Questions About How It Works (a little long)

A

Anonymous

Guest
I do appreciate this utility, but I’m not familiar with Unix syntax so the documents are difficult for me to understand.

I plan to use a computer I took out of service a couple of months ago as a ‘wipe stand’ for hard drives. Since it has no keyboard or monitor I want to do a fully automatic erase. By this I mean, with the nuke disk in floppy drive A: I want to boot the floppy and automatically erase all drives connected to the computer (up to 4) – no human intervention. I interpret the documents to say I can do this, but . . .

In the readme file it says:

Automatic Wiping
----------------

Enter "autonuke" at the boot prompt to automatically wipe all devices in the
computer without confirmation. Note that you may change the default behavior of
DBAN by editing the 'syslinux.cfg' file that is on the floppy disk.

I’m uncertain what the “boot prompt” is. Before reading these docs I would have understood that to mean ‘After booting enter autonuke at the A:> prompt.’ If this is what it means it requires a keyboard and thus is not “automatic.”

When I look at the syslinux.cft file as suggested I find this:

# Set this option to zero if you wish to skip the boot prompt.
PROMPT 1

# This label will be started if you just push enter at the boot prompt, or if
# you set the PROMPT option above to zero.
DEFAULT dban
The term ‘label’ is unfamiliar to me in this context, but I’m guessing the above comment could be written:

If you leave “dban” in the line below dban will appear at the command prompt after you boot. And, when you press return/enter a menu of options/choices will be displayed. If you replace “dban” with “autonuke” in the line below autonuke will be displayed. In this case if you press enter all disks attached to the computer will be erased/wiped. If you want these things to happen automatically when you boot (without you pressing a key) change the value beside the PROMPT above to from 1 to 0 (zero).
DEFAULT dban

Since I cannot test my assumptions these questions are not trivial to me. I can’t afford to test the disk on a working computer because if, as the above paragraph at the beginning of this post says, the action is “AUTOMATIC” I will destroy the data on the computer. On the other hand I cannot test it on the target computer because I’m operating blind (no monitor or keyboard), and thus I have no way to tell whether what I’m guessing is happening is really happening.

Could someone confirm my rewrite of the comment is correct? This is, if I change the first prompt to 0 and replace deban with autonuke in the second prompt, after booting it will immediately begin wiping the drives without the need for key presses?

Question 2:

I couldn’t find where it was explained which protocol (gutmann, etc) and which verification level (0,1,2) are used if one does uses autonuke.

Question 3:

I assume I can tell when the operations are complete because the drive lamp on the front panel will go out. Is that correct?

Thanks
jim
 
I’m uncertain what the “boot prompt” is.

The boot prompt is

Code:
boot:

It is the first thing that requires keyboard input after DBAN starts. This is, for example, where you could specify the autonuke label.

Code:
boot: autonuke

The term ‘label’ is unfamiliar to me in this context

The usage of the word "label" is unusual, but it is the syntax that Syslinux expects.

Since I cannot test my assumptions these questions are not trivial to me.

Could someone confirm my rewrite of the comment is correct? This is, if I change the first prompt to 0 and replace deban with autonuke in the second prompt, after booting it will immediately begin wiping the drives without the need for key presses?

Yes, correct.

I couldn’t find where it was explained which protocol (gutmann, etc) and which verification level (0,1,2) are used if one does uses autonuke.

Find the "LABEL autonuke" block in the syslinux.cfg file and notice the --method and --verify switches. You could, for example, specify "--verify all".

I assume I can tell when the operations are complete because the drive lamp on the front panel will go out. Is that correct?

If you do not use a monitor, then you will not know whether a wipe failed. You could accidentally send out a disk with valuable information.

You may need to change your BIOS settings so that the computer can boot without a keyboard or monitor.
 
Thanks very much for your reply.

I couldn’t find where it was explained which protocol (gutmann, etc) and which verification level (0,1,2) are used if one does uses autonuke.

Find the "LABEL autonuke" block in the syslinux.cfg file and notice the --method and --verify switches. You could, for example, specify "--verify all".

Does your answer mean if no method is specified the gutmann protocol is the default for autonuke?

I assume I can tell when the operations are complete because the drive lamp on the front panel will go out. Is that correct?

If you do not use a monitor, then you will not know whether a wipe failed. You could accidentally send out a disk with valuable information.

Something I read indicated a report would be written to the floppy. Is that not correct?
 
Does your answer mean if no method is specified the gutmann protocol is the default for autonuke?

Always specify a method with a --method argument when you are creating or changing a label in the syslinux.cfg file. Do not rely on the default behavior of dwipe, which may change.

The --autonuke switch only bypasses interactive device selection, it does nothing else. You can use any --method argument with the --autonuke switch.

Something I read indicated a report would be written to the floppy. Is that not correct?

Yes, it will write a log to a floppy disk.

(I am trying to hedge a common problem with my recommendation. When somebody asks about doing headless wipes, they usually intend to wipe many computers, and they usually delegate the task to disinterested person that doesn't check the results. A visual "success" or "failure" message is all that most droids can process.)
 
dajhorn said:
The --autonuke switch only bypasses interactive device selection, it does nothing else. You can use any --method argument with the --autonuke switch.
I really appreciate your reply. At the risk of pushing my welcome too far could you give an example of lines to substitute in the .cfg file?

For example: If I change DEFAULT dban to DEFAULT autonuke and change the following lines:

LABEL autonuke
KERNEL kernel.bzi
APPEND initrd=initrd.gz root=/dev/ram0 init=/rc quiet nuke="dwipe --autonuke"

TO:

LABEL autonuke
KERNEL kernel.bzi
APPEND initrd=initrd.gz root=/dev/ram0 init=/rc quiet nuke="dwipe --autonuke --method gutmann --rounds 2"

Will this cause it to kick off automatically and run the gutmann protocol two times on the entire disk?
 
Back
Top