Security enhancement for UBIFS with secure erase feature
Carsten.Stelling at goerlitz.com
Mon Sep 5 12:01:01 EDT 2011
When building security relevant (embedded) applications, personal privacy
is of major importance.
Therefore it would be nice to have a configuration option to invalidate the
content of a deleted file in UBIFS. This feature shall allow an application to
ensure that, when a file is deleted, its contents are fully erased from the flash.
I.e. that each time a block is marked for erase, this block is written all zeros.
Writing zeros without erasing an entire page should be possible by design.
Giving such an option on a file by file basis (ioctl) would be optimal, because
wiping out the content of a deleted file is time and resource consuming and
not acceptable for all kinds of applications using UBIFS.
Are there any plans for such a security enhancement in UBIFS?
More information about the linux-mtd