Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Feature request: Support for Nwipe configuration file, /etc/nwipe/nwipe.conf #173

Open
Aterfax opened this issue Nov 21, 2023 · 4 comments
Open

Feature request: Support for Nwipe configuration file, /etc/nwipe/nwipe.conf #173

Aterfax opened this issue Nov 21, 2023 · 4 comments

Comments

@Aterfax
Copy link

Aterfax commented Nov 21, 2023

https://github.com/martijnvanbrummelen/nwipe/releases/tag/v0.35

Nwipe now has a configuration file, /etc/nwipe/nwipe.conf. This is currently used to store PDF parameters but will be enhanced over the next versions to include default wipe parameters amongst other additions.

As part of generating erasure certificates, some configuration options are stored in the /etc/nwipe/nwipe.conf file. Similarly to nwipe_options="", we could do with a method for providing settings directly from the boot APPEND line so settings can be applied during netboots.

It may make sense for this configuration file to be supplied as a URL to CURL/wget download a configuration and use it, or simply as some form of inline.

Incidentally, the documented lftp="" lines can also be amended to copy these certificates back to an FTP server with the additional command mput *.pdf

e.g.

lftp="open 192.168.1.250; user shredosuser password12345; cd upload; mput nwipe_*.txt; mput *.pdf"
@PartialVolume
Copy link
Owner

Thanks for the reminder re lftp, I'll make the changes for that.

I might need some clarification regarding the boot append line. Do you mean have a typical grub boot menu where you can edit the command line from the grub menu?

@PartialVolume
Copy link
Owner

Incidentally, the documented lftp="" lines can also be amended to copy these certificates back to an FTP server with the additional command mput .pdf
e.g.
lftp="open 192.168.1.250; user shredosuser password12345; cd upload; mput nwipe_.txt; mput *.pdf"

Committed a08811f

@Aterfax
Copy link
Author

Aterfax commented Nov 22, 2023
edited

Apologies, this wasn't clear.

The APPEND line I refer to would be in the PXE boot configs, e.g.

DEFAULT menu.c32
PROMPT 0
TIMEOUT 200
ONTIMEOUT shredosautonuke
MENU TITLE ShredOS Autonuke 3 Pass

LABEL shredosautonuke
  MENU DEFAULT
  KERNEL shredos/shredos
  # Fully automatic formatting of ALL DISKS
  APPEND console=ttyS0,9600n8 loglevel=3 nwipe_options="--autonuke  --autopoweroff --nousb --method=dodshort --rounds=1 --verify=last" lftp="open 192.168.1.250; user shredosuser mypassword; cd upload; mput nwipe_*.txt; mput *.pdf"

e.g.

We could have a new nwipe_config_url="https://mydomain.com/nwipe.conf" and amend to:

  APPEND console=ttyS0,9600n8 loglevel=3 nwipe_options="--autonuke  --autopoweroff --nousb --method=dodshort --rounds=1 --verify=last" nwipe_config_url="https://mydomain.com/nwipe.conf" lftp="open 192.168.1.250; user shredosuser mypassword; cd upload; mput nwipe_*.txt; mput *.pdf"

I was just meaning to get at the fact we're going to need to pass this info during the netboot process as part of a command, so we're going to need another kernel line compatible argument like nwipe_options= to be passable.

Or in the ipxe parlance from Netboot.xyz

#!ipxe

goto ${menu} ||

:shredos
set os_arch ${arch}
iseq ${os_arch} x86_64 && set os_arch x86_64 ||
iseq ${os_arch} i386 && set os_arch i686 ||
menu ShredOS
item --gap THIS SOFTWARE DESTROYS DATA
item --gap EVERY BOOT OPTION IS DESTRUCTIVE
item --gap DO NOT PROCEED IF YOU DO NOT KNOW WHAT THIS IS
item shredos_exit ${space} Go Back
item shredos_options ${space} Proceed I know what I am doing
choose menu || goto shredos_exit
goto ${menu}

:shredos_options
clear menu
clear shredos_version
iseq ${os_arch} i686 && set kernel_url ${live_endpoint}/asset-mirror/releases/download/0.34_32-bit_20221231-570c24e6/shredos ||
set shredos_version 0.34_32-bit_20221231
iseq ${os_arch} x86_64 && set kernel_url ${live_endpoint}/asset-mirror/releases/download/0.34_20221231-212ce2e7/shredos ||
set shredos_version 0.3420221231
menu ShredOS ${shredos_version}
item --gap Choose a wipe method:
item dodshort ${space} Wipe all disks with the short DoD 5220.22-M method
item dod522022m ${space} Wipe all disks with the DoD 5220.22-M method
item dod3pass ${space} Wipe all disks with the DoD 5220.22-M method (3 pass)
item ops2 ${space} Wipe all disks with the RCMP TSSIT OPS-II method
item gutmann ${space} Wipe all disks with the Gutmann method
item prng ${space} Wipe all disks with the PRNG Stream method
choose nuke_method || goto shredos_exit
goto shredos_boot

:shredos_boot
imgfree
kernel ${kernel_url} console=tty3 loglevel=3 nwipe_options="--method=${nuke_method}" ${cmdline}
boot

:shredos_exit
clear menu
exit 0

Which could work like:


:shredos_boot
imgfree
kernel ${kernel_url} console=tty3 loglevel=3 nwipe_options="--method=${nuke_method}" nwipe_config_url="https://mydomain.com/nwipe.conf" ${cmdline}
boot

@PartialVolume
Copy link
Owner

Thanks for the clarification. I'll add this into the next point release 25.1 with the other changes/additions I'm currently making.

@PartialVolume PartialVolume mentioned this issue Nov 30, 2023
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@Aterfax @PartialVolume