Re: Wiping a disk partition

Reply: David Christensen : "Re: Wiping a disk partition"
In reply to: David Christensen : "Re: Wiping a disk partition"
Go to: [ bottom of page ] [ top of archives ] [ this month ]
From: Odhiambo Washington <odhiambo_at_gmail.com>
Date: Thu, 26 Jun 2025 07:38:23 UTC
On Thu, Jun 26, 2025 at 3:05 AM David Christensen <dpchrist@holgerdanske.com>
wrote:

> On 6/25/25 03:16, Odhiambo Washington wrote:
> > I have this:
> > ```
> > root@gw:/home/wash # df -h
> > Filesystem     Size    Used   Avail Capacity  Mounted on
> > /dev/ada0p2    1.8T    552G    1.1T    33%    /
> > devfs          1.0K      0B    1.0K     0%    /dev
> > fdescfs        1.0K      0B    1.0K     0%    /dev/fd
> > procfs         8.0K      0B    8.0K     0%    /proc
> > linprocfs      8.0K      0B    8.0K     0%    /compat/linux/proc
> > linsysfs       8.0K      0B    8.0K     0%    /compat/linux/sys
> > /dev/ada1p2    1.8T    856G    802G    52%    /disk2
> > ```
> >
> > What is the fastest way to wipe all data on /dev/ada1p2?
>
>
> If /dev/ada1 is an drive that supports the SCSI command "secure erase",
> this is the correct way to wipe *everything* on the drive -- contents
> such as slice/partition table, slices/partitions, file systems, etc..
> If the drive is an SSD, it also erases invisible contents -- dirty
> blocks being held in reserve (over-provisioning), etc..  Afterwards, you
> will need to re-create slice/ partition tables, slices/ partitions,
> filesystems, etc..
>
>
> Secure erase is also the fastest way to wipe an SSD, as the SSD
> controller has direct hardware access to the storage cells; the OS is
> not involved and no data is transferred over the HBA-drive bus.
>
>
> See camcontrol(8) -> Primary command functions -> security
>
>
> See also camcontrol(8) -> EXAMPLES
>
>
> But first, check the current security status of the drive.  Here is an
> SSD in my SOHO file server:
>
> 2025-06-25 16:22:32 toor@f5 ~
> # camcontrol security ada1
> pass5: <INTEL SSDSC2BW180A3L LE1i> ACS-2 ATA SATA 3.x device
> pass5: 600.000MB/s transfers (SATA 3.x, UDMA6, PIO 8192bytes)
>
> Security Option           Value
> supported                 yes
> enabled                   no
> drive locked              no
> security config frozen    yes
> count expired             no
> security level            high
> enhanced erase supported  yes
> erase time                4 min
> enhanced erase time       2 min
> master password rev       fffe
>
>
> Note that "security config frozen" is "yes".  This will block any
> attempt to secure erase the SSD.  My work-around is to use a computer
> with a hot-swap bay.  I boot FreeBSD and insert the SSD into the
> hot-swap bay.  "security config frozen" should then be "no".  I can then
> issue the secure erase command (untested):
>
> # camcontrol security ada1 -U user -s MyPass -e MyPass
>
>
> I believe the secure erase also resets the user and master passwords
> (untested).
>

So I looked at mine:

```
root@gw:/ # camcontrol security ada1
pass1: <Samsung SSD 870 EVO 2TB SVT02B6Q> ACS-4 ATA SATA 3.x device
pass1: 600.000MB/s transfers (SATA 3.x, UDMA6, PIO 512bytes)

Security Option           Value
supported                 yes
enabled                   no
drive locked              no
security config frozen    yes
count expired             no
security level            high
enhanced erase supported  yes
erase time                4 min
enhanced erase time       8 min
master password rev       fffe
```

However, I actually do not need "secure erase". I only wanted to know the
fastest way of emptying the partition.


-- 
Best regards,
Odhiambo WASHINGTON,
Nairobi,KE
+254 7 3200 0004/+254 7 2274 3223
 In an Internet failure case, the #1 suspect is a constant: DNS.
"Oh, the cruft.", egrep -v '^$|^.*#' ¯\_(ツ)_/¯ :-)
[How to ask smart questions:
http://www.catb.org/~esr/faqs/smart-questions.html]