The wipefs Linux command utility can be used to erase various types of signatures from a device (partition tables, filesystem signatures, etc…). It is available in the repository of all the most used Linux distributions, and it is usually installed by default as part of of the util-linux package, which contains also other essentials utilities aimed at system maintenance, so we should never have to install it explicitly. In this tutorial we will see how to use wipefs to gather information about the existing signatures and how to erase them.
In this tutorial you will learn:
- How to obtain a list of the existing signatures without erasing them
- How to erase all signatures or only some of them by their offset or type
- How to create and restore a backup of the erased signatures
- How to simulate an erasing operation
Software requirements and conventions used
| Category | Requirements, Conventions or Software Version Used |
|---|---|
| System | Distribution-independent |
| Software | wipefs (part of the util-linux package) |
| Other | Administrative privileges in order to install software globally |
| Conventions | # – requires given linux-commands to be executed with root privileges either directly as a root user or by use of sudo command$ – requires given linux-commands to be executed as a regular non-privileged user |
Looking for signatures
Wipefs can be used not only to erase existing signatures on a device, but also to create a report which includes them without performing any modification. In order to do so, all we have to do is to launch the utility without specifying any option, but just passing the device we want to analyze as argument. Let’s make an example. To obtain the list of all the signatures existing on the /dev/sda device, we would run:
$ sudo wipefs /dev/sda
The above command generates an output similar to the following:
DEVICE OFFSET TYPE UUID LABEL sda 0x1fe dos
The output is organized in columns which, by default, report information about:
- The block DEVICE name
- The OFFSET of the signature
- The TYPE of the signature
- The UUID
- The LABEL
In this case what the utility shows is the signature of the dos partition table found on the device. As you can see, the offset of the signature is expressed in hexadecimal (base 16) form. The 0x1fe value corresponds to 510 bytes. The output of the program, however, can be modified so to include only the information we need. To check the list of the supported columns, all we have to do is to invoke wipefs with the --help option:
$ wipefs --help
At the end of the “help” message we can find what we are looking for:
Available output columns:
UUID partition/filesystem UUID
LABEL filesystem LABEL
LENGTH magic string length
TYPE superblok type
OFFSET magic string offset
USAGE type description
DEVICE block device name
The USAGE column can be very useful, since it explicitly inform us what the signature is related to. To choose what information we want to include in the output of wipefs, we invoke the utility with the -O option (--output) and provide the comma separated list of the columns we want to include. For example to include only the DEVICE, OFFSET and USAGE columns, we would write:
$ sudo wipefs --output DEVICE,OFFSET,USAGE /dev/sda
Here is the output of the command above:
DEVICE OFFSET USAGE sda 0x1fe partition-table
We can also change the format of the output. If we want to obtain the output in the JSON format, for example to be able to easily parse it later, perhaps with our programming language of choice, we should use the -J option (short for --json). Here is what we would obtain:
$ sudo wipefs -J --output DEVICE,OFFSET,USAGE /dev/sda
{
"signatures": [
{"device":"sda", "offset":"0x1fe", "usage":"partition-table"}
]
}
Finally, as you may have notice, the utility doesn’t work recursively: if invoked, as we did in the example above, on a whole block device (e.g /dev/sda) it doesn’t include the signatures it finds on each partition of the device itself, so in order for it to find and erase all the signatures on a device we can use a glob:
$ sudo wipefs /dev/sda*
As you can see the output now includes also the signature found at the beginning of the first partition of the device, which, in this case, is a LUKS container:
DEVICE OFFSET TYPE UUID LABEL sda 0x1fe dos sda1 0x0 crypto_LUKS 1e286e68-b1a9-40d5-af99-58929a480679
Erasing signatures
We just saw how, when invoked without specific options, wipefs just prints the found signatures. In order to be able to actually erase them, we can proceed in three ways. If we want to remove all signatures we can invoke the utility with the corresponding option (-a or --all). To erase all signatures on /dev/sda we would run:
$ sudo wipefs -a /dev/sda*
If we want to remove a specific signature, instead, we have to use the -o option, which is the short for --offset and pass the offset of the signature as argument. By default the number used for the offset is interpreted as bytes, however, if it includes the 0x prefix, it is interpreted as a hexadecimal value. It’s even possible to use common suffixes to specify how the argument should be interpreted, for example KiB, MiB, GiB and so on. Let’s see an example. To remove only the first signature found on /dev/sda, which has the 0x1fe offset value, we would run:
$ sudo wipefs -o 0x1fe /dev/sda
The command should return the following output:
/dev/sda: 2 bytes were erased at offset 0x000001fe (dos): 55 aa /dev/sda: calling ioctl to re-read partition table: Success
A third method to delete specific signatures is to select them by their type which can be specified using the -t option (--types). The option accepts a comma-separated list as argument. To delete all the signature of type “dos”, for example, we would write:
$ sudo wipefs -a -t dos /dev/sda
By default wipefs Linux command only works on unmounted devices and will refuse to remove signatures from a device which is in use.
Performing a “dry run”
If we want to check how wipefs would behave but don’t want to actually remove the signatures, we can perform a “simulation” (dry run) by using the utility with the -n option (--no-act). As stated in the manual using this option will cause everything to be done except for the final write.
Creating a backup before erasing signatures
Creating backups is always a good idea, especially when performing dangerous operation like in this case. The wipefs utility has a dedicated option which makes so that a backup of each signature is created in a file created using the following template path:
$HOME/wipefs--.bak
Each signature is stored in its own file. To create a backup of all the signatures on /dev/sda, for example, we would write:
$ sudo wipefs --all --backup /dev/sda*
The files that would be created, in this case is /root/wipefs-sda-0x000001fe.bak. Notice that the --backup option can be invoked only when performing an actual erasing, otherwise the utility will notify us that the operation is “meaningless” in the context. The created backups can be easily restored by using dd. To restore the signature in this example we would run:
$ sudo dd if=/root/wipefs-sda-0x000001fe.bak of=/dev/sda seek=$((0x000001fe)) bs=1
In the above command, with if we specify the input file, which in this case is the file containing the signature backup, with of, instead, we provide the output_file (/dev/sda), and establish where the data should be written. With seek we specify the offset which should be used: the data should be provided in bytes, so to convert the hexadecimal value, we use the shell arithmetic expansion ($(())) . Finally, with bs we specify the amount of bytes that dd should read and write at a time.
Conclusions
In this tutorial we learned how to use the wipefs linux command utility in order to remove signatures from filesystems and raw block devices. We saw how the utility can be used to obtain a list of the signature existing on a given device, how to actually erase all of them or only specific ones by their offset or
their type. We also see how it’s possible to create a backup of the signatures before erasing them and how to eventually restore it using dd.
