We did do some encryption with LUKS, and I’d try to write over boot records, keys, and headers, but I was pessimistic that was enough. Not an encryption expert myself. Always felt that any given encryption tech (be it hardware or software) has possibility of vulnerability later found or backdoors.
So it made sense to me that a physical erasure prior to recommission would be good. There’s also regulatory/compliance checkboxes (be them effective or not).
So it made sense to me that a physical erasure prior to recommission would be good. There’s also regulatory/compliance checkboxes (be them effective or not).