Builds a Debian initrd image containing nwipe configured to erase all available disks when booted.
Script must be run with the path to a copy of a suitable Debian initrd image, for instance:
fincham@build:~$ sudo apt-get install nwipe hdparm fincham@build:~$ cp /boot/initrd.img-`uname -r` ./initrd.img fincham@build:~$ cp /boot/vmlinuz-`uname -r` ./vmlinuz fincham@build:~$ ./build.py initrd.img Unpacking initrd... 113592 blocks Re-packing initrd... 115023 blocks
The resulting initrd.img can then be booted along with a matching kernel. For instance to boot from pxelinux:
LABEL disk-eraser
LINUX vmlinuz
INITRD initrd.img
APPEND root=/dev/ram0 quiet
The image may also be booted using kexec to remotely erase a machine over SSH, though care must be taken to ensure the machine is really erased since no feedback will be possible once the boot process begins.
Once the kernel has been loaded, nwipe will be started in automatic mode after a 30 second delay.
An attempt is made to only erase devices that report a serial number when interrogated with hdparm. If no devices are found this way then detection of the drives to be erased will be handed over to nwipe. This may cause e.g. USB sticks inserted in the machine to be erased as well.
Currently the script expects to be run on Debian Jessie, as it contains a static list of the dependencies needed for nwipe. This will be fixed in a future release. The resulting initrd image and kernel however may be used on any machine, not just Debian Jessie systems.
Future versions of this software will use ATA Secure Erase (including unfreezing disks as needed) as a preference, before falling back to nwipe. This is not yet implemented.