(Note: This is a follow-up to ATA Secure Erase (SE) and hdparm, which includes suggestions for working around frozen drives and more. See also NVMe Secure Erase and NVMe Sanitize in this series.)
These procedures will irretrievably destroy data.
The ATA Sanitize Device feature set commands are preferred over the [...] ATA Security feature set SECURITY ERASE UNIT command when supported by the ATA device.
For new applications, it is recommended to use the CRYPTO SCRAMBLE EXT command from the SANITIZE feature set. This is preferred over the SECURITY ERASE UNIT command since SANITIZE is supported in both the T10 standard (SCSI) and the T13 standard (ATA), and for all derived busses.
Finally, SanDisk states:
Secure Erase is different from Sanitize because it only deletes the mapping table but will not erase all blocks that have been written to. Sanitize will delete the mapping table and will erase all blocks that have been written to. Therefore, Secure Erase is faster to complete than Sanitize. After you erase the drive using Secure Erase or Sanitize, all user data will be permanently destroyed on the selected drive. This data cannot be recovered.
A supported drive:
hdparm --sanitize-status /dev/sdx
/dev/sdx:
Issuing SANITIZE_STATUS command
Sanitize status:
State: SD0 Sanitize Idle
Last Sanitize Operation Completed Without ErrorAn unsupported drive:
hdparm --sanitize-status /dev/sdx
/dev/sdx:
SANITIZE feature set is not supportedThis drive supports SANITIZE BLOCK ERASE:
hdparm -I /dev/sdx
...
Commands/features:
Enabled Supported:
...
* SANITIZE feature set
* BLOCK_ERASE_EXT command
...while this drive supports SANITIZE CRYPTOGRAPHIC SCRAMBLE and SANITIZE OVERWRITE:
hdparm -I /dev/sdx
...
Commands/features:
Enabled Supported:
...
* SANITIZE feature set
* CRYPTO_SCRAMBLE_EXT command
* OVERWRITE_EXT command
...The SANITIZE OPERATION START EXT - BLOCK ERASE command shall start a sanitize operation which shall cause Block Erase operations on all user data. The SANITIZE BLOCK ERASE operation shall also remove user data held in caches and pin setting attributes (see 4.16).
The SANITIZE OPERATION START EXT- BLOCK ERASE shall only be reported as supported if the internal media supports Block Erase operations (e.g. NAND FLASH, see [ONFI]).
After a successful SANITIZE BLOCK ERASE operation, the contents of the user data area are indeterminate.
The SANITIZE OPERATION START EXT - BLOCK ERASE shall only be processed if:
a) the Sanitize Device feature set is supported;
b) the BLOCK ERASE method is supported; and
c) the device is in the Sanitize Idle state, the Sanitize Operation Failed state, or the Sanitize Operation Succeeded state .
—Section 7.x.4.2 of T13's Sanitize Device Command Proposal, Revision 67
hdparm --yes-i-know-what-i-am-doing --sanitize-block-erase /dev/sdx
/dev/sdx:
Issuing SANITIZE_BLOCK_ERASE command
Operation started in background
You may use `--sanitize-status` to check progresshdparm --sanitize-status /dev/sdx
/dev/sdx:
Issuing SANITIZE_STATUS command
Sanitize status:
State: SD0 Sanitize Idle
Last Sanitize Operation Completed Without Errordd if=/dev/sdx bs=8192 status=progress | hexdump
0000000 0000 0000 0000 0000 0000 0000 0000 0000
*
...
250059350016 bytes (250 GB, 233 GiB) copied, 904.6 s, 276 MB/sThe SANITIZE OPERATION START EXT - CRYPTOGRAPHIC SCRAMBLE command shall start a sanitize operation which shall change the internal encryption keys that are used for user data. The SANITIZE CRYPTOGRAPHIC SCRAMBLE operation shall also remove user data held in caches and pin setting attributes (see 4.16).
The SANITIZE OPERATION START EXT- CRYPTOGRAPHIC SCRAMBLE shall only be reported as supported if all user data is affected by changing internal encryption keys.
After a successful cryptographic scramble, the contents of the user data area may be indeterminate.
The SANITIZE OPERATION START EXT - CRYPTOGRAPHIC SCRAMBLE shall only be processed if:
a) the SANITIZE DEVICE feature set is supported;
b) the CRYPTOGRAPHIC SCRAMBLE method is supported; and
c) the device is in the Sanitize Idle state, the Sanitize Operation Failed state, or the Sanitize Operation Succeeded state .
—Section 7.x.3.2 of T13's Sanitize Device Command Proposal, Revision 67
#hdparm --yes-i-know-what-i-am-doing --sanitize-crypto-scramble /dev/sdx/dev/sdx: Issuing SANITIZE_CRYPTO_SCRAMBLE command Operation started in background You may use `--sanitize-status` to check progress #hdparm --sanitize-status /dev/sdx/dev/sdx: Issuing SANITIZE_STATUS command Sanitize status: State: SD0 Sanitize Idle Last Sanitize Operation Completed Without Error
WARNING: This command destroyed two good 8TB HGST HUH728080ALE600 hard drives (each in a different computer) after running for ≈15 hours and only progressing to ≈5% complete. Immediately beforehand, the drives had completed ATA SECURE ERASE in ≈13.5 hours without incident. Running it on a 4TB WDC WD4002FYYZ-01B7CB0 HDD took almost 120 hours (versus around 7 hours for either ATA SECURE ERASE or hexdump to complete afterwards). Thanks to Beren Scott for sharing the cause via email: an overwrite pass count of zero equals 16 overwrite passes. And many thanks to Michal Grzedzicki for posting the issue to hdparm's bug tracker, linking to this page, and writing a patch to specify the pass count (which Mark Lord kindly integrated into hdparm version 9.63).
The SANITIZE OPERATION START EXT - OVERWRITE command shall start a sanitize operation which fills the user data area with a four byte pattern passed in the LBA field of the command. Parameters for this method include a count for multiple overwrites and the option to invert the four byte pattern between consecutive overwrite passes. The SANITIZE OVERWRITE operation shall also remove user data held in caches and pin setting attributes (see 4.16).
After a successful SANITIZE OVERWRITE operation affected data blocks shall contain valid ECC.
The SANITIZE OPERATION START EXT - OVERWRITE shall only be processed if:
a) the Sanitize Device feature set is supported;
b) the OVERWRITE method is supported; and
c) the device is in the Sanitize Idle state, the Sanitize Operation Failed state, or the Sanitize Operation Succeeded state.
—Section 7.x.5.2 of T13's Sanitize Device Command Proposal, Revision 67
#hdparm --yes-i-know-what-i-am-doing --sanitize-overwrite-passes 1 --sanitize-overwrite hex:11111111 /dev/sdx/dev/sdx: Issuing SANITIZE_OVERWRITE command Operation started in background You may use `--sanitize-status` to check progress #hdparm --sanitize-status /dev/sdx/dev/sdx: Issuing SANITIZE_STATUS command Sanitize status: State: SD2 Sanitize operation In Process Progress: 0x0 (0%)
How do I Secure Erase or Sanitize my SanDisk SSD drive? - Includes SECURE ERASE and SANITIZE support for some SanDisk SSDs.
Crucial Storage Executive - Includes SANITIZE support for MX-series, BX-series, M550, and M500 SSDs.
created: 2018.06.10, updated: 2022.11.19