Dev Notes

Various Cheat Sheets and Resources by David Egan/Carawebs.

Securely Erase A Drive from the Linux Command Line

Linux, Security
David Egan

If a disk contains secure information, it may need to be securely erased.

This article outlines a simple disk-wipe procedure for the Linux command line. Tested on Ubuntu 16.04.

Determine the Target Drive

To find the drive, run the lsblk command. This will output drive name and mount point:

# Typical output:
NAME                                          MAJ:MIN RM   SIZE RO TYPE  MOUNTPOINT
sda                                             8:0    0 465.8G  0 disk
├─sda1                                          8:1    0   512M  0 part  /boot/efi
├─sda2                                          8:2    0   488M  0 part  /boot
└─sda3                                          8:3    0 464.8G  0 part
  └─sda3_crypt                                252:0    0 464.8G  0 crypt
    ├─ubuntu--vg-root                         252:1    0 448.8G  0 lvm   /
    └─ubuntu--vg-swap_1                       252:2    0    16G  0 lvm
      └─cryptswap1                            252:3    0    16G  0 crypt [SWAP]
sdb                                             8:16   0   1.8T  0 disk
└─sdb1                                          8:17   0   1.8T  0 part  /media/datadrive
sdc                                             8:32   1   7.5G  0 disk
└─sdc1                                          8:33   1   7.5G  0 part
  └─luks-04235321-8ad9-4631-934c-2c09cfa700e7 252:4    0   7.5G  0 crypt /media/david/secure-data
sdd                                             8:48   1   7.5G  0 disk
└─sdd1                                          8:49   1   7.5G  0 part  /media/david/Thumbdrive
loop0                                           7:0    0  80.5M  1 loop  /snap/core/2462
loop1                                           7:1    0  80.5M  1 loop  /snap/core/2381
loop2                                           7:2    0  79.5M  1 loop  /snap/core/2312
loop3                                           7:3    0 182.6M  1 loop  /snap/atom/9
loop4                                           7:4    0 182.6M  1 loop  /snap/atom/8

Determine the relevant disk name from this list.

Double Check: Avoid Foot-Shooting

When you run the dd command in the “Wipe the Disk” section of this article, the target disk will be completely overwritten.

You should therefore double check that you’re operating on the right drive:

# Replace sdX with your target drive name
cat /sys/class/block/sdX/device/{model,vendor}

The output should correspond to the target disk you’re expecting to wipe.

Wipe the Disk

This is achieved by writing random data from /dev/urandom to the target disk.

Block size is set to 1M for the sake of increasing speed - dd will read and write up to 1M bytes at a time.

Setting the status option to “progress” prints periodic transfer stats to stderr.

# Replace sdX with your target drive name
dd if=/dev/urandom of=/dev/sdX bs=1M status=progress


comments powered by Disqus