I need a program like this.
rm -vfR /tmp/*
rm -vfR /var/tmp/*
rm -vfR /usr/home/myuser/.cache/*
pkg clean -a
gfind . -printf "%T@ ||| %Tc ||| %p\n" | sort -rn | less
srm
with Guttman wipe instead of plain bland rm
No. Although it's very likely to overwrite all data, in presence of a wear-balancing drive firmware (also using spare cells), there can never be a guarantee.Also, always usesrm
with Guttman wipe instead of plain blandrm
Now-a-days you can safely do that on SSDs as well.
For 100% peace of mind, always apply full-disk encryption before ever using the drive. With spinning disks, overwrites with random data (no excessive passes needed) works, with SSDs with wear-balancing firmware, you can never be sure. But encrypted data without the key is just random noise for sure.For 100% peace of mind maintain access to large powerful magnets, an acid vat, a drill machine, heavy boulders and a thaumaturge on a retainer.
I don't agree. Even without disk-ecryption there is boot-time without encryption.No. Although it's very likely to overwrite all data, in presence of a wear-balancing drive firmware (also using spare cells), there can never be a guarantee.
For 100% peace of mind, always apply full-disk encryption before ever using the drive. With spinning disks, overwrites with random data (no excessive passes needed) works, with SSDs with wear-balancing firmware, you can never be sure. But encrypted data without the key is just random noise for sure.
".. Ideally each step of this process would involve a cryptographic handshake; boot1.efi would verify loader.efi which would in turn verify the kernel, thereby ensuring that only authorized code is run. Currently there is no support for these verifications. However, the goal of securely booting the kernel can still be achieved. "
Uhm what? You probably mean you'll (normally) have an unencrypted bootloader on the disk. On a modern FreeBSD system, that would be an ESP containing nothing but (stock) loader.efi(8)I don't agree. Even without disk-ecryption there is boot-time without encryption.
That makes no sense, unless you talk about offline attacks with physical access fiddling with that boot loader. A whole different topic (and even worse with just some encrypted files on your disk).This means disk-encryption is as vulnerable.
A running system offers tons of possible leaks (swap, temporary files, ...). Only with FDE, you close them all. Apart from that, the topic was "wiping", which isn't reliably possible with modern SSDs. Throwing away the encryption key is reliable.So just put encryption on your vulnerable data.
Uhm, booting?If the above is still true then what does UEFI for FreeBSD solve??
Also, always usesrm
with Guttman wipe instead of plain blandrm
Now-a-days you can safely do that on SSDs as well.