Secure Erase WD NVMe SSD?

Retsam

Retsam

2[H]4U
Joined
Sep 2, 2005
Messages
3,905
Trying to securely wipe a western digital nvme SSD. Preferably a program that makes a bootable usb stick to do it as I wont be able to do it while I am on the drive in windows obviously. Samsung has magician but of course it only supports samsung ssds... Western digital has a program which doesnt seem to work at all.... So...

Someone has to know this. Searching google, there doesnt seem to be a like mainstream generic program to secure erasing any SSD properly.

I just want to wipe a SSD without damaging it. What software are people using for this these days? I understand youre not just supposed to write 1's 0's on SSDs like old traditional programs did for hard drives.
 
I have zero experience with linux...

Is this something that can be loaded via usb stick and done that way like dos?
 
Retsam said:
I have zero experience with linux...

Is this something that can be loaded via usb stick and done that way like dos?
Click to expand...

His suggestion is a great option. The beauty of Linux is you can run it from a usb. You download an ISO and make a usb stick with Rufus. And done.

At that point you would need a formatting Util for Linux. Just come here and there are tons of people that can help.
 
At work we use Rufus to make boot sticks and Killdisk to erase. Killdisk isn't free though.
 
Some motherboard bioses have a secure erase feature. I know my HP laptop does.
 
So I guess I solved this. It looks like my motherboard DOES actually have a secure erase feature. Assuming it works the proper way as to not damage a SSD, I will just use that.

I looked before, it was hidden under the advanced settings section.
 
use diskpart and Clean reset the drive , initialize the SSD set it as MBR , make one full partition and do a Full format (the windows format is SSD TRIM aware) and the SSD will send a mass Trim command to the whole drive, note the FUll format might take the same time as a quick format as quick and full do the same FUll Trim command on all empty space on a SSD (witch will zero out any remaining data on the SSD) then use diskpart with clean command again to make it ready for selling (be careful clean command does not ask to wipe the drive so make sure you pick the right disk )

an empty SSD will be already mostly zeroed out any way Secure erase is really not necessary (thanks to TRIM a deleted file is gone in under 1 second and is not recoverable, the above ensures that the whole drive is Zeroed out)
 
likeman said:
use diskpart and Clean reset the drive , initialize the SSD set it as MBR , make one full partition and do a Full format (the windows format is SSD TRIM aware) and the SSD will send a mass Trim command to the whole drive, note the FUll format might take the same time as a quick format as quick and full do the same FUll Trim command on all empty space on a SSD (witch will zero out any remaining data on the SSD) then use diskpart with clean command again to make it ready for selling (be careful clean command does not ask to wipe the drive so make sure you pick the right disk )

an empty SSD will be already mostly zeroed out any way Secure erase is really not necessary (thanks to TRIM a deleted file is gone in under 1 second and is not recoverable, the above ensures that the whole drive is Zeroed out)
Click to expand...

This is not a true secure-erase. It will not delete any part of the SSD that the OS cannot access, such as spare/reassigned blocks, internal mapping tables, etc. A secure-erase (or sanitize, where supported) should do so. There are also often other options for additional security, such as wiping the encryption key used by the SSD (many recent, better SSDs always encrypt behind-the-scenes). Also, the secure-erase function is usually much faster.
 
An erase plus retrim (Optimize-Volume -ReTrim) actually will clear the OP space. A full erase is not necessary, a regular erase will wipe the mapping table (which is all a secure erase does!) and following with a retrim will engage a sanitize (secure erase with all blocks erased). OP/reserved space will be trimmed because that's the point of reserved space with the exception of metadata, but the erase/secure erase wipes the (mapping) metadata. (Windows with TRIM may leave data as RZAT, default flash value is "1" actually; let the drive idle between operations)
 
Last edited:
Maxx said:
An erase plus retrim (Optimize-Volume -ReTrim) actually will clear the OP space. A full erase is not necessary, a regular erase will wipe the mapping table (which is all a secure erase does!) and following with a retrim will engage a sanitize (secure erase with all blocks erased). OP/reserved space will be trimmed because that's the point of reserved space with the exception of metadata, but the erase/secure erase wipes the (mapping) metadata. (Windows with TRIM may leave data as RZAT, default flash value is "1" actually; let the drive idle between operations)
Click to expand...
How long does this take compared to using something like the dd command in Linux? I have just been booting to a Linux USB and running dd with the input file set to random and then doing 3 passes. It takes quite a bit of time (hours for an SSD) but I know it's wiped. If I could drop a drive on a USB adapter and just do this with TRIM in the background, it would be super convenient. I need to find out if TRIM works on USB connected drives. That could make this less useful for prepping drives for disposal/donation.
 
compcons said:
How long does this take compared to using something like the dd command in Linux? I have just been booting to a Linux USB and running dd with the input file set to random and then doing 3 passes. It takes quite a bit of time (hours for an SSD) but I know it's wiped. If I could drop a drive on a USB adapter and just do this with TRIM in the background, it would be super convenient. I need to find out if TRIM works on USB connected drives. That could make this less useful for prepping drives for disposal/donation.
Click to expand...

First, there's a mapping table, temporarily in RAM with a permanent copy on the NAND (in SLC and/or over-provisioned space). When you do a Secure Erase it wipes this table. More or less the same thing with a quick format. The blocks aren't actually erased. The retrim command (or equivalent) basically marks any unused sector as being available to erase. While default flash values are "1" (not 0) this will return certain values depending on the method/OS/drive, e.g. RZAT means the value returned is "0." The Sanitize command is basically Secure Erase + retrim for the erasing of blocks. With NAND drives you must erase a block before rewriting, however rewriting is not required to erase, if that makes sense. So the typical DoD 3-pass method for HDDs is unnecessary and even damaging. The drive will do this when idle (TRIM/background management/garbage collection). A user above mentions over-provisioned space which is traditionally a problem, however on modern drives any SLC in that space will be flushed when idle (aside from mapping/metadata which the format or secure erase removes) and the rest is intended to be trimmed ASAP - it is in fact not physical but logical blocks from the overall pool that's larger than user-accessible space, therefore given appropriate time this space should already be trimmed and erased (the point of OP is that the blocks are ready to be written).

When you go over USB you're engaging a bridge controller/chip which typically uses UASP, SCSI instead of ATA commands. So it engages UNMAP instead which is functionally equivalent to ATA's TRIM. There are some exceptions to this...very old enclosures, current consoles, etc. might not have UASP support. In general it's fairly easy to "wipe" SSDs in comparison to HDDs. It is possible to reconstruct a mapping table actually which is why a secure erase is not necessarily secure (but keep in mind, it will trim eventually).

How long does it take? For general TLC it's about 15ms for an erase (block) versus 4000us for a write (average of three bits/pages - per page). TLC block size varies, up to 24MB.
 
Last edited:
Thanks for the enlightenment. This may really cut down on the grind of wiping SSDs.
 
For clarity, a sanitize is optimal for wiping a SSD. If you secure erase or quick format, everything is marked as empty which removes the mapping data and the drive will eventually erase/reclaim the space. Something like ReTrim will TRIM/UNMAP all unused sectors (all after a format/SE) and on modern SSDs may return values depending e.g. RZAT if the drive supports it. A secure erase may also TRIM. The blocks are then eventually reclaimed/erased to prepare for the next writing. (note that retrim works only on a volume)

NVMe-CLI can help here, with the nvme sanitize command and the sanitize log for NVMe devices at least. Also hdparm for ATA (sanitize block erase). Or something like block erase on Micron drives. Otherwise you must wait and give the drive time to idle and erase - as Micron states, you can "prove" it is sanitized by using data recovery software.
 
Last edited:
I personally coughed up the $11 to buy this https://partedmagic.com/

Works great, and once you have a copy of the media you can do whatever with it. No DRM that I can see. I've used it to erase anything under the sun. SATA, NVMe, SAS drives...

It also boots on anything I can find. Even old nasty LGA771 stuff.
 
using DD on a SSD is really not recommended doing 3x Write erase is not going to do any more then 1x or a full format Trim erase does >, a quick or full format under windows (does same thing as far as i know as both sends a Full trim command to all empty space, as both take the same time to complete, windows Format tool from windows 7 onwards is SSD TRIM aware)

it might take about 2 minutes in the background of the SSD to complete the free space TRIM command Format will finish almost right away (samsung que's it as lowest priority so it does it without interfering with user experience, other SSDs annoying do it when your still trying to use the SSD causing it to go slow until it finishes, on in my Toshiba XG3 case it actually hang the PC for 1 minute if i delete 200GB off it)

or related Trim tool built into linux (sure there is a Trim tool)

(most tools that say they do a secure erase means they actually Write random data to the drive not an actual secure erase, if a secure erase takes more then 2 minutes on a SSD its not a secure erase its a Writing random data onto all LBA blocks on the disk)

most don't realize once you Delete a file in under 1 second that file is Zeroed out on a SSD (windows NTFS Trim is sent to where the data was stored), when a file deleted its not recoverable on windows 10 if you have a SSD installed, unless you turn back on shadow copies via task scheduler witch i do (so i can actually recover deleted files that people delete that they did not want deleted), system restore on windows 10 only backups some system files and registry to allow a roll back on a windows update
 
Last edited:
Yes, Secure Erase and format both wipe just the mapping table and send TRIM although you can optimize/retrim to be certain. On many drives this will already make the data return certain values (e.g. RZAT) but otherwise you can wait for it to erase the blocks when idling the drive. But as listed above in my other reply you can also sanitize or erase blocks manually with certain tools if need be. Overwriting is not required.
 
You must log in or register to reply here.
Back
Top