how to secure erase Jetson device
Hi,
I need to erase internal eMMC 64 GB and external NVM memory in my jetson AgX Xavier hardware which is flashed with linux for tegra flavour of ubuntu 20.04 focal Theere no steps for secure erase on the vendor NVIdia website. They have some documentation link for security features as shown below https://docs.nvidia.com/jetson/archi.../Security.html I want to know, if there are any particular steps to complete secure erase my memory eMMC and NVM. Thanks. |
if I understand well this is encrypted: https://docs.nvidia.com/jetson/archi...ncryption.html
In that case you only need to remove/destroy/forget the encryption key and nobody will be able to find anything on it any more. |
Thanks a lot for your response.
Quote:
Quote:
You mean we can use disk Encryption method as a substitute/alternative method for Secure erase? I am not sure, if we would be able to convince our customer to agree for disk encryption instead of secure erase. Not sure after disk encryption, will it ask for the password each time, if you try to mount/copy the contents from the disk. We need to check on this. |
disk encryption will make the disk useless without the key, there is no need to wipe it (if encrypted).
disk can be unlocked at boot (or mount), there is no need to type password every time you use it. But obviously it can be different if it is an external disk (for example). It depends how do you to configure it. Anyway, you only need to overwrite the whole disk with random numbers (or just with anything, like zero) to erase the content completely. |
Quote:
Quote:
https://www.linuxquestions.org/quest...em-4175735565/ Again: you need to have taken some action, done something, or have some actionable information to work with. Posting things full of speculation without any effort is pointless...until you try something, have some hard information, or know details, there's zero anyone can tell you. |
Quote:
Quote:
I have some queries regarding the same: 1) Suppose this secure erase is triggered with a button connected via a GPIO pin state change, how can we handle this from the user space. although i have below sample shell script code to check the state of gpio pin as shown below: Quote:
2) Any idea how to call the NVM drive tool provided by the vendor from inside this shell script? so that we can execute the oPcode - 80h - from that NVM drive tool/terminal to initiate secure erase. Any thoughts on this. Note: I would be running this script infinitely on boot each time in the background by calling this script inside/etc/rc.local file. Thanks in advance. |
Quote:
I have been parallelly discussing with nvidia experts and moderators in there developer forums to gather more information on this. Quote:
Quote:
This thread is for a Nvidia based Jetson device project. Quote:
Thanks for all the support. |
Quote:
Quote:
Quote:
|
Quote:
Quote:
In 6 months i have worked on GPIO, CAN, Audio, Camera, Serial, Ethernet and other features. Quote:
Quote:
Quote:
Nvidia Jetson does not support Secure erase on there inbuilt eMMC memory inside there SOM. Below are few steps to perform Secure erase on a NVM SSD drive: 1) Install nvme-cli tool first with $sudo apt install nvme-cli 2) Next list out all the nvme device on your hardware using below command: $sudo nvme list 3) Next execute the below erase command to perform secure erase $sudo nvme format -s1 /de/nvm30n1 |
Quote:
Quote:
Quote:
https://forums.developer.nvidia.com/...trial/288457/6 ...where you also got a good deal of advice from the people who built it. Quote:
Quote:
|
Quote:
Quote:
Quote:
Quote:
Quote:
Quote:
I have one more query: 1) Do you have any idea about any commands/method, to recover the data from a secure erased NVMe. so that we can fail in that process and get confirmed that secure erase has happened successfully. |
ifyou wantt oeras eyour machi netoh ideit fromu sthet hreel etter agenc ieswe willr eadit anywa yxxxx :)
|
Quote:
You need to think about what a 'secure erased' drive is, which will then tell you why your question is pointless. You can then take some of the money they're paying you, and YOU, PERSONALLY, can build a test for YOUR CUSTOMER. Go do your own research on how to do a secure erase, and look up how to test such things. |
Quote:
|
Quote:
Quote:
I have a point in my question. I know once we secure erase, there was nothing left on the NVMe drive and I even remounted it once again to access it after secure erase. But in order to more deeply prove, that no one in this world can recover any data from the securely erased NVMe drive, I was asking if any experts have some idea. Also read in some documentation that we have "hexdump" command to check on the secured erase drive and it should display all ZEROS. I tried this command on my secure erased NVMe, but found initally some zeros, but deep down there were some non zero values as it was 2 TB SD drive. Quote:
|
All times are GMT -5. The time now is 07:10 AM. |