Secure erase tool for SSDs

Status
Not open for further replies.

dishdude

$100 Site Donor 2023
Joined
Nov 14, 2008
Messages
16,388
Location
Phoenix
I'm looking for a USB bootable utility that will initiate the secure erase command for any SSD. I have one that works with SanDisk drives only, but would like a universal one. Any suggestions? This would be for the internal boot drive.
 
I'll probably be proven wrong but from what I've seen MB manufacturers have been so paranoid about somebody writing a virus that issues a secure erase they disable sending the command pretty early on. One has to blink power to the MB, then catch it very early in its initialization or it can't be sent down the pipe.

Anyway, it's been a feature on a workstation-class PC MB. I haven't seen it (but haven't looked recently) on consumer-grade PCs. It's probably there on a laptop that came with a SSD.
 
Last edited:
Ever since I handed off the first computer that I sold to someone else, I've been using this: https://eraser.heidi.ie/ program to remove files from anything that I wanted removed and unrecoverable. Does this not work with SSD drives? If not, I'd like to know, as my current laptop is an SSD.
 
In the event that someone reads my earlier post (quoted below) thinking the same thing, from the makesuseof article that StevieC linked to, it appears that traditional hard drive programs like Eraser should NOT be used with SSDs. I am very glad I read this, as I wouldn't want to hurt this drive by using a program like that.

Originally Posted by paulri
Ever since I handed off the first computer that I sold to someone else, I've been using this: https://eraser.heidi.ie/ program to remove files from anything that I wanted removed and unrecoverable. Does this not work with SSD drives? If not, I'd like to know, as my current laptop is an SSD.
 
I'm still a big fan of taking the drive out of the machine and physically destroying it beyond typical folks repair ability (yes I know it's not Government level destroyed), especially when you have a hard drive failure and can't destroy the data through means of software.
wink.gif


Taking it apart and hammers / drills works well.
grin2.gif
 
Last edited:
Originally Posted by StevieC
Taking it apart and hammers / drills works well.
grin2.gif

If and when (perhaps tomorrow) iMacs get an update, I plan on flying to Toronto with my 10-year-old iMac with a dead video card and functioning drive (but which Apple refuses to fix because it's too old), renting a car, driving to Niagara Falls, hiring a helicopter and hurling the entire thing into the watery abyss.

That'll learn it.
 
Last edited:
crackmeup2.gif
You can UPS it to me and I'll do it for you free of charge, I'm 40 minutes from the falls.

Originally Posted by Uphill_Both_Ways
If and when (perhaps tomorrow) iMacs get an update, I plan on flying to Toronto with my 10-year-old iMac with a dead video card and functioning drive (but which Apple refuses to fix because it's too old), renting a car, driving to Niagara Falls, hiring a helicopter and hurling the entire thing into the watery abyss.

That'll learn it.
 
Last edited:
Originally Posted by Uphill_Both_Ways
Originally Posted by StevieC
Taking it apart and hammers / drills works well.
grin2.gif

If and when (perhaps tomorrow) iMacs get an update, I plan on flying to Toronto with my 10-year-old iMac with a dead video card and functioning drive (but which Apple refuses to fix because it's too old), renting a car, driving to Niagara Falls, hiring a helicopter and hurling the entire thing into the watery abyss.

That'll learn it.

It would be worth it for the Helicopter ride !!! I love Helicopter rides. They can land almost anywhere when you have to go to the bathroom or vomit from air sickness.
 
Originally Posted by CT8
I love Helicopter rides. They can land almost anywhere when you have to go to the bathroom or vomit from air sickness.
They won't land for either of those over Niagara Falls. They give you a big, long funnel before takeoff, with This End Up stencilled into the wide end.
 
The helicopter rides you can take at the falls are like $400. My cousin looked went with a group of friends. Personally I'll settle for the Horn blower boat ride and feel the mist. (Formerly the maid of the mist)
 
SSD doesn't do erase, they do trim (fake erase to free up space for new write). Also due to over provision you have more real space for background operation than the drive actually let you use. So no, HD based secure erase won't do if people are determined to get your stuff (i.e. national security or search warrant).

Your best bet is to go download the manufacturer's tool. If you don't even trust that, crush the thing and then burn the crumbs.
 
Originally Posted by PandaBear
SSD doesn't do erase, they do trim (fake erase to free up space for new write). Also due to over provision you have more real space for background operation than the drive actually let you use. So no, HD based secure erase won't do if people are determined to get your stuff (i.e. national security or search warrant).

Your best bet is to go download the manufacturer's tool. If you don't even trust that, crush the thing and then burn the crumbs.


Sorry, but you don't know what you are talking about. Trim has nothing to do with secure erase. Secure erase absolutely will wipe all addressable storage in the drive.
 
Originally Posted by StevieC
crackmeup2.gif
You can UPS it to me and I'll do it for you free of charge, I'm 40 minutes from the falls.

Originally Posted by Uphill_Both_Ways
If and when (perhaps tomorrow) iMacs get an update, I plan on flying to Toronto with my 10-year-old iMac with a dead video card and functioning drive (but which Apple refuses to fix because it's too old), renting a car, driving to Niagara Falls, hiring a helicopter and hurling the entire thing into the watery abyss.

That'll learn it.


ugh it's not bad enough your people come here and murder our mall parking lots, now you have to murder the water too?!?!?
 
Originally Posted by PandaBear
SSD doesn't do erase, they do trim (fake erase to free up space for new write). Also due to over provision you have more real space for background operation than the drive actually let you use. So no, HD based secure erase won't do if people are determined to get your stuff (i.e. national security or search warrant).


Most (all?) modern SSDs are internally encrypted, and the 'secure erase' command tells it to throw away the old encryption key and generate a new one. After doing that, all you will read from the disk is complete garbage that was encrypted with one key and decrypted with a different key.

Yeah, it's possible there's a bad implementation that would allow someone with access to the disk to somehow recover the old key, but that's about the only issue I could think of.
 
Originally Posted by Subdued
Originally Posted by StevieC
crackmeup2.gif
You can UPS it to me and I'll do it for you free of charge, I'm 40 minutes from the falls.

Originally Posted by Uphill_Both_Ways
If and when (perhaps tomorrow) iMacs get an update, I plan on flying to Toronto with my 10-year-old iMac with a dead video card and functioning drive (but which Apple refuses to fix because it's too old), renting a car, driving to Niagara Falls, hiring a helicopter and hurling the entire thing into the watery abyss.

That'll learn it.


ugh it's not bad enough your people come here and murder our mall parking lots, now you have to murder the water too?!?!?
Rest assured I'll chuck the iMac into the churning cataclysm on my side of the bridge. The falls on the Ontario side are dramatic and powerful, more positively assuring of the iMac's total destruction than in the puny trickle in New York.
 
Originally Posted by emg
Most (all?) modern SSDs are internally encrypted, and the 'secure erase' command tells it to throw away the old encryption key and generate a new one. After doing that, all you will read from the disk is complete garbage that was encrypted with one key and decrypted with a different key.

Yeah, it's possible there's a bad implementation that would allow someone with access to the disk to somehow recover the old key, but that's about the only issue I could think of.


That's what I was trying to say (maybe not saying it right). A bad implementation may not wipe all the blocks that are still holding onto some old data (i.e. those that are between garbage collection and erased) not accessible via normal commands. If someone come along with diagnostic command and a hacked / diagnostic firmware, they may be able to access it. It probably won't happen to civilian operations but if you are putting national security stuff on it it may not be "good enough".

Also what if the encryption is not done right? Throwing away the key doesn't mean wiping the data.
 
I'm not well versed in SSDs, but if that is the case (and it certainly is, or read, should be with encrypted HDs), then "throwing away the key" is nearly infallible, assuming the private key legitimately disappears.
 
Originally Posted by dishdude
I'm looking for a USB bootable utility that will initiate the secure erase command for any SSD. I have one that works with SanDisk drives only, but would like a universal one. Any suggestions? This would be for the internal boot drive.



Create a Ubuntu Live USB stick and then you can use the hdparm command line tool to initiate a secure-erase (you will need to set a drive password first, all details are in https://ata.wiki.kernel.org/index.php/ATA_Secure_Erase.
 
Status
Not open for further replies.
Back
Top