Note that this is not permanent and will be restored after boot. We change the value to the real maximum sector count. Here, the numbers are the same which indicates that HPA is disabled. On the right side we have the real hardware sector limit of the disk, on the left side we see the value set for the HPA. We will see something like the following if HPA is disabled: /dev/sda: This is a protected area which will not be erased if we overwrite the whole disk. Let’s check if there is any HPA (Host Protected Area). Multiple overwriting would be another option if we want to keep the drive. That was quick, what? Our drive should be erased.
Issuing SECURITY_ERASE command, password="PASS", user=user The output will look like this and we have to wait a while: security_password="PASS" Hdparm -user-master u -security-erase PASS /dev/sdx Once the drive is not frozen, we can start the Secure Erase procedure.Īctivating security (we can replace PASS with whatever we like): hdparm -user-master u -security-set-pass PASS /dev/sdx Now we use hdparm again to check if the drive is unfrozen: hdparm -I /dev/sdx This will remove the frozen status from the disk. We send our system to sleep and wake it up again. There is a simple solution which worked for my SSD’s. We also see that our disk in not frozen, which is good. Enhanced secure erase writes predetermined data patterns (set by the manufacturer) to all user data areas. Secure erase overwrites all user data areas with binary zeroes. I asked Kingston and they answered as follows: So what is the difference?Īnd again, it’s the manufacturer who would need to tell us. First we’ll check if ATA Secure Erase is supported by the drive: hdparm -I /dev/sdxĢmin for SECURITY ERASE UNIT. The drive must be connected via SATA or ESATA, USB won’t work.
Let’s say we trust those guys and use this feature to erase our SSD. So you need to trust the vendor in this case, which is a bad idea in general. Various scientific papers proofed that this feature is not always implemented the right way and sometimes the data is not even erased. I say ‘pretend’ as this is not always working like expected. It pretends to securely erase a SSD in just a few minutes (or less). The ATA Secure Erase command is a feature implemented by the manufacturer of a Solid State Drive. Someone would need to put some effort into this to (maybe) get to (some of) your data. Note that a data recovery will most likely only be possible by pulling out the flash and accessing it directly. There are studies out there showing that the data could be recovered even after overwriting multiple times. You could use the build in ATA Secure Erase command (if your drive supports that), or you can overwrite the SSD multiple times, but… Well, you can, but that means that you need to use a hammer. I haven't done anything like this before.Perhaps you can’t. (2) Use hdparm to do an ATA secure erase. (1) Make a Linux boot USB to boot into Linux on the USB.
(2) Install the secure erase software on it (if that is even possible) (3) run it from the USB That could serve as a kind of secure delete, and I wouldn't have to reinstall Windows.
So ideally that is what I want to do, but I can't find one for Toshiba SSDs.Īlternatatively I could rely on TRIM plus overwriting the entries of deleted files in the NTFS MFT. I know SSDs can be zeroed directly by resetting the NAND cells, and manufacturers like Samsung have applications to do that. I want to securely erase my C: drive, a Toshiba XG5 NVMe 512GB SSD, without wearing it with deletes.