How to send "ATA Secure Erase" command to SSD?

linux encryption ssd disk-encryption hdparm

7,090

Here are the steps:

See if the feature is not frozen. hdparm -I /dev/sdX. If it is (usually by the BIOS), a good way to unfreeze it is to suspend the computer, and resume - then the drive gets powered up, but without BIOS.
IMPORTANT: set the password. This will enable the security feature of the drive: hdparm --user-master u --security-set-pass password /dev/sdX
Lastly, erase the drive:hdparm --user-master u --security-erase password /dev/sdX

The procedure is described here in more detail: https://wiki.archlinux.org/index.php/SSD_memory_cell_clearing

Example from my drive:

Security: 
    Master password revision code = 65534
        supported
    not enabled
    not locked
        frozen
    not expired: security count
    not supported: enhanced erase
    2min for SECURITY ERASE UNIT.

So it is frozen... now I suspend... and...

Security: 
    Master password revision code = 65534
        supported
    not enabled
    not locked
    not frozen
    not expired: security count
    not supported: enhanced erase
    2min for SECURITY ERASE UNIT.

7,090

Jasmine Lognnes

Updated on September 18, 2022

Comments

Jasmine Lognnes over 1 year

A very good way to erase a SSD which have SED support is to change the password/key. But what to do with those that doesn't have SED support?

This article says

Fortunately it is possible to erase most SSDs, though this is closer to a “reset” than a wipe. The “ATA Secure Erase” command instructs the drive to flush all stored electrons, forcing the drive to “forget” all stored data. This command essentially resets all available blocks to the “erase” state, which is what TRIM uses for garbage collection purposes.

Question

I suppose it is something that can be done with hdparm, so does anyone know what command that does this?
- Admin almost 9 years
  
  It should be noted that there are drives encrypting the content - and they also forget the key, so the data is not only "random" (missing the metadata to reconstruct it), but also encrypted with an unrecoverable key... that allows the SAFE deletion of SSD and hard discs in pretty much milliseconds. Hardware storage encryption is a standard feature today on most enterprise hardware.
MadHatter almost 9 years

Much better now; +1 from me!
Konrad Gajewski almost 9 years

Well, you asked what do I do if the drive does not support full drive encryption, and I want to erase it with hdparm.
Michael Hampton almost 9 years

@JasmineLognnes I don't understand what you're talking about. This exactly answers the question you asked.
Jasmine Lognnes almost 9 years

I am asking for the ATA command that resets the SSD, not changing the password/key.
Daniel Lawson almost 9 years

@JasmineLognnes You need to set a password before you can issue the ATA Secure Erase command. This answer is precisely what you need, unless you have mis-stated your question
Konrad Gajewski almost 9 years

Let's finish the disscussion, shall we? I think everyone has come out of it a little wiser.