Ways to wipe storage after factory reset

raccoondad

I was wondering about the effectiveness of the data deletion process when a factory reset is done, more specifically, I was wondering if there is any way to wipe over the data in the user partitions after doing a factory reset. Similar to how someone will fill zeros onto a storage device to erase the contents.

I understand that the encryption keys are destroyed during a factory reset, but i'm wondering if there is any added benefit from deleting the remaining ciphertext from storage and how someone would do that if so

Nuttso

raccoondad no there is no benefits at all. If the key is wiped the data is as useless as it would be overridden with zeros. It's as secure as if you would use the Gutmann method.

unwat

raccoondad

There's no need to zero out storage after deleting anything / deleting a profile / factory resetting. All user data is encrypted. Take a look at this section of the website: https://grapheneos.org/faq#encryption

One relevant part of that section:

Weaver also provides reliable wiping of data since the secure element can reliably wipe a Weaver slot. Deleting a profile will wipe the corresponding Weaver slot and a factory reset of the device wipes all of the Weaver slots.

So, when we're talking about a factory reset, there's basically many keys that get wiped from the secure element. Without those keys the hard drive is basically just ones and zeros soup. It's impossible to get data off the drive.