I regularly consolidate my disk drives to higher capacities as they are available to reduce the complexity managing many controllers, so I’ll often have to wipe the drives before I sell them (trade up). Often they are sold at very little moment’s notice, sanitizing the data might take too long. I learned that if I encrypt my data drives, I don’t really have to do much other than just clearing out the partition before I sell them, and there’s little performance penalty for Bitlocker in modern hardware.
Right now dislocker (Linux version of bitlocker) does not have a GUI to automatically unlock and mount the encrypted drives. Here’s the script that has the form “BL_{drive name}.sh” that will unencrypt the device and mount it and at the same time creating the script in the same folder to unwind (unmount & lock) the drive.
#!/bin/bash
# Extracting partition name from file name (BL_*.sh)
FN_base="$(basename -- $0)"
FN_bare="${FN_base%.*}"
partition=${FN_bare/BL_/}
# TODO: Check with /dev to make sure it's legit
echo $partition
dev_partition="/dev/$partition"
# Unlock the device into a raw image 'file'
path_raw="/media/dislocker/raw_$partition"
sudo mkdir -p $path_raw
file_raw="$path_raw/dislocker-file"
sudo dislocker $dev_partition -u -- $path_raw
# Mount the image file as a disk
path_mount="/media/dislocker/mount_$partition"
sudo mkdir -p $path_mount
sudo mount -o loop $file_raw $path_mount
# Build wind down file
script_unwind="unwind_$partition.sh"
# Leave /media/dislocker there for isolation
echo "#!/bin/bash" > $script_unwind
echo "sudo umount $path_mount">> $script_unwind
echo "sudo rmdir $path_mount" >> $script_unwind
# Note that the website is wrong. umount the path, not the dislocker-file
echo "sudo umount $path_raw" >> $script_unwind
echo "sudo rmdir $path_raw" >> $script_unwind
# Make sure the "$0" is literal including the $ sign or it will
# delete this file instead of the unwind_sd*.sh file
echo "sudo rm -- \"\$0\"" >> $script_unwind
chmod +x $script_unwind
135 total views, 1 views today
Leave a Reply