[Replicant] Add basic support for the wipe utility
tad at spotco.us
Wed Mar 24 19:27:01 UTC 2021
If you write a file to flash and then erase it using any tool such as wipe or
scrub, it *will* be fully intact on the storage.
If you trust the drive firmware you can send a discard command for the file's
But in most cases that is only a suggestion, unless the drive supports the
secdiscard is typically only supported on high-end enterprise drives, not common
in these mobiles.
Filling the whole drive is the only way you can hope to overwrite the underlying
location of flash of deleted files.
My tool has limits, as in it works without root and can only fill /data
partition, and since partitions are abstract from the drive firmware, deleted
files in /data can and will still be recoverable.
But even wipe or scrub will have that same limit unless the user or a helper
script fills up each and every partition and keeps them fill until they are all
Filesystems as far as I am aware under these circumstances (many partitions) is
irrelevant as it leaves many bigger gaps.
The best way to improve the situation:
- ensure the system is encrypted from the get-go
- ensure secure boot is enabled if using FDE (pin/pass to unlock on boot)
- ensure the bootloader is locked, especially important if using FBE, to prevent
flashing malicious images to dump partitions
- ensure verified boot is enabled, especially important if using FBE
- set discard for /data, to hope files are more often garbage collected by the
- set CONFIG_MMC_SECDISCARD for supported device/kernels, to hope the drive
- unset CONFIG_MSM_DLOAD_MODE for supported devices, to prevent dumping
- if the device has sensitive data that needs to be destroyed, take a
sledgehammer to the NAND chips
In the case of the devices supported by Replicant I believe there are a handful
of other ways for easily dumping flash that sadly cannot be disabled.
More information about the Replicant