Not that long ago I had to erase an SSD, and found that DBAN doesn't work with SSDs :-( . So, I did find the following, which does seem to happily erase (securly I hope) SSDs, HDs and other read/write media (different code base, but exactly the same concept as DBAN) : https://aban.derobert.net/ Hope this helps. Colin. On Sat, Mar 23, 2024 at 10:50 AM Giles Orr via talk <talk@gtalug.org> wrote:
I have, for many years, used "Darik's Boot and Nuke" on a USB stick to securely wipe spinning hard disks. It takes a long time, but I mostly understand and trust the process.
I'm now at the point that I have to wipe and dispose of SSDs, and I'm feeling a bit shaky on the methodology. Here's what I did:
# hdparm -I /dev/sdX
Looked for enabled/locked/frozen in the output ... I won't go into making sure those are toggled correctly, but that appears to be needed. This also lists what appears to be info about doing a wipe on the drive:
6min for SECURITY ERASE UNIT, 60min for ENHANCED SECURITY ERASE UNIT
Then, set a password (why? but seems to be needed):
# hdparm --user-master u --security-set-pass foobar /dev/sdX
Last, run the wipe:
# hdparm --user-master u --security-erase-enhanced foobar /dev/sdX
Doing something like `dd if=/dev/sdX bs=5M count=5 | strings` (or sending it to `less`) definitely shows that it's changed from something organized to something full of identical characters. But I've never seen this wipe process take more than 60 seconds, which makes me wonder about the `hdparm` declaration about the time required for a secure wipe.
So I guess the big question is: should I trust this process? Do we really think it's securely wiped? Or should I be taking a hammer to the chips on the SSD because that's the only way to ensure it's fully wiped?
-- Giles https://www.gilesorr.com/ gilesorr@gmail.com --- Post to this mailing list talk@gtalug.org Unsubscribe from this mailing list https://gtalug.org/mailman/listinfo/talk