Wipe Disks: Difference between revisions
(Created page with " For HDDs, you need to overwrite everything. For SSDs, the BIOS can typically invoke a secure erase. ==Using shred== <pre> shred -v -n1 /dev/sda </pre>") |
No edit summary |
||
| Line 3: | Line 3: | ||
For SSDs, the BIOS can typically invoke a secure erase. | For SSDs, the BIOS can typically invoke a secure erase. | ||
==Using shred== | ==HDDs - Using shred== | ||
<pre> | <pre> | ||
shred -v -n1 /dev/sda | shred -v -n1 /dev/sda | ||
</pre> | </pre> | ||
==SSDs - ATA Secure erase== | |||
[https://ata.wiki.kernel.org/index.php/ATA_Secure_Erase https://ata.wiki.kernel.org/index.php/ATA_Secure_Erase] | |||
Generally you do not want to write a bunch of zeros or random data to SSDs which would create significant wear. | |||
For performance reasons, SSDs typically encrypt data internally. | |||
A secure erase on an SSD will just generate a new internal encryption key, taking only a few minutes and avoiding unnecessary wear. | |||
<syntaxhighlight lang="bash"> | |||
DEVICE=/dev/sdb | |||
# Check if device is frozen | |||
# On Ubuntu live, you may need to sleep and wake the system | |||
sudo hdparm -I $DEVICE | |||
# Set a password to Eins | |||
sudo hdparm --user-master u --security-set-pass Eins $DEVICE | |||
# Check that the master password is enabled | |||
sudo hdparm -I /dev/sda | |||
# Run secure erase (wipes internal encryption key) | |||
sudo hdparm --user-master u --security-erase Eins $DEVICE | |||
# Or for secure erase enhanced (takes longer, wipes multiple times) | |||
sudo hdparm --user-master u --security-erase-enhanced Eins $DEVICE | |||
# After a few minutes, check that the master password is disabled | |||
sudo hdparm -I /dev/sda | |||
</syntaxhighlight> | |||
==NVME - Secure Erase== | |||
[https://askubuntu.com/questions/1310338/how-to-secure-erase-a-nvme-ssd reference] | |||
Revision as of 02:14, 22 January 2023
For HDDs, you need to overwrite everything.
For SSDs, the BIOS can typically invoke a secure erase.
HDDs - Using shred
shred -v -n1 /dev/sda
SSDs - ATA Secure erase
https://ata.wiki.kernel.org/index.php/ATA_Secure_Erase
Generally you do not want to write a bunch of zeros or random data to SSDs which would create significant wear. For performance reasons, SSDs typically encrypt data internally. A secure erase on an SSD will just generate a new internal encryption key, taking only a few minutes and avoiding unnecessary wear.
DEVICE=/dev/sdb
# Check if device is frozen
# On Ubuntu live, you may need to sleep and wake the system
sudo hdparm -I $DEVICE
# Set a password to Eins
sudo hdparm --user-master u --security-set-pass Eins $DEVICE
# Check that the master password is enabled
sudo hdparm -I /dev/sda
# Run secure erase (wipes internal encryption key)
sudo hdparm --user-master u --security-erase Eins $DEVICE
# Or for secure erase enhanced (takes longer, wipes multiple times)
sudo hdparm --user-master u --security-erase-enhanced Eins $DEVICE
# After a few minutes, check that the master password is disabled
sudo hdparm -I /dev/sda