Bug #16674

Include `nvme-cli` by default

Added by anon_1873 12 months ago. Updated 16 days ago.

Target version:
Start date:
Due date:
% Done:


Feature Branch:
Type of work:
User interface design
Affected tool:


Tails is very good as a disk formatting/secure erase tool. The current version of Tails includes hdparm and gnome-disks by default, and as a result, users can easily perform ATA secure erase command on their internal HDDs and SATA SSDs. Although there are other formatting tools that can perform the same tasks, like Parted Magic and GParted, I personally think Tails is better at the job because it's lightweight, free, and compatible with many hardwares.

And, using and even advertising Tails as a disk formatting utility have a potential to provide cover to dissidents who have to use Tails for secure, private communication. Currently, because Tails is only marketed as a privacy and government-avoiding tool, using Tails or even connecting to via home Internet can look suspicious to friends, local network administrators (e.g., schools), and government officials (think of NSA's XKeyscore program). If many people use Tails as a formatting utility, using Tails will look less suspicious.

However, neither hdparm nor the current version of gnome-disks support secure-erasing internal NVMe SSDs. Because more and more PCs nowadays have NVMe SSDs, this somewhat undermines Tails' ability to format any PCs that a user might encounter. Including nvme-cli by default might resolve this.


#1 Updated by kdr4 17 days ago

I was going to post this exact feature request. I can understand that Tails core priority is not as a secure disk wiping tool, but I believe that this should be understood to be an important function that users are grateful to have access to. NVME drives are largely standard on laptops now and I think the inclusion of nvme-cli would be a great idea.
Hopefully this can be upgraded from Low priority in the near future.

#2 Updated by intrigeri 16 days ago

Is it sufficient to install nvme-cli to give GNOME Disks the ability to securely erase an internal NVMe drive?
(Modulo we trust the drive itself to do it right, of course, but that's not my concern here.)

If the answer is "yes", then it would make sense to me to install nvme-cli by default, so that less technical users benefit from it without having to figure out what package is missing.
Else, if the answer is "no", and the only way to use nvme-cli is on the command line, then I see no great benefit in installing nvme-cli by default: the users who know they need to use this tool to securely erase an internal NVMe drive, and will figure out how to do so, can also figure out how to install it.

Also available in: Atom PDF