| #!/bin/sh |
| # |
| # Copyright 2019 The Chromium OS Authors. All rights reserved. |
| # Use of this source code is governed by a BSD-style license that can be |
| # found in the LICENSE file. |
| |
| . /usr/sbin/secure-wipe.sh |
| |
| # Fully erase the disks on the device via firmware and verify it is erased |
| # properly. |
| main() { |
| local dev |
| local dev_size |
| local overwrite_exit_code |
| local verify_pattern_exit_code |
| local wipe_exit_code |
| local verify_wipe_exit_code |
| local exit_code=0 |
| local disk_found=0 |
| |
| for dev in $(list_fixed_ata_disks) $(list_fixed_mmc_disks) \ |
| $(list_fixed_nvme_nss); do |
| disk_found=1 |
| # Before secure_erase, disk is written with a checksummed random pattern |
| # and verified if the pattern is written correctly. This part can only be |
| # executed using block devices. |
| dev_size="$(blockdev --getsize64 /dev/${dev})" |
| |
| perform_fio_op "/dev/${dev}" "${dev_size}" "write" |
| overwrite_exit_code=$? |
| if [ "${overwrite_exit_code}" -ne 0 ]; then |
| exit_code="${overwrite_exit_code}" |
| fi |
| |
| perform_fio_op "/dev/${dev}" "${dev_size}" "verify" |
| verify_pattern_exit_code=$? |
| if [ "${verify_pattern_exit_code}" -ne 0 ]; then |
| exit_code="${verify_pattern_exit_code}" |
| fi |
| done |
| |
| for dev in $(list_fixed_ata_disks) $(list_fixed_mmc_disks) \ |
| $(list_fixed_nvme_disks); do |
| # To ensure NVMe device is physically erased, set strict option to 1. |
| # To avoid running secure_erase multiple times with different |
| # namespaces for the same NVMe device, character device is given as |
| # argument. |
| secure_erase "/dev/${dev}" 1 |
| wipe_exit_code=$? |
| if [ "${wipe_exit_code}" -ne 0 ]; then |
| exit_code="${wipe_exit_code}" |
| fi |
| done |
| |
| for dev in $(list_fixed_ata_disks) $(list_fixed_mmc_disks) \ |
| $(list_fixed_nvme_nss); do |
| # After secure_erase, verify the disk is zeroed. This part can only be |
| # executed using block devices. |
| perform_fio_op "/dev/${dev}" "${dev_size}" "verify_disk_wipe" |
| verify_wipe_exit_code=$? |
| if [ "${verify_wipe_exit_code}" -ne 0 ]; then |
| exit_code="${verify_wipe_exit_code}" |
| fi |
| done |
| |
| if [ ${disk_found} -eq 1 ]; then |
| return ${exit_code} |
| else |
| return 1 |
| fi |
| } |
| |
| main |