Permalink
Browse files

Add option to allow skipping the secure erase

Useful when it has been done externally, or if one is less concerned about fingerprinting
of utilized space.
  • Loading branch information...
1 parent fdce4c6 commit 773b55fd4989154e70daf528e7330105b52d5a11 @jmesmon jmesmon committed Oct 6, 2011
Showing with 19 additions and 11 deletions.
  1. +9 −3 main.c
  2. +9 −7 tcplay.c
  3. +1 −1 tcplay.h
View
12 main.c
@@ -133,6 +133,7 @@ static struct option longopts[] = {
{ "device", required_argument, NULL, 'd' },
{ "system-encryption", required_argument, NULL, 's' },
{ "version", no_argument, NULL, 'v' },
+ { "insecure-erase", no_argument, NULL, 'z' },
{ "help", no_argument, NULL, 'h' },
{ NULL, 0, NULL, 0 },
};
@@ -147,7 +148,7 @@ main(int argc, char *argv[])
int n_hkeyfiles;
int ch, error;
int sflag = 0, info_vol = 0, map_vol = 0, protect_hidden = 0,
- create_vol = 0, contain_hidden = 0;
+ create_vol = 0, contain_hidden = 0, use_secure_erase = 1;
struct pbkdf_prf_algo *prf = NULL;
struct tc_cipher_chain *cipher_chain = NULL;
struct pbkdf_prf_algo *h_prf = NULL;
@@ -165,7 +166,7 @@ main(int argc, char *argv[])
nkeyfiles = 0;
n_hkeyfiles = 0;
- while ((ch = getopt_long(argc, argv, "a:b:cd:ef:ghik:m:s:vx:y:",
+ while ((ch = getopt_long(argc, argv, "a:b:cd:ef:ghik:m:s:vx:y:z",
longopts, NULL)) != -1) {
switch(ch) {
case 'a':
@@ -245,6 +246,10 @@ main(int argc, char *argv[])
/* NOT REACHED */
}
break;
+
+ case 'z':
+ use_secure_erase = 0;
+ break;
case 'h':
case '?':
default:
@@ -274,7 +279,8 @@ main(int argc, char *argv[])
error = create_volume(dev, contain_hidden, keyfiles, nkeyfiles,
h_keyfiles, n_hkeyfiles, prf, cipher_chain, h_prf,
h_cipher_chain, NULL, NULL,
- 0, 1 /* interactive */);
+ 0, 1 /* interactive */,
+ use_secure_erase);
if (error) {
tc_log(1, "could not create new volume on %s\n", dev);
}
View
@@ -381,7 +381,8 @@ create_volume(const char *dev, int hidden, const char *keyfiles[], int nkeyfiles
const char *h_keyfiles[], int n_hkeyfiles, struct pbkdf_prf_algo *prf_algo,
struct tc_cipher_chain *cipher_chain, struct pbkdf_prf_algo *h_prf_algo,
struct tc_cipher_chain *h_cipher_chain, char *passphrase,
- char *h_passphrase, size_t size_hidden_bytes_in, int interactive)
+ char *h_passphrase, size_t size_hidden_bytes_in, int interactive,
+ int use_secure_erase)
{
char *pass, *pass_again;
char *h_pass = NULL;
@@ -584,13 +585,14 @@ create_volume(const char *dev, int hidden, const char *keyfiles[], int nkeyfiles
}
}
- tc_log(0, "Securely erasing the volume...\nThis process may take "
- "some time depending on the size of the volume\n");
-
/* erase volume */
- if ((error = secure_erase(dev, blocks * blksz, blksz)) != 0) {
- tc_log(1, "could not securely erase device %s\n", dev);
- goto out;
+ if (use_secure_erase) {
+ tc_log(0, "Securely erasing the volume...\nThis process may take "
+ "some time depending on the size of the volume\n");
+ if ((error = secure_erase(dev, blocks * blksz, blksz)) != 0) {
+ tc_log(1, "could not securely erase device %s\n", dev);
+ goto out;
+ }
}
tc_log(0, "Creating volume headers...\nDepending on your system, this "
View
@@ -195,7 +195,7 @@ int create_volume(const char *dev, int hidden, const char *keyfiles[],
struct pbkdf_prf_algo *prf_algo, struct tc_cipher_chain *cipher_chain,
struct pbkdf_prf_algo *h_prf_algo, struct tc_cipher_chain *h_cipher_chain,
char *passphrase, char *h_passphrase, size_t hidden_bytes_in,
- int interactive);
+ int interactive, int secure_erase);
int info_volume(const char *device, int sflag, const char *sys_dev,
int protect_hidden, const char *keyfiles[], int nkeyfiles,
const char *h_keyfiles[], int n_hkeyfiles,

0 comments on commit 773b55f

Please sign in to comment.