Re: SSD erase question

Reply: Damian Weber : "Re: SSD erase question"
In reply to: Sam Ricchio : "Re: SSD erase question"
Go to: [ bottom of page ] [ top of archives ] [ this month ]
From: Royce Williams <royce_at_techsolvency.com>
Date: Mon, 21 Mar 2022 17:26:25 UTC
Even multi-pass overwrite of SSDs is not a sufficient purge, due to how
writing is distributed / optimized on SSDs. So  dd / dc3dd is insufficient.

Only invoking the on-controller ATA Secure Erase / sanitize command (using
'camcontrol security -e' as Eugene said elsewhere in the thread) is the
validated[1] method:

    camcontrol security -s anypass -e anypass -y ada[X]

This also happens to be much faster than an overwrite, because it's
implemented as "encrypt the entire medium with a random key, then discard
the key".

1.
https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-88r1.pdf,
p. 36, Table A-8

-- 
Royce


On Mon, Mar 21, 2022 at 7:19 AM Sam Ricchio <sam.ricchio@gmail.com> wrote:

> On and SSD if you have erased everything ssd “garbage collection” should
> help you if the drive it powered on.
> But if you want to overwrite the drive
> A simple overwrite with a text pattern with dc3dd.
> dc3dd wipe=/dev/sdb tpat=nothingtoseehere
> However if you are still worried that some controller optimization is
> interfering
> with and actual memory location overwrite.  Go old school with dd and write
> a file of random to the existing file system until it runs out of space.
> dd if=/dev/urandon of=garbagetxtfile.txt
>
>
>
>
> On Mar 21, 2022, at 7:14 AM, Damian Weber <dweber@htwsaar.de> wrote:
>
>
> Hi all,
>
> I'd like to have an answer on a secure FreeBSD way to erase
> SSDs before giving these away to someone for reusing it.
>
> Is the following enough to protect confidential data
> previously stored there?
>
> 1)  dd : overwriting with random bits (complete capacity)
> 2)  gpart create
> 3)  gpart add
> 4)  newfs
>
> Details for an example with /dev/ada1 see below.
>
> Thanks a lot,
>
>   Damian
>
>
> # fdisk ada1
> ******* Working on device /dev/ada1 *******
> parameters extracted from in-core disklabel are:
> cylinders=484521 heads=16 sectors/track=63 (1008 blks/cyl)
>
> Figures below won't work with BIOS for partitions not in cyl 1
> parameters to be used for BIOS calculations are:
> cylinders=484521 heads=16 sectors/track=63 (1008 blks/cyl)
>
> Media sector size is 512
> Warning: BIOS sector numbering starts with sector 1
> Information from DOS bootblock is:
> The data for partition 1 is:
> sysid 238 (0xee),(EFI GPT)
>    start 1, size 488397167 (238475 Meg), flag 0
>        beg: cyl 0/ head 0/ sector 2;
>        end: cyl 1023/ head 255/ sector 63
> The data for partition 2 is:
> <UNUSED>
> The data for partition 3 is:
> <UNUSED>
> The data for partition 4 is:
> <UNUSED>
>
> # gpart show ada1
> =>       40  488397088  ada1  GPT  (233G)
>         40       1024     1  freebsd-boot  (512K)
>       1064  480246784     2  freebsd-ufs  [bootme]  (229G)
>  480247848    8149280     3  freebsd-swap  (3.9G)
>
> # dd if=/dev/random of=/dev/ada1 bs=512 count=488397088
>
> # gpart create -s gpt ada1
>
> # gpart add -t freebsd-ufs ada1
>
> # newfs -U /dev/ada1p1
>
>
>
>