The LUKS key which I use to secure my SSD was recently compromised, but I'm questioning how effective it would be to change the key, because the LUKS header might not be overwritten. In fact, I wonder whether the only safe procedure in such situations is just to sanitize the SSD! No firmware-based encryption was active.
From an online forum:
If you have an SSD:
Beware that solid-state devices will most likely NOT overwrite the LUKS header, but rather write the new one into another memory cell (due to wear leveling algorithms designed to prolong SSD life). If you're worried about this and have recent-enough backups (as you always should), perform an ATA secure erase of the whole SSD using a live CD and then reinstall Qubes OS. https://ata.wiki.kernel.org/index.php/ATA_Secure_Erase
I do not know if there is some way to force it to be deleted or if this is not relevant for recent SSD drives.
If my reasoning above is correct, then the solution is either to destroy the LUKS header (and it won't matter if the encrypted data stays in place), or to re-encrypt the data (and it won't matter if the previous header is compromised). Because it's difficult on SSD's to overwrite specific sections of the disk, I think that the second option is the feasible one. This answer If an old LUKS header with a compromised key is recovered, can it be used to read data? suggests using cryptsetup reencrypt.
Is my train of thoughts correct, and how to implement this, concretely?
