I was wondering about the effectiveness of the data deletion process when a factory reset is done, more specifically, I was wondering if there is any way to wipe over the data in the user partitions after doing a factory reset. Similar to how someone will fill zeros onto a storage device to erase the contents.

I understand that the encryption keys are destroyed during a factory reset, but i'm wondering if there is any added benefit from deleting the remaining ciphertext from storage and how someone would do that if so

    raccoondad no there is no benefits at all. If the key is wiped the data is as useless as it would be overridden with zeros. It's as secure as if you would use the Gutmann method.

      raccoondad

      There's no need to zero out storage after deleting anything / deleting a profile / factory resetting. All user data is encrypted. Take a look at this section of the website: https://grapheneos.org/faq#encryption

      One relevant part of that section:

      Weaver also provides reliable wiping of data since the secure element can reliably wipe a Weaver slot. Deleting a profile will wipe the corresponding Weaver slot and a factory reset of the device wipes all of the Weaver slots.

      So, when we're talking about a factory reset, there's basically many keys that get wiped from the secure element. Without those keys the hard drive is basically just ones and zeros soup. It's impossible to get data off the drive.

        a year later

        Sorry to revive this super old thread, but as I understand it, there will still be metadata left on the device that would be readable, such as directory structures, number of files in each directory, approximate file name sizes, approximate or exact file sizes. If the files are downloaded from the web, or have been uploaded to the web, file confirmation attacks would still be not just feasible but rather trivial to do. The rationale that wiping a key from a secure element would render all data unreadable is really only true in the case where 1) the device is random initialized, and 2) encryption operate on block device level rather than file system level. Most SSD disks for computers do transparent encryption, and would securely wipe the encryption key and generate a new one if using ATA Secure Erase or NVME equivalent, at least if they implement the specification correctly.

        So, I think the question remains, is there a way to reliably wipe the actual storage memory, as in forcing erasure of the memory blocks (not just TRIM/DISCARD'ing them), or forcing the rotation of a key operating on block device level like on SSD disks? Since GrapheneOS does filesystem based encryption I think this is even more important that it would be for a computer running block based encryption like LUKS2 or VeraCrypt.

          other8026 locked the discussion .

          ryrona you've already started a thread about file encryption, no need to ask here.