How to securely erase an SSD that doesn't support secure erase?

Question

I'm selling a laptop that was used to handle my personal data, and want to wipe the SSD before getting rid of it. However, I just realized that my SSD doesn't support any of the Sanitize or Secure Erase NVMe commands.

How can I securely clear my data from the drive? I've heard that overwriting it with zeroes or random data isn't enough and is additionally terrible for the drive itself.

I'd post a picture of the output of nvme id-ctrl and my secure erase attempts but apparently I'm not allowed to do so as a new user.

If the SSD is not already encrypted, your best option is to use FDE (and encrypt the empty space), then simply delete the partitions. This won't be 100%, since the firmware on it's own, prevents to many writes on specific cells. If you drive does not support ATA erase commands there is way to do it 100% — Ramhound, Commented Jul 1, 2020 at 21:12
Does this answer your question? How to securely delete files stored on a SSD? — Moab, Commented Jul 1, 2020 at 21:21
For the future: Turn on full disk encryption before the first bit of sensitive data touches the SSD. — gnasher729, Commented Jul 1, 2020 at 21:53
You can do Secure Erase for your NVMe drive via nvme-cli tool, github.com/linux-nvme/nvme-cli — Maksim Shamihulau, Commented Feb 22, 2021 at 11:23

Slartibartfast · Accepted Answer · 2020-07-01 21:16:16Z

0

If you are not selling it to a three-letter agency, and you don't have a specific fear of a nation-state learning the contents of the drive, you can simply overwrite once with zeros.

This will NOT protect the data with strong confidence, as there may be cells of the SSD that could still contain original data. However, it would take someone interested enough to work hard and spend money to recover the data on the drive.

The amount of money it would take is open for debate, but unless you are selling it to someone who is actively out to get you, you're probably fine, as they are most likely going to install an operating system and just use it.

Also, next time you set up a computer, make sure you encrypt the drive. That way you won't have this problem again.

answered Jul 1, 2020 at 21:16

Slartibartfast

8,1982 gold badges26 silver badges27 bronze badges

1

Probably better to overwrite with random data, and even better to overwrite with reasonable looking data. Like a gazillion images of butterflies, mixed with a gazillion copies of War and Peace. Overwriting with zeroes means the attacker will know exactly what was not overwritten. (And you can do obviously better than my example).
– gnasher729
Commented Jul 1, 2020 at 21:56
2

It is common for those in the security industry to assume a motivated, resource-rich attacker. If you start with that assumption, you are ahead of the game. In real life, the number of attackers is low, of those attackers the vast majority are not particularly motivated or resource rich, and the motivated and resource-rich attackers are not motivated by you (for most values of "you"). That said, sure, random data, why not. (IMHO, YMMV, BBQ)
– Slartibartfast
Commented Jul 1, 2020 at 22:52

Add a comment |

Stack Exchange Network

How to securely erase an SSD that doesn't support secure erase?

1 Answer 1

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged
ssd
security
secure-erase
.

Linked

Hot Network Questions

How to securely erase an SSD that doesn't support secure erase?

1 Answer 1

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged ssdsecuritysecure-erase.

Linked

Related

Hot Network Questions

Not the answer you're looking for? Browse other questions tagged
ssd
security
secure-erase
.