I grilled my local hardware security friend who said you should never trust the secure delete feature in ssd . In general it has been found insecure.

As mentioned the "Large grinder" seems like the only way to be sure.

On Sat., Mar. 23, 2024, 10:50 Giles Orr via talk, <talk@gtalug.org> wrote:
I have, for many years, used "Darik's Boot and Nuke" on a USB stick to
securely wipe spinning hard disks.  It takes a long time, but I mostly
understand and trust the process.

I'm now at the point that I have to wipe and dispose of SSDs, and I'm
feeling a bit shaky on the methodology.  Here's what I did:

    # hdparm -I /dev/sdX

Looked for enabled/locked/frozen in the output ... I won't go into
making sure those are toggled correctly, but that appears to be
needed.  This also lists what appears to be info about doing a wipe on
the drive:

    6min for SECURITY ERASE UNIT, 60min for ENHANCED SECURITY ERASE UNIT

Then, set a password (why? but seems to be needed):

    # hdparm --user-master u --security-set-pass foobar /dev/sdX

Last, run the wipe:

    # hdparm --user-master u --security-erase-enhanced foobar /dev/sdX

Doing something like `dd if=/dev/sdX bs=5M count=5 | strings` (or
sending it to `less`) definitely shows that it's changed from
something organized to something full of identical characters.  But
I've never seen this wipe process take more than 60 seconds, which
makes me wonder about the `hdparm` declaration about the time required
for a secure wipe.

So I guess the big question is: should I trust this process?  Do we
really think it's securely wiped?  Or should I be taking a hammer to
the chips on the SSD because that's the only way to ensure it's fully
wiped?

--
Giles
https://www.gilesorr.com/
gilesorr@gmail.com
---
Post to this mailing list talk@gtalug.org
Unsubscribe from this mailing list https://gtalug.org/mailman/listinfo/talk