[Replicant] Add basic support for the wipe utility

Tad tad at spotco.us
Wed Mar 24 19:27:01 UTC 2021

If you write a file to flash and then erase it using any tool such as wipe or
scrub, it *will* be fully intact on the storage.

If you trust the drive firmware you can send a discard command for the file's
But in most cases that is only a suggestion, unless the drive supports the
secdiscard command.

secdiscard is typically only supported on high-end enterprise drives, not common
in these mobiles.

Filling the whole drive is the only way you can hope to overwrite the underlying
location of flash of deleted files.

My tool has limits, as in it works without root and can only fill /data
partition, and since partitions are abstract from the drive firmware, deleted
files in /data can and will still be recoverable.

But even wipe or scrub will have that same limit unless the user or a helper
script fills up each and every partition and keeps them fill until they are all

Filesystems as far as I am aware under these circumstances (many partitions) is
irrelevant as it leaves many bigger gaps.

The best way to improve the situation:
- ensure the system is encrypted from the get-go
- ensure secure boot is enabled if using FDE (pin/pass to unlock on boot)
- ensure the bootloader is locked, especially important if using FBE, to prevent
flashing malicious images to dump partitions
- ensure verified boot is enabled, especially important if using FBE
- set discard for /data, to hope files are more often garbage collected by the
drive firmware
- set CONFIG_MMC_SECDISCARD for supported device/kernels, to hope the drive
really zeros
- unset CONFIG_MSM_DLOAD_MODE for supported devices, to prevent dumping
- if the device has sensitive data that needs to be destroyed, take a
sledgehammer to the NAND chips

In the case of the devices supported by Replicant I believe there are a handful
of other ways for easily dumping flash that sadly cannot be disabled.

More information about the Replicant mailing list