I need to run a security erase tool on my drive

ssd secure-erase
31,607

If your SSD supports it, use the ATA Secure Erase command; assuming that your drive is /dev/sda:

  1. Boot Ubuntu from a Live DVD
  2. Open a Terminal with Ctrl+Alt+t
  3. Check that your drive is not frozen: hdparm -I /dev/sda (look for the frozen or not frozen line)
  4. If your device is frozen, you can try:
    • Suspend and resume
    • Hot replug the SATA cable (i.e. with the system loaded, unplug the SATA cable an plug it again)
  5. Set a user password: hdparm --user-master u --security-set-pass <password> /dev/sda (replace <password> with the chosen password)
  6. Check that security has been enabled: hdparm -I /dev/sda (look for the enabled or not enabled line)
  7. Issue the Secure Erase command: hdparm --user-master u --security-erase <password> /dev/sda (replace <password> with the chosen password)
  8. Check that security has been disabled: hdparm -I /dev/sda (look for the enabled or not enabled line)

This is the best method to wipe a SSD, since Secure Erase runs at firmware level and has access to all the storage areas of the device, while regular software tools don't. For further reading: ATA Secure Erase - ata Wiki and SSD Data Wiping: Sanitize or Secure Erase SSDs? | Kingston Technology

Share:
31,607

Related videos on Youtube

Mark Giblin
Author by

Mark Giblin

What about me? I was born, I am currently here and sucking air until I shuffle off for a dirt nap.

Updated on September 18, 2022

Comments

  • Mark Giblin
    Mark Giblin over 1 year

    I downloaded Hirens Boot CD and it just stops and says "No PXE" or similar. So that is obviously a stumbling block and I can't afford to keep downloading on the basis that it may be a bad download. I just don't have the data allowance.

    So anyone know if Linux has native tools that will secure erase the drive, the drive manufacturer said that it would need to be a secure erase tool and then reformat the drive to force bad blocks to be marked and swapped out.

    So far I have deduced that the image I took of the drive is perfect, I am happy with that fact, what I need to do is to follow the manufacturers advice, if that doesn't work I have time to get the drive back to them under warranty.

    So far I have wasted 2 months on this and time is running out and until I have attempted this, the manufacturer can't open a support ticket.

    ** EDIT **

    The output from the suggestion I run hdparm -I /dev/sda which I am informed the drive is frozen. The output is lengthy so I trimmed off to the bits of information that shows the drives supported features and security.

    Enabled Supported:
   *    SMART feature set
        Security Mode feature set
   *    Power Management feature set
   *    Write cache
   *    Look-ahead
   *    Host Protected Area feature set
   *    WRITE_BUFFER command
   *    READ_BUFFER command
   *    DOWNLOAD_MICROCODE
   *    Advanced Power Management feature set
        SET_MAX security extension
   *    48-bit Address feature set
   *    Device Configuration Overlay feature set
   *    Mandatory FLUSH_CACHE
   *    FLUSH_CACHE_EXT
   *    SMART error logging
   *    SMART self-test
   *    General Purpose Logging feature set
   *    WRITE_{DMA|MULTIPLE}_FUA_EXT
   *    WRITE_UNCORRECTABLE_EXT command
   *    Gen1 signaling speed (1.5Gb/s)
   *    Gen2 signaling speed (3.0Gb/s)
   *    Native Command Queueing (NCQ)
   *    Phy event counters
        DMA Setup Auto-Activate optimization
   *    Software settings preservation
   *    Data Set Management TRIM supported (limit unknown)
Security: 
Master password revision code = 65534
    supported
not enabled
not locked
    frozen
not expired: security count
    supported: enhanced erase
12min for SECURITY ERASE UNIT. 12min for ENHANCED SECURITY ERASE UNIT. 
Checksum: correct

    The following I am not sure on, the second option I know I definitely can't do as the drive plugs directly on to a socket on the PC.

    1. If your device is frozen, you can try: Suspend and resume Hot replug the SATA cable (i.e. with the system loaded, unplug the SATA cable an plug it again)

    I don't see any reference to suspending and resuming a drive in the GUI and I wouldn't know what to type in to the terminal, if it is an fdisk or mount or unmount or special program command.

    Using terminal, as it seems to be the most reliable way of getting things done, what do I do to suspend and resume the drive?

    ** EDIT **

    I tried the hdparm -I /dev/sda after a suspend and resume, took me ages to get back to normal, had to reboot a couple of times and enable networking again, on checking, the drive still shows as being frozen, does a force option exist to force the change?

    • Mark Giblin
      Mark Giblin about 9 years
      How do I use it? Where do I get it from if not on my install?
    • kos
      kos about 9 years
      With suspending and resuming I meant suspending and resuming the system, not the drive. About the second option, I agree that it's the last you should try, but why wouldn't you? Most BIOSes actively support SATA hot-switch. It doesn't hurt the drive in any way (as long as the partition is not mounted!)
    • Mark Giblin
      Mark Giblin about 9 years
      The way the slot operates on the computer, that hot plug option is not an option because it is just physically impossible to do, you have to dismantle the PC to access the HDD area, hence not an option, you have to power the device off to do it.
    • Mark Giblin
      Mark Giblin about 9 years
      The drive in question is not mounted.
    • kos
      kos about 9 years
      If you want me to reply to your comments notify me of them with @kos, you don't have to power off the device, you have to just unplug and replug the SATA cable, and this is something supported by most BIOSes. Consider ESATA, ESATA devices are meant to be hot plugged/unplugged. Anyway if you don't want to do that, you can just suspend and resume the system
    • Mark Giblin
      Mark Giblin about 9 years
      @kos - like I keep on stating, it is "Physically" impossible to remove the drive without completely dismantling the PC, the whole PC is not much more bigger than a reference book, approx 8" x 7" x 1"1/4, no internal cables for anything! The drive fits in to a socket / slot.
    • kos
      kos about 9 years
      I wrongly assumed that it was a desktop PC, sorry about that, but if you can access the slot somehow even removing /reinserting the drive in the socket would do. Anyway since we're talking about this I'm assuming that suspending / resuming didn't work, am I right?
  • Mark Giblin
    Mark Giblin about 9 years
    hdparm says: Security: Master password revision code = 65534 supported not enabled not locked frozen not expired: security count supported: enhanced erase 12min for SECURITY ERASE UNIT. 12min for ENHANCED SECURITY ERASE UNIT. Checksum: correct
  • kos
    kos about 9 years
    @MarkGiblin So the drive is frozen, try to "unfreeze" it by suspending an resuming or by hot-replugging the SATA cable.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

How to securely wipe files from SSD drive?
Partially Solved: SSD security password - stuck with an I/O Error
hdparm - how to secure erase SATA SSD over USB
SSD - What is the difference between Sanitize & Secure Erase?
Maximum size of file that can be stored entirely in NTFS Master File Table (MFT)
Secure erase SSD on Lenovo ThinkPad T520 (can't unfreeze SSD, machine reboots on hotplug)
How to securely erase an NVMe SSD
How can I securely format a solid-state drive?
Triming as alternative to securely erasing a SSD
Is it normal for secure erase on a Samsung SSD to take only a few seconds?