nhellfire / dban Goto Github PK

Could you provide a list or some kind of reference which HBA controllers/chipset (i.e. LSI, Syba, HighPoint) are supported.
In #11 (comment) you mentioned DELL PERC5 and PERC H200 are supported.
How can I check for example if Marvel 88SE91xx ( https://origin-www.marvell.com/storage/system-solutions/assets/Marvell-88SE91XX-Host-Controllers.pdf ) is supported.

The LSI MegaRAID SAS9211-4i and -8i works great btw.
Should this go into the Wiki?

Just found this Fork. Congratulations on continuing DBAN.
Long time user here. Usually using v1.0.7 and v1.0.7BETA. v2.2.6 usually never finished booting on dozens of different DELL systems (PowerEdge Servers, Desktops and Laptops). In the past 2 or 3 years I found myself using more and more PartedMagic depending on the system; however PM doesn't support DELL PERCs.

If I could just ask for a few things for future versions: keep it simple and don't add too many new features. KISS. We need a fast-booting, auto-starting wiping tool. Make overwriting with 0 the default, no blanking pass, no verification, just 1 pass.
I haven't used the last v2.2.8, but I'm interested if it works on DELL PowerEdge 2950, R710, R720 and T610 with a DELL PERC 5/i, PERC 6/i, PERC, Hx00i etc.

I've pushed a branch with UEFI support.
This still supports legacy(BIOS) boot and the ISO can still be written directly to a flash drive.

Known issues:

• ISO written directly to flash drive won't boot in UEFI. Legacy does though.
• Boot menu needs finishing (only has interactive)

This will be merged into master once any issues are resolved.

Download: https://github.com/NHellFire/dban/releases/tag/nightly%2F20170718-gb9027694a

A proper configuration menu should be added, rather than having individual menus assigned to separate keys.

• Settings menu
  • PRNG
  • Method
  • Verification
  • Rounds
  • Toggle fingerprinting

MBR fingerprint announces "pass" even if verification errors occurred.

Need to somehow figure out what attached device contains DBAN.
Can't just check for /dban.bzi since it could've been renamed/moved. Probably have to require a tag file is left in root.

https://sourceforge.net/p/dban/bugs/63/

NHellFire,
I'm moving to ShredOS 2020 but wanted to thank you for your initiative taking over DBAN, developing and maintaining this invaluable tool over the last years.
Happy coding.

Certain devices cause lshw to crash resulting in no disk labels in dwipe.

Known devices:

• Kingston DataTraveler 100 G3

Waiting for lshw's SVN to be fixed to try latest version.

When selecting internal drive only automatic selection, my USB flash drive was wiped. I thought I did something wrong so I tried a different drive. Same behavior. Previously this flag could be used to ignore all USB devices.

Just looking for what all the options are and what they do. I found the isolinux.cfg file with options to APPEND.

Just wondering what others there are, what exactly silent does and how do you pass those if I'm PXE booting like so:

LABEL wipe
    MENU LABEL Wipe Drive
    #MENU PASSWD $nicetry/$
    KERNEL /memdisk
    APPEND iso initrd=/dban-3.0.1_i586.iso

This should be fixed once the work on updating to latest buildroot is complete. I'll need someone to confirm they're detected as I don't have a Haswell system to test on.

https://sourceforge.net/p/dban/bugs/61/
https://sourceforge.net/p/dban/bugs/57/

Just wondering if this version is able to support skylake chipsets......

When attempting to donate with the Flattr link, it simply shows the following:

It would be nice, if you could fireup DBAN machines for the night, but don't want to waste energy. So maybe it's possible, that the machine shutsdown itself, if after hours the job was finished successfully ?

Logging to disk:

• Should be rewritten to attempt mounting each filesystem to check for a DBANLOG directory.
  Will allow saving logs to all attached devices (as long as you have manually created the directory first), not just FAT filesystems.

Logging to network:

• Use avahi to autodiscover log server
  Will need to write a howto for setting this up.
• Add support for additional protocols? FTP?
  Could use avahi-publish-service and avahi-resolve-service to specify what is available.

Give quick erase a choice of patterns (add 0xFF to start with). Not sure how hard adding a configuration option would be, may just do separate methods.

Regarding BSI the Host/Hidden Protected Area nor Device Configuration Overlay aren't wiped by default.

It seems that dban should be started with parameters like

------------------------
dban libata.ignore_hpa=1
------------------------

to be ready to really eliminate the whole data on our magnetic disks.

Can someone confirm it? It would be cutting edge to add this feature to enrich dban be much more than just the tool of home data destruction!

Thanks in advance!

More wipe methods should be added. Such as badblocks. Patterns 0xAA, 0x55, 0xFF, 0x00 with verify all passes.

Write dummy bootcode to display disk info and wipe status.

https://sourceforge.net/p/dban/feature-requests/83/

and add option to start wiping after a number of login attempts?

Currently only x86 and PPC are supported. It'd be good to support other platforms such as ARM.
As I don't have a system to test on, I'd need either donations to buy one or people to build one and submit patches (should just be buildroot and kernel configs).

Additional work needed:

• Per arch buildroot and kernel configs
• Update scripts (master.sh / environment.sh) to ask for arch. Could just detect from buildroot/.config
• PPC needs us to build yaboot (or u-boot should work)
• Find bootloader for ARM.. possibly u-boot?

Hello,

Nice to see there is ongoing development on this very handy utility!

Do you know how difficult it would be to create an ISO image that also boots from USB without modification? Then one could just download an ISO image and write it to a USB stick using cat as some Linux distribution ISOs can.

I just spent an hour figuring out how to get the official DBAN onto a USB stick, ended up using this complicated procedure and thought a simple cat would be a lot nicer :)

Apologies if this feature is already included or prohibitively difficult to do. I couldn't find any mention in the issue tracker or commit logs and don't have any relevant expertise myself.

KR,
Lassi

I downloaded the latest build ISO, dban-20180328-g311c5ee_linux-4.7.2_i586.iso, and have been testing this; which I thought was to add UEFI support, and it never works on a UEFI machine. It only works if I change the BIOS settings to CSM support and "auto" or "both" UEFI and Legacy support.

I may have misunderstood the notes on this. Is this suppose to work on a UEFI machine? I apologize if this is not the right place to ask this question. It is the only place I could find to ask a question.

Audit Report from 2010-12-07 about "NASA’S DISPOSITION OF INFORMATION TECHNOLOGY EQUIPMENT"

Contractor personnel involved in the IT sanitization and disposition process at Kennedy, Johnson, and Ames were not sufficiently familiar with and did not follow NASA sanitization policy. Specifically, we identified instances at each of these three Centers where personnel used unapproved software to sanitize IT equipment.
...
NASA’s Standard Operating Procedure lists only three approved sanitization software products:

• Secure Erase

• Darik’s Boot and Nuke (DBAN)

• WipeDrive/WipeDrive Pro

However, we found instances at Kennedy, Johnson, and Ames of personnel using or recommending sanitization software not on the NASA-approved list:

• USA used DataGone by Symantec to sanitize excess IT equipment at both Kennedy and Johnson. DataGone has not been approved by NASA or certified for use by other Federal agencies, including DOD and the National Security Agency.
• Johnson’s disposition contractor, L&M Technologies, Inc., used both a NASA-approved software program (DBAN) and Active@KillDisk, which is not approved by NASA. When we informed L&M Technologies of the requirements in NASA’s Standard Operating Procedure, it stopped using the unapproved software.
• The Ames IT Security Manager recommended that Center personnel use a sanitization software program called BCwipe, which is DOD-compliant and therefore permissible for use under Ames’ procedures. However, it is not on the NASA list of approved software.

IT personnel at each of the three Centers stated that they were not aware that some of the sanitization software they were using had not been approved by NASA. The use of unapproved software is a significant concern because unapproved software was used on some of the computers at Kennedy that failed verification testing.

source: https://oig.nasa.gov/audits/reports/FY11/IG-11-009.pdf

Might want to add it to the Wiki.

It would be a nice feature, if the PC could beep / blink with keyboard leds, to notify you that the progress is finished. If you have to wipe a dozen PCs, you don't monitor them for hours. You probally don't keep them connected via KVM, so a speaker sound would be nice.

(Currently an ordinary stopwatch-alarm does the job)

Hello,
For the majority of the machines I'm erasing, the network works fine for saving a log and syncing the NTP client. However, I've noticed on some older Dell laptops I'm erasing, such as the Latitude D830 and D630, it doesn't appear the networking works. It never shows the DHCP or NTP client running during startup like my other machines do.

I found the Ethernet Controller model for the D630 (and I'd assume it's shared with the D830) is a Broadcom NetXtreme 5755M. Any ideas on what could be causing DBAN to not work with this controller? Thanks in advance!

ORG 0x7C00 ; Bootcode

; get cursor position
; dh = row
; dl = column
mov ah,0x03
mov bh,0
int 0x10

; write string
mov ah,0x13
mov al,1 ; write mode (advance cursor, ASCII string)
mov bl,0xF ; attribute (white on black)
mov cx,output_len ; string length
push cs
pop es
mov bp,output ; string
int 0x10


; hang indefinitely
idle_loop:
hlt ; if there is nothing to do, then do nothing
jmp idle_loop ; and do it forever



output:
    db 0xA,0xD, "DBAN fingerprint"
    db 0xA,0xD, "Model: #MODEL# - Serial: #SERIAL#"
    db 0xA,0xD, "Wipe finished at: #DATE# - #RESULT#"
    db 0xA,0xD, "Method: #METHOD#"
output_len: equ $ - output



; Keep this at the end
; Will pad out to 510 Bytes, then add MBR signature
; Total length 512 Bytes
; As is, program is 135 Bytes (with signature)
; Allows 414 Bytes for generated text (placeholders are 37 Bytes)

times 510-($-$$) db 0
dw 0xAA55

Features:

• Does not clear a screen. The screen may show other interesting messages.
• HLT instruction reduces power consumption.
• Tells the user where these messages are coming from.

Bug fix:

• Does not leave DH and DL undefined state.

Hi there! Thank you for maintaining DBAN, I use it frequently in my environment. A potential enhancement I wanted to suggest for it would be to synchronize the system clock with an internet time server before wiping the hard drive. Some of the machines I'm wiping have been sitting in storage for some time and the CMOS battery is long dead, and it's somewhat of a pain to reset the clock on each computer so I have a proper date/time in the wipe log.

When running DBAN on a system without keyboard LEDs (for example a VM), after completion this message gets printed on the console multiple times, until you press Enter to shutdown:

setleds: Error reading current flags setting. Maybe you are not on the console?:
ioctl KDGKBLED: Inappropriate ioctl for device

I'm trying to build dban from the scratch using the steps described in the Readme.md. However I found some strange URLs connections in the output of the buildroot compiling process like "gutscheinrausch.de" and "bothelp.de" although I cannot find those URLs grepping through the directory.
Do you know whats up with this behavior?

Thanks for helping,
Flo

Is it possible to add NVMe implementation?

Is it very difficult to add the /dev/nvmeX possibility to nwipe code?

Thanks a lot for job !!!

Final blanking pass should be optional to allow leaving random data on the drive.

In file included from tm.h:46:0,
from insn-recog.c:7:
../../gcc/defaults.h:126:24: warning: invalid suffix on literal; C++11 requires a space between literal and string macro [-Wliteral-suffix]
fprintf ((FILE), ","HOST_WIDE_INT_PRINT_UNSIGNED",%u\n",
^
rm gcc.pod
Makefile:3973: recipe for target 'all-gcc' failed
make[4]: *** [all-gcc] Error 2
Makefile:860: recipe for target 'all' failed
make[3]: *** [all] Error 2
package/pkg-generic.mk:196: recipe for target '/home/jbergmann/buildroot/output/build/host-gcc-final-4.9.3/.stamp_built' failed
make[2]: *** [/home/jbergmann/buildroot/output/build/host-gcc-final-4.9.3/.stamp_built] Error 2
Makefile:36: recipe for target '_all' failed
make[1]: *** [_all] Error 2
make[1]: Leaving directory '/home/jbergmann/buildroot'
Makefile:6: recipe for target 'i586' failed
make: *** [i586] Error 2

Version is 30c1b51.
I believe it might be something with gcc-final-4.9.3.... The last compile that was successful was 20160514.

Fedora release 27 (Twenty Seven)
x86_64 Linux 4.13.15-300.fc27.x86_64

receive error when trying to compile dban....

util-linux 2.28 Configuring
util-linux 2.28 Autoreconfiguring
libtoolize: putting auxiliary files in AC_CONFIG_AUX_DIR, 'config'.
libtoolize: copying file 'config/ltmain.sh'
libtoolize: putting macros in AC_CONFIG_MACRO_DIRS, 'm4'.
libtoolize: copying file 'm4/libtool.m4'
libtoolize: copying file 'm4/ltoptions.m4'
libtoolize: copying file 'm4/ltsugar.m4'
libtoolize: copying file 'm4/ltversion.m4'
libtoolize: copying file 'm4/lt~obsolete.m4'
Unescaped left brace in regex is illegal here in regex; marked by <-- HERE in m/${ <-- HERE ([^ \t=:+{}]+)}/ at /home/jbergmann/buildroot/output/host/usr/bin/automake line 3936.
autoreconf: /home/jbergmann/buildroot/output/host/usr/bin/automake failed with exit status: 255
make[2]: *** [package/pkg-generic.mk:193: /home/jbergmann/buildroot/output/build/util-linux-2.28/.stamp_configured] Error 1
make[1]: *** [Makefile:41: _all] Error 2
make[1]: Leaving directory '/home/jbergmann/buildroot'
make: *** [Makefile:9: i586] Error 2

Hi,

as more SSDs are integrated in modern PCs, it's also nessesary to wipe them for privacy. Unfortunately the flash logic makes it impossible to predict a full erase of all cells. Also you try to avoid unnessary write cycles to the chips itself.

This requires calling a special ATA command and unlocking the device, which tend to be an annoying manual task....
So it would be nice, if DBAN could detect SSDs and make use of the described procedure instead of wiping all blocks.

While I find the present version of DBAN easy to use, many people at my work help desk have issues with the boot loader and menu system. Would it be possible to make a basic menu that included the most common options, such as autowipe, quick, dodshort, and interactive, even if it is a separate image?

This is a feature request/enhancement.