Re: Wiping a disk partition

Reply: Dewayne Geraghty : "Re: Wiping a disk partition"
Reply: Odhiambo Washington : "Re: Wiping a disk partition"
In reply to: Odhiambo Washington : "Wiping a disk partition"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: David Christensen <dpchrist_at_holgerdanske.com>
Date: Thu, 26 Jun 2025 00:05:00 UTC

On 6/25/25 03:16, Odhiambo Washington wrote:
> I have this:
> ```
> root@gw:/home/wash # df -h
> Filesystem     Size    Used   Avail Capacity  Mounted on
> /dev/ada0p2    1.8T    552G    1.1T    33%    /
> devfs          1.0K      0B    1.0K     0%    /dev
> fdescfs        1.0K      0B    1.0K     0%    /dev/fd
> procfs         8.0K      0B    8.0K     0%    /proc
> linprocfs      8.0K      0B    8.0K     0%    /compat/linux/proc
> linsysfs       8.0K      0B    8.0K     0%    /compat/linux/sys
> /dev/ada1p2    1.8T    856G    802G    52%    /disk2
> ```
> 
> What is the fastest way to wipe all data on /dev/ada1p2?

If /dev/ada1 is an drive that supports the SCSI command "secure erase", 
this is the correct way to wipe *everything* on the drive -- contents 
such as slice/partition table, slices/partitions, file systems, etc.. 
If the drive is an SSD, it also erases invisible contents -- dirty 
blocks being held in reserve (over-provisioning), etc..  Afterwards, you 
will need to re-create slice/ partition tables, slices/ partitions, 
filesystems, etc..

Secure erase is also the fastest way to wipe an SSD, as the SSD 
controller has direct hardware access to the storage cells; the OS is 
not involved and no data is transferred over the HBA-drive bus.

See camcontrol(8) -> Primary command functions -> security

See also camcontrol(8) -> EXAMPLES

But first, check the current security status of the drive.  Here is an 
SSD in my SOHO file server:

2025-06-25 16:22:32 toor@f5 ~
# camcontrol security ada1
pass5: <INTEL SSDSC2BW180A3L LE1i> ACS-2 ATA SATA 3.x device
pass5: 600.000MB/s transfers (SATA 3.x, UDMA6, PIO 8192bytes)

Security Option           Value
supported                 yes
enabled                   no
drive locked              no
security config frozen    yes
count expired             no
security level            high
enhanced erase supported  yes
erase time                4 min
enhanced erase time       2 min
master password rev       fffe

Note that "security config frozen" is "yes".  This will block any 
attempt to secure erase the SSD.  My work-around is to use a computer 
with a hot-swap bay.  I boot FreeBSD and insert the SSD into the 
hot-swap bay.  "security config frozen" should then be "no".  I can then 
issue the secure erase command (untested):

# camcontrol security ada1 -U user -s MyPass -e MyPass

I believe the secure erase also resets the user and master passwords 
(untested).

David