Add Drive Wipe boot menu entry and overlay wipe script

Adds a "WIPE ALL DISKS" entry to both GRUB and isolinux menus (bee.wipe=all). Includes bee-wipe-disks for manual use from a running live system. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-05-06 09:22:59 +03:00
parent b75e65bcb1
commit 5cafe63f33
3 changed files with 143 additions and 0 deletions
--- a/iso/builder/config/bootloaders/grub-efi/grub.cfg
+++ b/iso/builder/config/bootloaders/grub-efi/grub.cfg
@@ -16,6 +16,11 @@ menuentry "EASY-BEE v@VERSION@ -- no GUI / no X11" {
 }


+menuentry "*** WIPE ALL DISKS (irreversible!) ***" {
+    linux   @KERNEL_LIVE@ @APPEND_LIVE@ toram nomodeset bee.gui=off bee.wipe=all net.ifnames=0 biosdevname=0
+    initrd  @INITRD_LIVE@
+}
+
 if [ "${grub_platform}" = "efi" ]; then
    menuentry "Memory Test (memtest86+)" {
        chainloader /boot/memtest86+x64.efi
--- a/iso/builder/config/bootloaders/isolinux/live.cfg.in
+++ b/iso/builder/config/bootloaders/isolinux/live.cfg.in
@@ -41,6 +41,12 @@ label live-@FLAVOUR@-failsafe
    initrd @INITRD@
    append @APPEND_LIVE@ nomodeset bee.nvidia.mode=gsp-off noapic noapm nodma nomce nolapic nosmp vga=normal net.ifnames=0 biosdevname=0

+label wipe-disks
+    menu label *** WIPE ALL DISKS (irreversible!) ***
+    linux @LINUX@
+    initrd @INITRD@
+    append @APPEND_LIVE@ toram nomodeset bee.gui=off bee.wipe=all net.ifnames=0 biosdevname=0
+
 label memtest
    menu label ^Memory Test (memtest86+)
    linux /boot/memtest86+x64.bin
--- a/iso/overlay/usr/local/bin/bee-wipe-disks
+++ b/iso/overlay/usr/local/bin/bee-wipe-disks
@@ -0,0 +1,132 @@
+#!/bin/bash
+# bee-wipe-disks — erase all physical disks (interactive, confirmation required)
+#
+# Triggered automatically when the kernel cmdline contains bee.wipe=all.
+# Can also be run manually from a root shell.
+#
+# Wipe strategy:
+#   NVMe  — nvme format (ATA-style secure erase, fast)
+#   Other — blkdiscard -f (TRIM/UNMAP, fast on SSDs)
+#           dd if=/dev/zero  (fallback for HDDs, zeros first+last 32 MB)
+
+set -euo pipefail
+
+RED=$'\033[1;31m'
+YEL=$'\033[1;33m'
+GRN=$'\033[1;32m'
+NC=$'\033[0m'
+
+banner() {
+    echo ""
+    echo "${RED}╔══════════════════════════════════════════════════════════╗${NC}"
+    echo "${RED}║      BEE DISK WIPE — ALL DATA WILL BE DESTROYED          ║${NC}"
+    echo "${RED}╚══════════════════════════════════════════════════════════╝${NC}"
+    echo ""
+}
+
+# ── find boot device to skip ──────────────────────────────────────────────────
+live_dev() {
+    local src
+    src=$(findmnt -n -o SOURCE /run/live/medium 2>/dev/null || true)
+    [ -z "$src" ] && return
+    # Strip partition suffix: /dev/sdb1 → /dev/sdb, /dev/nvme0n1p1 → /dev/nvme0n1
+    echo "$src" | sed 's/p\?[0-9]\+$//'
+}
+
+# ── enumerate target disks ────────────────────────────────────────────────────
+find_disks() {
+    local boot_dev
+    boot_dev=$(live_dev)
+
+    lsblk -d -n -o NAME,TYPE,SIZE,MODEL | while read -r name type size model; do
+        [ "$type" = "disk" ] || continue
+        [ "$size" = "0B"  ] && continue           # empty virtual media
+
+        local dev="/dev/$name"
+        [ "$dev" = "$boot_dev" ] && continue      # skip boot device
+
+        printf '%s\t%s\t%s\n' "$dev" "$size" "$model"
+    done
+}
+
+# ── wipe one disk ─────────────────────────────────────────────────────────────
+wipe_disk() {
+    local dev="$1"
+    echo ""
+    echo "=== ${YEL}${dev}${NC} ==="
+
+    if echo "$dev" | grep -q '^/dev/nvme'; then
+        # NVMe format (ses=1 = user data erase)
+        if nvme format --ses=1 "$dev" 2>&1; then
+            echo "  ${GRN}nvme format OK${NC}"
+            return
+        fi
+        echo "  nvme format failed, falling back to blkdiscard"
+    fi
+
+    if blkdiscard -f "$dev" 2>&1; then
+        echo "  ${GRN}blkdiscard OK${NC}"
+        return
+    fi
+
+    echo "  blkdiscard not supported — zeroing partition tables (HDD fallback)"
+    local size_bytes
+    size_bytes=$(blockdev --getsize64 "$dev")
+    local mb32=$(( 32 * 1024 * 1024 ))
+
+    # Zero first 32 MB (MBR, GPT, filesystem superblocks)
+    dd if=/dev/zero of="$dev" bs=4M count=8 conv=fsync status=progress 2>&1 || true
+
+    # Zero last 32 MB (backup GPT)
+    if [ "$size_bytes" -gt $(( mb32 * 2 )) ]; then
+        local skip=$(( (size_bytes - mb32) / (4 * 1024 * 1024) ))
+        dd if=/dev/zero of="$dev" bs=4M count=8 seek="$skip" conv=fsync status=progress 2>&1 || true
+    fi
+
+    echo "  ${GRN}done (partition tables zeroed)${NC}"
+}
+
+# ── main ──────────────────────────────────────────────────────────────────────
+banner
+
+mapfile -t DISKS < <(find_disks | awk '{print $1}')
+
+if [ ${#DISKS[@]} -eq 0 ]; then
+    echo "No physical disks found (boot device excluded)."
+    echo "Nothing to wipe."
+    exit 0
+fi
+
+echo "Disks to be ${RED}COMPLETELY ERASED${NC}:"
+echo ""
+find_disks | while IFS=$'\t' read -r dev size model; do
+    printf "  ${YEL}%-16s${NC} %8s  %s\n" "$dev" "$size" "$model"
+done
+echo ""
+echo "${RED}WARNING: This is IRREVERSIBLE. All data on the listed disks will be lost.${NC}"
+echo ""
+printf "Type  YES  to confirm wipe, anything else to abort: "
+read -r CONFIRM
+
+if [ "$CONFIRM" != "YES" ]; then
+    echo ""
+    echo "Aborted — no disks were touched."
+    exit 0
+fi
+
+echo ""
+echo "Starting wipe..."
+
+for dev in "${DISKS[@]}"; do
+    wipe_disk "$dev"
+done
+
+echo ""
+echo "${GRN}=== All disks wiped. ===${NC}"
+echo ""
+printf "Reboot now to return to the boot menu? [Y/n] "
+read -r REBOOT
+case "${REBOOT:-Y}" in
+    [Nn]*) echo "You can reboot manually when ready." ;;
+    *)     echo "Rebooting..."; sleep 2; reboot ;;
+esac