Secure erase = 1 pass?
Posted by townaroundtown@reddit | sysadmin | View on Reddit | 26 comments
Is one secure erase one pass if not, how many passes does it take to makeup for one pass on an ssd?
Posted by townaroundtown@reddit | sysadmin | View on Reddit | 26 comments
Is one secure erase one pass if not, how many passes does it take to makeup for one pass on an ssd?
MNmetalhead@reddit
SSDs are different from HDDs in how data is stored and accessed. On an SSD, the encryption key can be removed and the data ins basically unrecoverable. With a HDD, the platters have magnetic fields which can have residuals that require multiple “passes” to make the latent magnetism unreadable.
nickerbocker79@reddit
SSDs wipe by pretty much zeroing out all the charges. Which is why they wipe so fast.
TurtleOnLog@reddit
No. There is no “wipe all the charges” feature.
SSDs can wipe fast because either a) they are fast or b) if it’s encrypted you can just delete the key.
nickerbocker79@reddit
From HP's FAQ on wiping SSDs
Basically SSDs have a command to purge all memory cells. This is generally done using the wipe option in the BIOS. We have used a 3rd party tool, Parted Magic, when manufacturers don't offer that command in the BIOS. It happens in seconds.
townaroundtown@reddit (OP)
Parted magic vs Samsung magician which one is better for you?
73-68-70-78-62-73-73@reddit
There are different types of erasure which are supported, depending on the manufacturer and implemented features. Some support types of cryptographic erasure, in which a key is discarded, others support block erasure where voltage is raised to a specific level on an cells. I assume he was referring to Block Erase.
TurtleOnLog@reddit
Apologies you’re correct, some ssds do support a bulk “secure erase” function.
73-68-70-78-62-73-73@reddit
See also NVMe spec for
SANITIZEcommands. Support varies pretty widely, depending on which version of the spec was implemented. In early versions, you'd be stuck using overwrite commands per namespace, and the types of erasure which were available in the spec differed. For example, 1.2.1 only supported user data erase, which could be fulfilled by erasure and overwriting, or sanitization through key discard. Version 2.2 supported block erase, overwrite, and cryptographic erasure. To make matters worse, not all drives support all sanitization methods per spec.There's a lot of misinformation floating around about solid state media erasure, probably because of different specs, and manufacturer implementations.
townaroundtown@reddit (OP)
I was Samsung magician
73-68-70-78-62-73-73@reddit
Which SSD and firmware revision?
townaroundtown@reddit (OP)
990 pro, and a I’ll check but it’s the latest firmware installed
73-68-70-78-62-73-73@reddit
You can find out for yourself which sanitize operations are supported. I don't have a box with installed NVMe drives available to me right now, but it should be something like:
If that doesn't quite work, google around or read the documentation. That will tell you the capabilities of the drive itself. It won't tell you what Samsung Magician actually does. If you want to ensure that you're performing a
SANITIZE BLOCK ERASEorSANITIZE CRYPTO SCRAMBLEor whatever the drive supports, you can do that with thenvme-clitools.The 990 Pro looks like it probably conforms to NVMe spec 2.0, or at least that's what the rev 1.0 data sheet from 2022 says. Again, you can check to see what NVMe version your drive supports, something like
sudo smartctl -i /dev/nvme0if memory serves.NVMe 2.0 has several revisions which are denoted by a letter at the end of the version number. This one is 2.0a.
Drives don't necessarily support all
SANITIZEoperations defined in the spec. Note the following on page 420-421, and take note of the word "IF".This is why it's important to check each drive's capability using
nvme-cli, in order to understand whatSANITIZEcommands are actually supported.See page 286 for
SANITIZEoperations supported by NVMe Spec 2.0a.TurtleOnLog@reddit
Thanks for that
townaroundtown@reddit (OP)
If the data is basically unrecoverable then why do so many “forensic experts” claim “we can still find data”
TurtleOnLog@reddit
Usually they aren’t dealing with a wiped device…
townaroundtown@reddit (OP)
Okay but what about “experts” dealing with a nvme drive securely erased once
TurtleOnLog@reddit
Is that part of your threat model?
Again if it’s a cryptography based wipe there is nothing coming back from that.
townaroundtown@reddit (OP)
What is the data wasn’t encrypted before hand and no not my threat model
TurtleOnLog@reddit
That wholly depends on the OS accessing the SSD and how it’s configured. Very unsafe to assume all drives are encrypted.
But it is true that if a drive is encrypted then destroying the key is all that’s required.
CountGeoffrey@reddit
all modern SSDs are encrypted at the SSD level.
TurtleOnLog@reddit
Have you got a source for that? That all modern ssds are encrypted?
El_90@reddit
The first Q is, secure against who.
Someone stealing and using it Someone stealing it to spy on you A hardware manufacturer checking for hardware failure Or advanced government threat with unlimited funds
It's a different answer for each
townaroundtown@reddit (OP)
Honestly against anything under the sun
03263@reddit
1 pass with a drill should be enough
Smith6612@reddit
For an SSD you use the NVMe Secure Erase or ATA Secure Erase Function.
Unless you really want to do a 30 pass erase with random data (The Guatmann Wipe). Even that on modern drives doesn't guarantee that you have actually destroyed every trace of data on an SSD.
Apachez@reddit
The Gutmann method is based on ALL kind of storage media including older wide magnetic tapes (you know those seen in movies and documentaries about NASA from the 60s and 70s aka "mainframes").
Basically one standard to rule them all.
When it comes to regular harddrives (spinning rust and newer) one pass is enough. Or rather multiple passes wont solve anything.
The main "threat" on modern drives is the HPA and spare sectors. And on flash the fact that each write will go to a physical new block (to limit amount of wearleveling since each cell can only be written 1000 or so times depending on SLC/TLC/QLC etc). Flashdrives are often underprovisioned to prolong their lifetime.
For example when the drive detects a bad sector it will remap itself so LBA 12345 actually becomes LBA 20001 internally (OS accesses LBA 12345 but whats actually being accessed on the platters (or the flash) is LBA 20001).
This gives that when you attempt to overwrite LBA 12345 you are actually overwriting LBA 20001 (and when it comes to flash it will be physically a new cell for each write).
This gives if you remove the platters or desolder the flashchips and can do a raw dump from first to last physical sector then the data you have wished to have overwrite might still exist on the drive and can be recovered.
So one overwrite is enough for HDD and newer and for flashbased media using the ATA Secure Erase is the way to go (if the drive already used internal encryption).
And if you really need to get rid of the data then physical destruction (shred + melt) of the storage is the only way left.
Doing a soft erase is nowadays not enough to guarantee that the data (or well part of data) cannot be recovered. Its good enough to be used to reuse a drive within the same information domain but I wouldnt count on it if you want to reset drives (who have stored sensitive data) to then be sold on Ebay or such.
Another workaround (before starting to use drives) is of course to apply your own encryption (preferly FDE - Full Disk Encryption) which the OS provides for you or apps such as VeraCrypt and similar.
This way even if parts of the storage is recovered its still in an encrypted form.