4 files changed, 51 insertions, 0 deletions
diff --git a/src/args.rs b/src/args.rs
index 80abe17..4947825 100644
--- a/src/args.rs
+++ b/src/args.rs
@@ -79,6 +79,8 @@ Command! {
     Config(ConfigArgs) => |ctx, args: ConfigArgs| args.subcmd.execute(ctx),
     /// Interacts with the device's encrypted volume
     Encrypted(EncryptedArgs) => |ctx, args: EncryptedArgs| args.subcmd.execute(ctx),
+    /// Fills the SD card with random data
+    Fill => crate::commands::fill,
     /// Interacts with the device's hidden volume
     Hidden(HiddenArgs) => |ctx, args: HiddenArgs| args.subcmd.execute(ctx),
     /// Lists the attached Nitrokey devices
diff --git a/src/commands.rs b/src/commands.rs
index d81e095..cf3b94f 100644
--- a/src/commands.rs
+++ b/src/commands.rs
@@ -469,6 +469,39 @@ pub fn list(ctx: &mut Context<'_>, no_connect: bool) -> anyhow::Result<()> {
   Ok(())
 }
 
+/// Fill the SD card with random data
+pub fn fill(ctx: &mut Context<'_>) -> anyhow::Result<()> {
+  with_storage_device(ctx, |ctx, mut device| {
+    let pin_entry = pinentry::PinEntry::from(args::PinType::Admin, &device)?;
+
+    // Similar to reset, we want the user to re-enter the admin PIN even if is cached to avoid
+    // accidental data loss.
+    pinentry::clear(&pin_entry).context("Failed to clear cached secret")?;
+
+    try_with_pin(ctx, &pin_entry, |pin| {
+      device.fill_sd_card(&pin).context("Failed to fill SD card")
+    })?;
+
+    let mut last_progress = 0;
+    loop {
+      let status = device
+        .get_operation_status()
+        .context("Failed to query operation status")?;
+      match status {
+        nitrokey::OperationStatus::Ongoing(progress) => {
+          if last_progress != progress {
+            println!(ctx, "{}/100", progress)?;
+          }
+          last_progress = progress;
+        }
+        nitrokey::OperationStatus::Idle => break,
+      };
+    }
+
+    Ok(())
+  })
+}
+
 /// Perform a factory reset.
 pub fn reset(ctx: &mut Context<'_>) -> anyhow::Result<()> {
   with_device(ctx, |ctx, mut device| {
diff --git a/src/tests/fill.rs b/src/tests/fill.rs
new file mode 100644
index 0000000..70ea081
--- /dev/null
+++ b/src/tests/fill.rs
@@ -0,0 +1,15 @@
+// fill.rs
+
+// Copyright (C) 2020 The Nitrocli Developers
+// SPDX-License-Identifier: GPL-3.0-or-later
+
+use super::*;
+
+// Ignore this test as it takes about one hour to execute
+#[ignore]
+#[test_device(storage)]
+fn fill(model: nitrokey::Model) -> anyhow::Result<()> {
+  let res = Nitrocli::new().model(model).handle(&["fill"]);
+  assert!(res.is_ok());
+  Ok(())
+}
diff --git a/src/tests/mod.rs b/src/tests/mod.rs
index 631ffb0..e0a5b9a 100644
--- a/src/tests/mod.rs
+++ b/src/tests/mod.rs
@@ -9,6 +9,7 @@ use nitrokey_test::test as test_device;
 
 mod config;
 mod encrypted;
+mod fill;
 mod hidden;
 mod list;
 mod lock;