PRNG auto-selection is now enabled by default when no --prng option is
specified. On startup, nwipe benchmarks the available PRNGs and selects
the fastest one for the current hardware.
To disable auto-selection, a new opt-out mode is introduced:
--prng=default (alias: --prng=manual)
This keeps the previous behaviour by using the built-in, CPU-based PRNG
selection without running benchmarks.
Explicit PRNG selections (e.g. --prng=isaac, --prng=aes_ctr_prng) also
disable auto-selection automatically.
Benchmark timing defaults are adjusted accordingly:
- auto-selection defaults to a short benchmark run
- --prng-benchmark-only keeps a longer default duration
This improves out-of-the-box performance while preserving full user
control and backwards compatibility.
The PRNG auto-selection benchmark previously ran silently and only printed
results at the end. As a result, there was a noticeable delay (several
seconds) between starting nwipe and any visible output, making it appear
as if the program was stalled.
This change moves the output into the benchmark loop itself:
- Print "Analysing PRNG performance:" immediately when benchmarking starts
- Show a classic rotating cursor (-\|/) while benchmarks are running
- Print "Testing <PRNG> performance..." before each PRNG is benchmarked
- Print each PRNG’s result (MB/s or failure) immediately after it finishes
The existing nwipe_prng_benchmark_all() API is preserved for compatibility.
A new nwipe_prng_benchmark_all_live() function provides the live output
behaviour and is used for --prng=auto.
This makes startup progress visible, improves UX, and aligns behaviour
with the original maintainer’s expectations.
Require strict input of long form options
This fixes potential issues caused by getopt_long() when it allows abbreviated input of the long form options. For instance, previously if a user had accidentally typed --auto, because maybe they had meant to type --autopoweroff or prng=auto, getopt_long() would have allowed --auto as a valid option but the code would have interpreted --auto as meaning
-autonuke with very unfortunate consequences in terms of wiping all the discs attached to your system.
Not allowing strict parsing of options has been an issue in getopt_long() since 2008. However the changes I have made in this code now prevent any abbreviations to long form options and expect strict adherence to the options as presented in nwipe's help page (nwipe --help) and man pages.
This fixes potential issues caused by getopt_long()
when it allows abbreviated input of the long form
options. For instance, previously if a user had
accidentally typed --auto, because maybe they had
meant to type --autopoweroff or prng=auto, getopt_long()
would have allowed --auto as a valid option but the
code would have interpreted --auto as meaning
-autonuke with very unfortunate consequences in terms
of wiping all the discs attached to your system.
Not allowing strict parsing of options has been an
issue in getopt_long() since 2008. However the changes
I have made in this code now prevent any abbreviations
to long form options and expect strict adherence to the
options as presented in nwipe's help page (nwipe --help)
and man pages.
This fixes the following problems.
1. Fdatasync is incorrectly called when in direct I/O mode when
no --directio command line option is present, i.e when it
automatically determines whether direct or cached should be used.
2. When multiple drives are wiped if any of those drives do not
support direct I/O then they would have would have had fdatasync
incorrectly disabled. There was no record of I/O mode on a per
drive basis.
3. Direct I/O on a static pass always called fdatasync as there
was no code present to set the SyncRate to 0 when in direct I/O
mode.
Because autonuke can do a lot of damage we
need to be sure it's value is 1 before letting
it auto wipe. The previous code was assuming
any non zero value was TRUE. In the case of a bug
or memory corruption this could cause an
unintended auto wipe of all discs.
Check start_column < wcols and issue error
Reduce output length by 1 to take care a
situation where output_length maybe provided
by strlen which excludes the null terminator
and sizeof which may or may count the terminator.
Check start_column < wcols and issue error
Reduce output length by 1 to take care a
situation where output_length maybe provided
by strlen which excludes the null terminator
and sizeof which may or may count the terminator.
Because autonuke can do a lot of damage we
need to be sure it's value is 1 before letting
it auto wipe. The previous code was assuming
any non zero value was TRUE. In the case of a bug
or memory corruption this could cause an
unintended auto wipe of all discs.
This change introduces a comprehensive PRNG benchmarking and auto-selection
framework, available both in the ncurses GUI and via the command line.
A new interactive “PRNG Benchmark” menu (key: 'b') has been added to the GUI.
It benchmarks all available PRNG engines using a RAM-only workload and
displays a sorted leaderboard showing sustained throughput in MB/s.
In addition, a new automatic PRNG selection mode is implemented:
--prng=auto
When enabled, nwipe benchmarks all available PRNGs at startup and
automatically selects the fastest PRNG for the current hardware. This
selection happens before device scanning and does not alter any wipe
semantics or security guarantees.
For non-GUI and diagnostic use, a standalone benchmark mode is also added:
--prng-benchmark
This runs the same RAM-only PRNG benchmark, prints a sorted leaderboard
to stdout and the log, and exits without scanning or wiping any devices.
It is fully compatible with --nogui.
Key features:
- Unified PRNG benchmark core shared by GUI, auto-selection and CLI modes
- RAM-only benchmark using aligned multi-megabyte buffers
- Deterministic in-memory seeding (benchmark-only, not used for wiping)
- Sorted leaderboard showing MB/s per PRNG
- Automatic fastest-PRNG selection via --prng=auto (opt-in)
- Interactive GUI benchmark view with dimmed informational styling
- No impact on wipe logic, data security or default behaviour
This change improves transparency, diagnostics and performance tuning
across a wide range of hardware platforms, while keeping all new behaviour
explicitly opt-in.
The help text for all prngs was formatted
so that it is consistent in terms of layout
and positioning with the help text
as displayed by the methods help text.
Specifically so that it still remains
legible with a 80x25 legacy (nomodset)
terminal.
Also added the ability to run the prng
benchmark from within the prng selection
screen.
Add a new interactive PRNG benchmark mode to the ncurses GUI, opened
with the 'o' key from the main device selection screen.
The benchmark runs all available PRNG engines in a RAM-only loop,
measuring sustained throughput in MB/s by generating keystream data
into an aligned memory buffer. Results are collected and displayed as
a sorted leaderboard, making relative PRNG performance immediately
visible.
Key features:
- New modal “PRNG Benchmark” GUI view (o to open, ESC to return)
- RAM-only throughput test (~1s per PRNG by default)
- Aligned multi-megabyte buffer to reduce syscall and cache artefacts
- Deterministic in-memory seeding for reproducible results
- Sorted leaderboard showing MB/s per PRNG
This mode is intended for diagnostics, comparison, and performance
validation of PRNG implementations and does not affect any wipe logic
or security properties.
Add a new GUI “device topology” view, opened with the 't' key from the
device selection screen.
The new view displays the kernel sysfs path of the selected disk as an
indented tree, similar to “lspci -tv”, making it easy to see which
controller, bus, and port a device is attached to.
Key features:
- Modal device topology view (t to open, ESC to return)
- Tree rendering based on /sys/block/<dev> → /sys/devices/... hierarchy
- Portable ncurses ACS line-drawing characters (no UTF-8 dependency)
- Optional PCI controller naming via lspci when available
- Dimmed (A_DIM) text style to visually distinguish the informational view
This improves safety and usability on systems with multiple controllers
by clearly showing the physical attachment path of each drive without
changing wipe behaviour.
Allows user-defined text or tags to be embedded
in the PDF report. The tag data is stored in
nwipe.conf and may be entered via the customer
and organisation preview screen, when enabled,
or directly through the config screen. Press
C on drive selection screen.
Inclusion of this tag in the generated PDF
report requires the pdftag option to be enabled
in the configuration screen or specified explicitly
using the --pdftag command-line argument when
invoking nwipe.
* Refactor CPUID/AES-NI detection into cpu_features module and hide AES-CTR PRNG on unsupported platforms
This commit improves CPU feature handling and PRNG selection logic in three ways:
1. Introduces a dedicated cpu_features.c/.h module that encapsulates CPUID and
AES-NI detection. The previous duplicated inline implementations scattered
across multiple files have been removed to prevent multiple-definition issues
and ensure consistent CPU capability probing.
2. The AES-CTR PRNG is now selectable only when the running platform supports
AES-NI. The ncurses GUI automatically hides the AES-CTR option when AES-NI
is not available, preventing users from choosing a PRNG that would fall back
to software mode or incur unnecessary slowdown. CLI selection
(--prng=aes_ctr_prng) is also blocked on non-AES-NI CPUs with a clear error.
3. All modules (options, GUI, PRNG initialisation) now use the central
has_aes_ni() function, ensuring uniform and future-proof feature detection.
* cpu_features.* missing in commit
* AES-CTR not removed, but disabled when not available on platform
This commit enhances the handling of the `-P /path` / `--PDFreportpath` option by
ensuring that nwipe can create the specified directory if it does not already
exist. Previously, nwipe simply called `access(path, W_OK)` and exited with a
generic “not a writeable directory” error if the directory did not exist or was
not writable. This caused ambiguity and prevented the use of custom report paths
without pre-creating them externally.
Key improvements:
- Added a new helper function `nwipe_ensure_directory()` that:
- Differentiates between “non-existent”, “not a directory”, and “not writable”.
- Attempts to create the directory recursively (`mkdir -p` style) when absent.
- Creates directories with mode 0755 so other users can read/list directory contents.
- Performs final verification that the directory exists, is a directory, and writable.
- Replaced the previous simple `access()` check in `nwipe.c` with the new
directory-ensure logic.
- Introduces clearer and more helpful error messages when directory creation or
permission checks fail.
Benefits:
- Users can now safely specify custom report paths (e.g. `-P /reports` or
USB-mounted paths) without requiring manual pre-creation.
- Eliminates ambiguous error reporting and improves overall user experience.
- Maintains backward-compatible behavior when the target directory already exists.
This patch fixes several issues that could cause garbage or control
characters to appear in the ncurses UI when displaying device serial
numbers.
Key changes:
- Added nwipe_normalize_serial() to strip control characters, non-ASCII
bytes and trim whitespace from all serial numbers before they are
shown in the UI.
- Initialize the serialnumber buffer in
nwipe_get_device_bus_type_and_serialno() to avoid passing undefined
data back to check_device() when no valid "Serial Number:" field is
found.
- Prevent ioctl(HDIO_GET_IDENTITY) from being called on an invalid file
descriptor when open() fails.
- Ensure consistent null termination and sanitize the final
device_serial_no regardless of whether it came from HDIO, smartctl
output, or quiet-mode anonymization.
These fixes resolve cases where devices (especially virtual/QEMU or
USB-attached drives) could report malformed or unexpected serial
strings, resulting in UI corruption such as extra characters, ^A, or
line wrapping.
the effective I/O block size before any sync-rate logic is executed.
- Add new helper function `nwipe_compute_sync_rate_for_device()` to `pass.c`,
converting legacy `--sync` semantics (sync * st_blksize) into a per-write
sync interval based on the actual `io_blocksize`, and disabling periodic
syncing when using direct I/O.
- Update both `nwipe_random_pass()` and `nwipe_static_pass()` to use the new
helper, ensuring consistent and correct sync behaviour for all cached-I/O
passes and removing duplicated sync-calculation logic.
