MAAS

~gpiccoli/maas:nvme_secure_erase

Git
lp:~gpiccoli/maas
nvme_secure_erase

Last commit made on 2020-07-13

Get this branch:: git clone -b nvme_secure_erase https://git.launchpad.net/~gpiccoli/maas

Only Guilherme G. Piccoli can upload to this branch. If you are Guilherme G. Piccoli please log in for upload directions.

Branch merges

Merged into maas:master

Lee Trager (community): Approve on 2020-07-14

MAAS Lander: Approve on 2020-07-13

Adam Collard: Pending requested 2020-07-13

Superseded for merging into maas:master

MAAS Lander: Approve on 2020-07-06

Adam Collard: Pending requested 2020-07-06

Lee Trager: Pending requested 2020-07-06

Superseded for merging into maas:master

MAAS Lander: Needs Fixing on 2020-07-06

Lee Trager: Pending requested 2020-07-06

Adam Collard: Pending requested 2020-07-06

Superseded for merging into maas:master

Lee Trager (community): Needs Fixing on 2020-06-30

MAAS Lander: Needs Fixing on 2020-06-30

Adam Collard: Pending requested 2020-06-30

Branch information

Name:: nvme_secure_erase

Repository:: lp:~gpiccoli/maas

Recent commits

0736f4f... by Guilherme G. Piccoli on 2020-06-30

Fix error in quick erase if OS throws an exception and add wipefs cleaning

Currently, if quick erase is used but OS throws any exception, the operation
is aborted and all subsequent disks to be quickly erased are ignored. Also,
the code currently only performs a 2MB write in the beginning and end of the
disk as the quick erase. This is usually enough, but we have more proper ways
of getting rid of old disk layouts for example (the wipefs command being the
de facto Linux standard way).

This patch fixes the exception problem by using a try block in which the
OS-related functions are executed; exceptions don't completely break the
method anymore. Also, we add the wipefs call before the disk write, so it
catches other partition layouts that potentially aren't within the 2MB range.
Notice that we consider a fail if *both* the 2MB write and the wipefs command
fail - in case only one works, it is still a success.

Unit tests were worked to take the wipefs and the exceptions into account.
We also validated the files against Flake8/Black to prevent style issues.

Signed-off-by: Guilherme G. Piccoli <email address hidden>

130be74... by Guilherme G. Piccoli on 2020-06-27

LP: #1835954: Add NVMe secure erase / write zeroes support

MAAS currently allows 2 types of disk erase when releasing a node:
secure erase and quick erase. Secure erase fallback to zeroing the
disk in case the secure functionality doesn't work.

There is a limitation though: hdparm is currently used to perform
secure erasing, regardless if the disk is a SCSI/ATA device or a NVMe
device. This is not a good idea mainly for 2 reasons:
(a) Secure erase obviously never works for NVMe, relying in the "slow"
procedure of fully zeroing the disk;
(b) Zeroing a NVMe device is not a 100% secure guaranteed operation;
some firmwares may return a completion but physically the blocks may
still contain data (prone to "cold boot"-like attacks).

This patch proposes a solution to this problem by using nvme-cli tool
instead of hdparm if the disk is NVMe. Secure erase is attempted,
with cryptographic erase as a preferred mode (faster and less harmful
for the device). In case secure erase is not available or the operation
fails, zeroing the disk is still the fallback, but we try first to rely
on write-zeroes when available (much faster than fully writing zeroes
to the entire device). Only if both secure erase and write zeroes fail
we go with the full disk zeroing approach.

This patch was tested in real NVMe device and all source files created
or modified here were validated against Flake8/Black for style issues.
I'd like to thank specially the following colleagues due to their help
and suggestions during this work: Dan Streetman, Igor Gnip, Rodrigo
"Ganso" Barbieri and Lee Trager (for his idea of using the vendor_data
to install nvme-cli).

Signed-off-by: Guilherme G. Piccoli <email address hidden>

b210ac9... by Alberto Donato on 2020-06-30

drop MAASServerIPAddressField

92fabe7... by Alberto Donato on 2020-06-30

LP:1885682 - only copy chrony.conf if doesn't exist

cc3631f... by Caleb Ellis on 2020-06-30

Update maas-ui to e262efda9f5fa2db66285fbec8729ea542fdf13a

9a733f0... by Alberto Donato on 2020-06-29

make JSONField default a callable

5e65b56... by Adam Collard on 2020-06-29

Disable signals when sending config changes for http_proxyfix-silently-broken-tests
Via maasserver.model.signals.bootsources, boot sources are wired up to
notice http_proxy changes and sync the streams.

Within a test there's a not a real threadpool that runs, and this
post_commit work of updating the boot source cannot happen.

621f51c... by Huw Wilkins on 2020-06-29

Update maas-ui to 1f8a8a4b8ab61c6cb5c9d19954cf46dc4bb36030

0896f82... by Renovate Bot <email address hidden> on 2020-06-29

Update maas-ui to 95c01ee4b11e7e70b4324e22cb53a2d9df9be73b

a9fcf61... by Huw Wilkins on 2020-06-29

Update maas-ui to 08e6f2ee92d3a5652a843b6394c4042b4fd429d7

MAAS

~gpiccoli/maas:nvme_secure_erase

Branch merges

Related source package recipes

Related snap packages

Related charm recipes

Branch information

Recent commits