Bug #16674
Include `nvme-cli` by default
Description
Tails is very good as a disk formatting/secure erase tool. The current version of Tails includes hdparm
and gnome-disks
by default, and as a result, users can easily perform ATA secure erase command on their internal HDDs and SATA SSDs. Although there are other formatting tools that can perform the same tasks, like Parted Magic and GParted, I personally think Tails is better at the job because it’s lightweight, free, and compatible with many hardwares.
And, using and even advertising Tails as a disk formatting utility have a potential to provide cover to dissidents who have to use Tails for secure, private communication. Currently, because Tails is only marketed as a privacy and government-avoiding tool, using Tails or even connecting to tails.boum.org
via home Internet can look suspicious to friends, local network administrators (e.g., schools), and government officials (think of NSA’s XKeyscore program). If many people use Tails as a formatting utility, using Tails will look less suspicious.
However, neither hdparm
nor the current version of gnome-disks
support secure-erasing internal NVMe SSDs. Because more and more PCs nowadays have NVMe SSDs, this somewhat undermines Tails’ ability to format any PCs that a user might encounter. Including nvme-cli
by default might resolve this.
Subtasks
History
#1 Updated by kdr4 2020-03-21 09:14:41
I was going to post this exact feature request. I can understand that Tails core priority is not as a secure disk wiping tool, but I believe that this should be understood to be an important function that users are grateful to have access to. NVME drives are largely standard on laptops now and I think the inclusion of nvme-cli would be a great idea.
Hopefully this can be upgraded from Low priority in the near future.
#2 Updated by intrigeri 2020-03-21 10:15:35
Is it sufficient to install nvme-cli
to give GNOME Disks the ability to securely erase an internal NVMe drive?
(Modulo we trust the drive itself to do it right, of course, but that’s not my concern here.)
If the answer is “yes”, then it would make sense to me to install nvme-cli
by default, so that less technical users benefit from it without having to figure out what package is missing.
Else, if the answer is “no”, and the only way to use nvme-cli
is on the command line, then I see no great benefit in installing nvme-cli
by default: the users who know they need to use this tool to securely erase an internal NVMe drive, and will figure out how to do so, can also figure out how to install it.