Hi all,
Honestly, I haven’t been keeping that up to date on securely wiping data off SSDs, and was wondering if anyone had a favourite (for reasons I’d love to here why!) and brownie points for your linux-tools to get the task done. Say dd or shred etc… dnf install secure-delete
Thoughts?
Securely deleting an SSD is kinda hard because wear leveling lets it write data all over the place instead of from the first sector to the last.
A shred command on a 240GB SSD may overwrite 240GB worth of data, but that doesn’t mean that all data is actually overwritten. Some data may have been overwritten twice, some not at all.
The best way to really make sure your data is gone, is to take an angle grinder and grind the chips themselves to dust.
Level1 has a video, but the focus is very much on hard drives. Not sure whether there’s any reason why it wouldn’t work on SSDs.
If I’m not mistaken one could reverse-engineer TRIM to do this? I’m not sure how one would go about doing that however
Magents, hammers and a blow torch.
Magnets/degausser does not work on nand memory. As far as I know there is no DoD form of sanitizing SSD memory short of destruction. My work has destroyed many an iPhone and SSD drive because of this.
Thanks all - appreciate the feedback. I’ll use shred for now.
There’s a way using hdparm to toggle crypto on the drive.
Checkout Gentoo and Arch wikis.
Backstory is that modern drives encrypt everything internally even if you haven’t asked them to, and toggling crypto makes them forget the key, it also marks the whole drive as GC-able from the perspective of the allocator.
Edit: if the drive is broken or you’re not looking to reuse it, it needs to be mechanically destroyed / ground to dust.
Cheers - in hindsight I should have led with that. I’m actually gifting a SSD I used, and just wanted any sensitive data wiped. I thought of doing a 7-pass wipe that Mac OS provides as a ‘secure wipe’ option, but then I wanted to see what options existed in linux cli apart from dding say /dev/random.
Thanks - I looked at an SSD on one of the other boxes,
* Data Set Management TRIM supported (limit 8 blocks)
* Deterministic read ZEROs after TRIM
Security:
Master password revision code = 65534
supported
not enabled
not locked
frozen
not expired: security count
supported: enhanced erase
2min for SECURITY ERASE UNIT. 2min for ENHANCED SECURITY ERASE UNIT.
I also just made sure all my current linux-based systems on SSDs have TRIM enabled, and they do. Pretty nice that it was enabled ‘automatically’ by both Fedora 26 and Ubuntu 16.04 LTS.
Will look into the ‘enhanced erase’
this is the process I used successfully on an ssd recently: https://ata.wiki.kernel.org/index.php/ATA_Secure_Erase , didn’t have to wait for more than a couple of seconds after each command and I had a nice and clear drive at the end. This particular drive was a WD built in 2016.
A single pass dd with /dev/urandom over the whole drive is enough for what you’re trying to do.
Other than that, there’s no way to securely delete a file on an SSD. To be secure, you have to encrypt the drive from day one. There’s a nice short write-up on ServerFault explaining why.
Oh I know that. I was more thinking like massive electro magnets. any magnetic parts in it will be ripped out or damaged in some way, rather than wiping it, just outright destruction. though the other two will largely take care of that.
I kind of want to see what would happen to an SSD with very powerful electro magnets now.
I do not see how an ATA Secure erase is effective against really good forensics, as it still does not get around the SSD firmware issue that makes it so absolutely no software option is approved by the DoD. Maybe its good enough for commercial as I do remember a boot camp mentioning it?
The latest DAAPM v1.1 approves cryptographic sanitation by deleting the key, but I haven’t seen this filter down into the real environment yet. In a civilian instance if you have good full disk encryption and a good process for destroying the key, IMO you can write off the disk as sanitized beyond any reasonable means of forensics.
oh, you’re worried that ata secure erase might not be disposing of keys properly, … hmmm
If a TPM is not used, right, I can’t trust that wiping the key really did wipe it. I believe at least some version of Windows will not let you use bitlocker if there isn’t a TPM in the hardware, and for larger enterprise I’d bet NetApp also has key storage external to the SSD array needing to be wiped.
Interestingly, these Samsung T3 drives does not have security enabled out of the box -
http://www.samsung.com/semiconductor/minisite/ssd/product/portable/t3.html
There’s a Win/Mac security enabler, but I never got around to trying it. I just ran shred and killed it at the 4th pass. It was hot enough that I could have cooked an egg on it…
If this is for Enterprise stuff, I created a script based on these hdparm commands and that is run on any SSD that is just being reused on-site. Any SSD that leaves the building is destroyed with before and after pictures.
As far as I know, Secure Erase is the only NIST approved software that can wipe SSDs (without destroying them) and be able to reuse them. However, it is not free.
Why is everyone suggesting destroying the drive first? If this was enterprise, and the drive was leaving the facility, then yes, destroy it. But what if the drive is just going to remain on-site and being used for something else?
