11

I will be using a Raspberry Pi as an air-gapped computer to make secure encrypted transactions on the Ethereum BlockChain.

Once in awhile I will want to update the software I am using which will mean taking the SD card out of the Pi and inserting it into a laptop computer which is connected to the Internet. I would like to use some program or command line utility on the Pi to securely erase everything on the SD card before removing it as this will eliminate all possibility of sensitive information being read off the SD card by bad actors which may have compromised my laptop.

The following command typed in at the pi terminal conveys the idea of what I hope to accomplish: 

shred --verbose *.*
John Shearing
  • 271
  • 3
  • 12

1 Answers1

17

Since consumer SD cards use top-secret Flash Translation Layers and actually have more capacity than advertised to remap bad blocks or for general wear leveling this is impossible via shred. The writes to a file might not end up at the same place where it currently exists on the disk at all.

You have four choices :

  • 1) Physical destruction.
  • 2) Shred single files and call it a day
  • 3) Use dd if=/dev/zero of=/dev/mmcblk0 and call it a day (This would be safe enough for rotating harddrives ...)
  • 4) Shred everything/all free space (e.g. the whole device like /dev/mmcblk0). This is stupid and risky , since consumer SD cards tend to enter hardware read-only mode when their overcapacity gets used up and all files will become undeletable.

To prevent such problems from ever arising again , always always use full-disk encryption from day one on SSDs , SD cards and pendrives. Since you have no idea what the hardware manufacturers are doing i suggest using open-source software (LUKS , VeraCrypt) for that.

flakeshake
  • 6,244
  • 1
  • 16
  • 35