Wednesday, 21 November 2018

Adding DBAN with UEFI 64-bit support to E2B

The standard Legacy-boot DBAN ISO is currently version 2.3.0 and can be simply added to your E2B drive. Version 2.3.0 should not erase USB drives (unless you select them!) even if you select an 'autonuke' option from the boot menu.

The current version does not support UEFI booting but if you have a 64-bit UEFI system which does not support MBR\Legacy\CSM booting, you can  use the Beta UEFI DBAN ISO here. It does not support 32-bit UEFI systems though.

Note: On some systems (e.g. Lenovo IdeaPad 300) DBAN v2.3.0 does not boot and gives a
"cat: can't open '/proc/cmdline': No such file or directory"
error. This new version however does seem to boot OK.

UEFI Beta 2017 version
Tip: Once DBAN starts to boot, remove the E2B USB drive in case of accidental erasure!

How to add UEFI64 bootable DBAN...

Add DBAN to the E2B menu system

1. Download the UEFI DBAN ISO
2. Drag-and-drop it onto the MPI_FAT32 Desktop shortcut (latest MPI version is required - 0.087 or later). Make a DBAN.imgPTN file.
3. Add the DBAN.imgPTN to your E2B USB drive as usual
4. Switch to the DBAN.imgPTN file using \_ISO\SWITCH_E2B.exe
5. Check that the \EFI\BOOT\BOOTX64.EFI file has been extracted correctly. If it is not present, extract it using 7zip from the \EFIBOOT.IMG file which is inside the ISO file.

You should now be able to run DBAN from a 32-bit MBR, 64-bit MBR or 64-bit UEFI system.

Add DBAN to the E2B Grub2 menu system

1. Download the UEFI DBAN ISO
2. Copy it to partition 2  \_ISO\MAINMENU and rename it to dban_uefi.iso  (all lower case)
3. Make a \_ISO\MAINMENU\grub\dban.grub2 text file on partition 2 containing:

#DBAN - does not work on 32-bit UEFI
#possible --methods dod522022m, quick, zero, dod3pass, dodshort, gutmann, prng --rounds 8 --verify all
if ! $EFI32; then
if [ -e "$isofpath/dban_uefi.iso" ]; then
menuentry 'DBAN (quick)' --unrestricted --class dban{
    set isoname=dban_uefi.iso ; CHECK_MNU_FOLDER
echo 'Loading DBAN ISO...'
set gfxpayload=keep
set root=$root2
    loopback loop $isofile
linux (loop)/dban.bzi nuke="dwipe --method quick" nousb silent
echo 'booting...'
boot
}
fi
fi

You can now boot to the grub2 .imgPTN file and the DBAN menu entry should appear in the grub2 menu system.

Automating DBAN

DBAN v2.3.0 can be given different kernel parameters.

If --autonuke is used with v2.3.0 then USB drives should be ignored. I have tested this and it does seem to ignore USB drives if --autonuke is used (even if nousb is not specified).

Here is a Legacy .mnu E2B menu with various options. You can edit it as you wish - e.g. remove the pause and ask lines if you are feeling adventurous!

The .mnu file will be included in the \_ISO\docs\Sample mnu files\other folder in the next version of E2B.

I would still recommend that you pull out your E2B USB drive as soon as DBAN starts to boot though!

DBAN can be quite slow - one pass on a 128GB SSD took 40 minutes. Personally, I think any more than one erase pass is only warranted if you think the FBI may be investigating you, as very few organisations have the expensive equipment required to recover deleted data!

The .mnu file below was tested with the current DBAN v2.3.0

# Extract dban.bzi from DBAN iso and copy to \_ISO\MAINMENU\MNU folder (or \_ISO\UTILITIES\MNU folder)
# Copy this .mnu file to the same folder as dban.bzi
# You should remove the E2B USB drive when prompted or it may be erased
# ALL DRIVES ARE ERASED!
# silent = silent boot, nousb = don't wipe USB drives, --autonuke omits USB drives anyway (v2.3.0)

title DBAN - select drives (no usb)\nList drives to erase (except USB drives)
kernel $HOME$/dban.bzi  nuke="dwipe" nousb silent
pause Remove USB drive and a press key to start ERASE Of ALL DRIVES...

title DBAN - select drives (all drives)\nList drives to erase (includes USB drives)
kernel $HOME$/dban.bzi  nuke="dwipe" silent
pause Remove USB drive and a press key to start ERASE Of ALL DRIVES...

title DBAN autonuke\nDANGER: Wipes all drives!
kernel $HOME$/dban.bzi  nuke="dwipe --autonuke" nousb silent
echo DANGER: ALL DRIVES WILL BE ERASED!
pause Remove USB drive and a press key to start ERASE Of ALL DRIVES...
set /p ask=Are you sure (Y/N) :  ;; if /i not "%ask%"=="Y" configfile (md)0x3000+0xA0

title DBAN dod - American Department of Defense 5220.22-M standard wipe.\nDANGER: Wipes all drives!
kernel $HOME$/dban.bzi  nuke="dwipe --autonuke --method dod522022m" nousb silent
echo DANGER: ALL DRIVES WILL BE ERASED!
pause Remove USB drive and a press key to start ERASE Of ALL DRIVES...
set /p ask=Are you sure (Y/N) :  ;; if /i not "%ask%"=="Y" configfile (md)0x3000+0xA0

title DBAN dod3pass - passess 1,2,7 from the standard wipe.\nDANGER: Wipes all drives!
kernel $HOME$/dban.bzi  nuke="dwipe --autonuke --method dod3pass" nousb silent
echo DANGER: ALL DRIVES WILL BE ERASED!
pause Remove USB drive and a press key to start ERASE Of ALL DRIVES...
set /p ask=Are you sure (Y/N) :  ;; if /i not "%ask%"=="Y" configfile (md)0x3000+0xA0

title DBAN dodshort - DoD short wipe\nDANGER: Wipes all drives!
kernel $HOME$/dban.bzi  nuke="dwipe --autonuke --method dodshort" nousb silent
echo DANGER: ALL DRIVES WILL BE ERASED!
pause Remove USB drive and a press key to start ERASE Of ALL DRIVES...
set /p ask=Are you sure (Y/N) :  ;; if /i not "%ask%"=="Y" configfile (md)0x3000+0xA0

title DBAN gutmann - Peter Gutmann's wipe (35 passes)\nDANGER: Wipes all drives!
kernel $HOME$/dban.bzi nuke="dwipe --autonuke --method gutmann" nousb silent
echo DANGER: ALL DRIVES WILL BE ERASED!
pause Remove USB drive and a press key to start ERASE Of ALL DRIVES...
set /p ask=Are you sure (Y/N) :  ;; if /i not "%ask%"=="Y" configfile (md)0x3000+0xA0

title DBAN ops2 - RCMP TSSIT OPS-II standard wipe.\nDANGER: Wipes all drives!
kernel $HOME$/dban.bzi  nuke="dwipe --autonuke --method ops2" nousb silent
echo DANGER: ALL DRIVES WILL BE ERASED!
pause Remove USB drive and a press key to start ERASE Of ALL DRIVES...
set /p ask=Are you sure (Y/N) :  ;; if /i not "%ask%"=="Y" configfile (md)0x3000+0xA0

title DBAN paranoid\nDANGER: Wipes all drives!
kernel $HOME$/dban.bzi  nuke="dwipe --autonuke --method prng --rounds 8 --verify all" nousb silent
echo DANGER: ALL DRIVES WILL BE ERASED!
pause Remove USB drive and a press key to start ERASE Of ALL DRIVES...
set /p ask=Are you sure (Y/N) :  ;; if /i not "%ask%"=="Y" configfile (md)0x3000+0xA0

title DBAN prng - PRNG stream wipe (8 rounds)\nDANGER: Wipes all drives!
kernel $HOME$/dban.bzi  nuke="dwipe --autonuke --method prng --rounds 8" nousb silent
echo DANGER: ALL DRIVES WILL BE ERASED!
pause Remove USB drive and a press key to start ERASE Of ALL DRIVES...
set /p ask=Are you sure (Y/N) :  ;; if /i not "%ask%"=="Y" configfile (md)0x3000+0xA0

title DBAN quick - Quick erase\nDANGER: Wipes all drives!
kernel $HOME$/dban.bzi  nuke="dwipe --autonuke --method quick" nousb silent
echo DANGER: ALL DRIVES WILL BE ERASED!
pause Remove USB drive and a press key to start ERASE Of ALL DRIVES...
set /p ask=Are you sure (Y/N) :  ;; if /i not "%ask%"=="Y" configfile (md)0x3000+0xA0

title DBAN zero - Quick erase (zero)\nDANGER: Wipes all drives!
kernel $HOME$/dban.bzi  nuke="dwipe --autonuke --method zero" nousb silent
echo DANGER: ALL DRIVES WILL BE ERASED!
pause Remove USB drive and a press key to start ERASE Of ALL DRIVES...
set /p ask=Are you sure (Y/N) :  ;; if /i not "%ask%"=="Y" configfile (md)0x3000+0xA0

title DBAN nofloppy (for troubleshooting)\nDANGER: Wipes all drives!
kernel $HOME$/dban.bzi  nuke="dwipe" floppy=0,16,cmos nousb
pause Remove USB drive and a press key to start ERASE Of ALL DRIVES...

title DBAN nosilent (for troubleshooting)\nDANGER: Wipes all drives!
kernel $HOME$/dban.bzi  nuke="dwipe" nousb
pause Remove USB drive and a press key to start ERASE Of ALL DRIVES...

title DBAN noverify (for troubleshooting)\nDANGER: Wipes all drives!
kernel $HOME$/dban.bzi  nuke="dwipe --verify off" nousb
pause Remove USB drive and a press key to start ERASE Of ALL DRIVES...

title DBAN debug (for troubleshooting)\nDANGER: Wipes all drives!
kernel $HOME$/dban.bzi  nuke="exec ash" debug nousb
pause Remove USB drive and a press key to start ERASE Of ALL DRIVES...

title DBAN shell (for troubleshooting)\n\nDANGER: Wipes all drives!\nIncluding USB drives.
kernel $HOME$/dban.bzi  init=/bin/sh
pause Remove USB drive and a press key to start ERASE Of ALL DRIVES...

title DBAN verbose (for troubleshooting)\nDANGER: Wipes all drives!
kernel $HOME$/dban.bzi  nuke="dwipe --method quick" nousb
pause Remove USB drive and a press key to start ERASE Of ALL DRIVES...


Shredos

Shredos is a more recent version of DBAN and is based on nwipe and also supports UEFI-64.

Download the shredos .img file and convert it to a .imgPTN file
Then add these lines to the end of the \menu.lst inside the .imgPTN file.

title Shredos\nA version of DBAN
kernel /boot/shredos console=tty3 quiet loglevel=0
boot