I have a couple of spare ssd/hdd devices, and thinking about putting them in a RAID, and using for saving backups or storing non-essential qubes (not for QubesOS itself).
They came to me from different sources, and I’m pretty sure that previous owners had viruses on their Windows systems. But no TLA-level stuff, just usual consumer grade trojans or something alike.
So I need a practical advice. Would it be safe enough to use them, if I first wipe them with BIOS tools from not-my-main PC, then use dd if=/dev/zero, and, probably, find a machine with Windows to re-flash firmware on ssds (hdds don’t have any, if I remember it right)?
I’m asking because (as far as I understand) these devices would have direct access to Dom0, but maybe there are ways to avoid it or minimize the risk? Except using them like USB-flash memory with USB-adapters, which doesn’t make a lot of sense in my use-case.
I understand, that buying new always better (by the way, If I go that route, is it beneficial to have all such devices from the same manufacturer, so it would be less parties you need to trust?), but, AFAIK, firmware exploits are non-trivial stuff, so should I really care in a realistic scenarios?
If they are Opal compliant ssd drives you can use the sedutil-cli command to do a factory reset, and it will flip every bit by reverting any keys and change the internal entropy value used to generate new keys making it impossible to revert back or recover anything. It’s like a full wipe but it only takes a second to do. No malware will survive but you might still want to reflash the firmware if you are extra paranoid.
1 Like
I guess they’re not, because I’m talking about SATA-type ssds, and it won’t work for hdds for sure.
There is no way to somehow isolate SATA controllers from Dom0 or mitigate the threat with some other possible setup?