After unlink() and trim, this function reads from the file's original LBA
// range to ensure that it reads all 0s or 1s.
BRILLO_EXPORT bool SecureErase(const base::FilePath& path);
// Drop all filesystem caches.
//
// This must be called after securely erasing files to ensure that cached data
// is not kept in the filesystem caches.
//
// This drops caches for all filesystems, and thus takes no path argument.
BRILLO_EXPORT bool DropCaches();
} // namespace secure_erase_file
#endif // SECURE_ERASE_FILE_SECURE_ERASE_FILE_H_