0

I have a Debian Linux PC which I would like to have the HD completely wiped.

Is it possible to do this while running Linux, without having to insert a removable media and boot it? The HD to be format is the same Linux is running at the moment.

Improve this question

1 Answer 1

Reset to default
0

Yes, you can issue a "full erase" command to the disk, and you can just overwrite the disk through /dev regardless of its partitions being still mounted – people even do this by mistake; I've seen many cases of someone accidentally writing an .iso to their system disk instead of a USB stick.

Though while the filesystem is mounted, the OS might still write new data back to the HDD, e.g. after the superblock has been wiped the OS might end up writing it back. Also, the OS might crash due to trying to read filesystem structures that have already been erased from disk.

So for a full overwrite, you'd need to make some preparations, to reduce the OS background activity as much as possible. Ideally the only running process should be your root shell, nothing else that would cause the OS to read or write data.

  1. To achieve this, boot Linux in rescue mode – or if that's not possible, log in through text console or SSH, then shut down the GUI if it is running (stop the 'gdm' or 'lightdm' service). Also shut down any other services, especially those which would write data to disk (syslog, systemd-journald, httpd).

  2. Then unmount unnecessary partitions (like /home) and use mount -o remount,ro to remount the / filesystem read-only, or if that doesn't work, fsfreeze to pause any further writes it.

  3. Finally begin the erase. As mentioned before, at this point you could just overwrite the entire block device via /dev, but I would instead recommend using hdparm to issue an "ATA Secure Erase" command, which tells the disk to fully erase itself. This has only minor advantages for standard HDDs, but becomes much more important for SSDs as well as SMR HDDs, as it is able to erase even 'reallocated' locations that the OS cannot access.

    Note: For SATA SSDs prefer "ATA Enhanced Secure Erase" (for HDDs it doesn't matter). For NVMe disks, instead use the "Sanitize" command through nvme-cli. For SAS disks, sg_sanitize should be equivalent.

  4. When hdparm returns (1-2 hours later for HDDs, a few seconds for SSDs), just physically power off the machine. (You might be able to cause a poweroff via /proc/sysrq-trigger. The regular shutdown command won't work because you just erased it.)

(The exact hdparm commands have been deliberately left out.)

Improve this answer

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .