90

I'm selling a computer with an SSD (it's a Lenovo ThinkPad Carbon X1). I wiped the drive using Parted Magic. I used the ATA method. I'm not sure what that is but it was the only setting available. It said it would take two minutes but the wipe was done in a few seconds. Is this expected behavior? It's not a major issue as the drive was encrypted with VeraCrypt, but I'm curious for future reference.

Improve this question
2
  • 14
    Since you mention that you encrypted the drive with VeraCrypt: the implementation of the Seure Wipe is in fact exactly the same as if you forgot your VeraCrypt passphrase. The data is rendered unreadable without having to delete it. The drive simply "forgets" its key.
    – Jörg W Mittag
    Commented Apr 9, 2018 at 13:34
  • 9
    Two seconds is more like it. But the field in the ATA spec where the drive gives an estimate of how long a secure erase takes is specified in minutes. This is a throwback to when most all media was rotational.
    – Michael Hampton
    Commented Apr 9, 2018 at 18:10

1 Answer 1

Reset to default
165

Modern SSDs use a technology called SED which allows instant erasure. It works by transparently encrypting the entire drive and keeping the key on the drive. ATA Secure Erase is then implemented by wiping the key alone, which renders the rest of the data immediately unreadable (assuming of course that it has been correctly implemented on that particular storage device). The reason two minutes specifically is quoted is because it is the minimum value the ATA protocol can report.

But note a potential caveat: Recovery of EEPROM data after bulk erase operation

Improve this answer
6
  • 34
    It's worth to note that this technique works only if the original key was proper and randomly chosen. Which is not always the case.
    – Agent_L
    Commented Apr 9, 2018 at 14:19
  • 1
    @Mindwin That says that older versions of hdparm artificially limited secure erase to 2 hours. Earlier on the page, it says "a 1TB hard disk it might take 3 hours or more!"
    – jaxad0127
    Commented Apr 9, 2018 at 19:35
  • 1
    @Agent_L For the Opal standard at least, the key is required to be made with an HWRNG.
    – forest
    Commented Apr 10, 2018 at 1:01
  • 6
    @forest There were numerous cases when a product was shipped with all-zero key. SSD on arrival should be assumed as poorly initialized unless proven otherwise. Just because a requirement exists doesn't mean that the manufacturer was successful in implementing it, an audit is necessary to prove it.
    – Agent_L
    Commented Apr 12, 2018 at 8:08
  • 5
    @forest AFAIR it was few years ago, well after Opal. Opal is a set of specifications. One can try to implement them but one can always fail. There are Opal test cases, but there is no certification, so you can't even look for "ssd with Opal TCG certificate". The only way to be sure is to reinitialize your drive on arrival.
    – Agent_L
    Commented Apr 26, 2018 at 9:14

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .