Re: [Yaffs] Secure delete

Top Page
Attachments:
Message as email
+ (text/plain)
Delete this message
Reply to this message
Author: Peter Barada
Date:  
To: William Watson
CC: yaffs
Subject: Re: [Yaffs] Secure delete
On Tue, 2006-10-17 at 18:04 -0700, William Watson wrote:
> Not at present. This would require forcing garbage collection to
> happen until all blocks with the file of interest get erased. In
> YAFFS2, this could be implemented by noting the current block sequence
> number (or better yet, the highest block sequence number of the file
> of interest), then garbage collecting all older blocks. As YAFFS1
> doesn't use the block sequence numbers, it'd require a different
> approach, possibly just garbage collecting all blocks with stale data.
> Note that you can't just erase all blocks currently containing pieces
> of the file, as other blocks may contain stale pages that represent
> data that the file used to contain, but that got replaced by newer
> pages.


One possibility is to just write zeros over all the old blocks which
doesn't require an erase. Perhaps an IOCTL interface to "zap" the file
contents?

> Two notes: (1) the "erase everything old" operations could take
> considerable time. (2) You'd need some way to invoke the operation,
> either by hooking it into existing operations (say, set file size to
> zero, then flush), by creating a new IOCTL, or perhaps finding an
> IOCTL presently unused by YAFFS that could logically be taken over
> for this purpose.
>
> This doesn't seem like rocket science, but it certainly isn't in place
> at present.


> Good luck,
>
> William
>
> On 10/17/06, goog long <> wrote:
>         Is there a proper way to force immediate deletion if the data
>         is sensitive and we do not want the data is around on NAND?

>
>         Ceco

>
>         goog long <> wrote:
>                 When a file is deleted, it is not immediately erased
>                 on flash, but is marked as deleted and the actual
>                 erasure etc is defered to future garbage collection
>                 operations. If the file contains sensitive information
>                 and we do not want to defer the erasure, do we have an
>                 option to do it? What is the easiest way to do?

>
>                 Thanks,
>                 Ceco

>
> --
>
> William J. Watson
> _______________________________________________
> yaffs mailing list
>
> http://lists.aleph1.co.uk/cgi-bin/mailman/listinfo/yaffs