Page 1 of 1
Securely delete all data on external SSD
Posted: Tue Oct 24, 2023 1:35 pm
by Aronticuz
Hi
Background
I need to dispose/return a SSD drive and need to erase all data on the drive first.
Help
How to do that using MX linux?
Thanks!
ps yes I have 23.1 on the other computer. It looks fine
end of ps
QSI
Code: Select all
System: Kernel: 6.1.0-12mx-ahs-amd64 [6.1.52-1~mx21ahs] x86_64 bits: 64 compiler: gcc v: 10.2.1
parameters: BOOT_IMAGE=/boot/vmlinuz-6.1.0-12mx-ahs-amd64 root=UUID=<filter> ro hush
loglevel=0 quiet init=/lib/systemd/systemd
Desktop: KDE Plasma 5.20.5 wm: kwin_x11 vt: 7 dm: SDDM
Distro: MX-21.3_KDE_x64 Wildflower January 15 2023
base: Debian GNU/Linux 11 (bullseye)
Machine: Type: Mini-pc Mobo: AZW model: S5 v: V1.0 serial: <filter>
UEFI: American Megatrends LLC. v: 5800H502 date: 02/15/2023
CPU: Info: 8-Core model: AMD Ryzen 7 5800H with Radeon Graphics bits: 64 type: MT MCP
arch: Zen 3 family: 19 (25) model-id: 50 (80) stepping: 0 microcode: A50000D cache:
L2: 4 MiB
flags: avx avx2 lm nx pae sse sse2 sse3 sse4_1 sse4_2 sse4a ssse3 svm bogomips: 102206
Speed: 1300 MHz min/max: 1200/3200 MHz boost: enabled Core speeds (MHz): 1: 1300
2: 1200 3: 1300 4: 1200 5: 2077 6: 1200 7: 1200 8: 1200 9: 1200 10: 3200 11: 1200
12: 1200 13: 1200 14: 1200 15: 1300 16: 1200
Vulnerabilities: Type: gather_data_sampling status: Not affected
Type: itlb_multihit status: Not affected
Type: l1tf status: Not affected
Type: mds status: Not affected
Type: meltdown status: Not affected
Type: mmio_stale_data status: Not affected
Type: retbleed status: Not affected
Type: spec_rstack_overflow mitigation: safe RET, no microcode
Type: spec_store_bypass mitigation: Speculative Store Bypass disabled via prctl
Type: spectre_v1 mitigation: usercopy/swapgs barriers and __user pointer sanitization
Type: spectre_v2 mitigation: Retpolines, IBPB: conditional, IBRS_FW, STIBP: always-on,
RSB filling, PBRSB-eIBRS: Not affected
Type: srbds status: Not affected
Type: tsx_async_abort status: Not affected
Graphics: Device-1: AMD Cezanne driver: amdgpu v: kernel bus-ID: 04:00.0 chip-ID: 1002:1638
class-ID: 0300
Display: x11 server: X.Org 1.20.14 compositor: kwin_x11 driver: loaded: amdgpu,ati
unloaded: fbdev,modesetting,vesa display-ID: :0 screens: 1
Screen-1: 0 s-res: 1920x1080 s-dpi: 96 s-size: 508x285mm (20.0x11.2")
s-diag: 582mm (22.9")
Monitor-1: HDMI-A-0 res: 1920x1080 hz: 60 dpi: 85 size: 575x323mm (22.6x12.7")
diag: 660mm (26")
OpenGL: renderer: AMD RENOIR (LLVM 14.0.5 DRM 3.49 6.1.0-12mx-ahs-amd64)
v: 4.6 Mesa 22.0.5 direct render: Yes
Audio: Device-1: AMD Renoir Radeon High Definition Audio driver: snd_hda_intel v: kernel
bus-ID: 04:00.1 chip-ID: 1002:1637 class-ID: 0403
Device-2: AMD ACP/ACP3X/ACP6x Audio Coprocessor driver: snd_rn_pci_acp3x v: kernel
alternate: snd_pci_acp3x,snd_pci_acp5x,snd_pci_acp6x bus-ID: 04:00.5 chip-ID: 1022:15e2
class-ID: 0480
Device-3: AMD Family 17h/19h HD Audio driver: snd_hda_intel v: kernel bus-ID: 04:00.6
chip-ID: 1022:15e3 class-ID: 0403
Sound Server-1: ALSA v: k6.1.0-12mx-ahs-amd64 running: yes
Sound Server-2: PulseAudio v: 14.2 running: yes
Network: Device-1: Realtek RTL8111/8168/8411 PCI Express Gigabit Ethernet driver: r8169
v: kernel port: f000 bus-ID: 01:00.0 chip-ID: 10ec:8168 class-ID: 0200
IF: eth0 state: up speed: 1000 Mbps duplex: full mac: <filter>
Device-2: Intel Wi-Fi 6 AX200 driver: iwlwifi v: kernel modules: wl port: f000
bus-ID: 02:00.0 chip-ID: 8086:2723 class-ID: 0280
IF: wlan0 state: down mac: <filter>
Bluetooth: Device-1: Intel AX200 Bluetooth type: USB driver: btusb v: 0.8 bus-ID: 3-3:4
chip-ID: 8087:0029 class-ID: e001
Report: hciconfig ID: hci0 rfk-id: 6 state: down bt-service: enabled,running rfk-block:
hardware: no software: no address: <filter>
Info: acl-mtu: 1021:4 sco-mtu: 96:6 link-policy: rswitch sniff link-mode: slave accept
Drives: Local Storage: total: 1.38 TiB used: 420.93 GiB (29.9%)
SMART Message: Unable to run smartctl. Root privileges required.
ID-1: /dev/nvme0n1 maj-min: 259:0 vendor: Kingston model: OM8SEP4512N-A0
size: 476.94 GiB block-size: physical: 512 B logical: 512 B speed: 63.2 Gb/s lanes: 4
type: SSD serial: <filter> rev: SBM01100 temp: 33.9 C scheme: GPT
ID-2: /dev/sda maj-min: 8:0 vendor: Crucial model: CT1000MX500SSD1 size: 931.51 GiB
block-size: physical: 4096 B logical: 512 B speed: 6.0 Gb/s type: SSD serial: <filter>
rev: 043 scheme: GPT
Partition: ID-1: / raw-size: 203.12 GiB size: 198.87 GiB (97.91%) used: 21.24 GiB (10.7%) fs: ext4
dev: /dev/sda2 maj-min: 8:2
ID-2: /boot/efi raw-size: 256 MiB size: 252 MiB (98.46%) used: 283 KiB (0.1%) fs: vfat
dev: /dev/sda1 maj-min: 8:1
ID-3: /home raw-size: 720.14 GiB size: 707.77 GiB (98.28%) used: 399.14 GiB (56.4%)
fs: ext4 dev: /dev/sda4 maj-min: 8:4
Swap: Kernel: swappiness: 15 (default 60) cache-pressure: 100 (default)
ID-1: swap-1 type: partition size: 8 GiB used: 558.8 MiB (6.8%) priority: -2
dev: /dev/sda3 maj-min: 8:3
Sensors: Message: No sensor data found. Is lm-sensors configured?
Repos: Packages: 2845 note: see --pkg apt: 2832 lib: 1506 flatpak: 13
No active apt repos in: /etc/apt/sources.list
Active apt repos in: /etc/apt/sources.list.d/debian-stable-updates.list
1: deb http://deb.debian.org/debian bullseye-updates main contrib non-free
Active apt repos in: /etc/apt/sources.list.d/debian.list
1: deb http://deb.debian.org/debian bullseye main contrib non-free
2: deb http://security.debian.org/debian-security bullseye-security main contrib non-free
Active apt repos in: /etc/apt/sources.list.d/google-chrome.list
1: deb [arch=amd64] https://dl.google.com/linux/chrome/deb/ stable main
Active apt repos in: /etc/apt/sources.list.d/librewolf.list
1: deb [arch=amd64] http://deb.librewolf.net bullseye main
Active apt repos in: /etc/apt/sources.list.d/mx.list
1: deb http://mxlinux.mirrors.uk2.net/packages/mx/repo/ bullseye main non-free
2: deb http://mxlinux.mirrors.uk2.net/packages/mx/repo/ bullseye ahs
Info: Processes: 338 Uptime: 9h 4m wakeups: 0 Memory: 12.59 GiB used: 3.28 GiB (26.0%)
Init: systemd v: 247 runlevel: 5 default: 5 tool: systemctl Compilers: gcc: 10.2.1
alt: 10 Client: shell wrapper v: 5.1.4-release inxi: 3.3.06
Boot Mode: UEFI
Re: Securely delete all data on external SSD [Solved]
Posted: Tue Oct 24, 2023 2:09 pm
by Charlie Brown
" dd zero "
Simplest. There are also tools, Bleachbit etc.
In the meantime, there are always discussions: on "zero or random" and "1 pass or more"..
But even 1 pass is enough and zero is either faster also better (long story).
So, if you like, you can do: "dd zero" then "dd random" (or the vice versa ...)
All you need is a terminal.
i.e.
Code: Select all
sudo dd if=/dev/zero of=/dev/sdX conv=noerror,sync,notrunc status=progress
It's also possible to add , say, bs=1M or say 4M to make it faster, but without that (the above way) will be "bit-for-bit" (perfect)..
...Just change the /dev/zero to /dev/random (when needed) and of=/dev/sdX to whatever it is, say ../nvme0
Also if it's very big and will take long time, you can first add bs=.. then do it (the last one) plain ...
You can first open power manager and set it to never suspend etc. and plug the AC, then start before going to dinner etc.. (can turn off the monitor manually).
Re: Securely delete all data on external SSD
Posted: Tue Oct 24, 2023 2:19 pm
by Aronticuz
@Charlie Brown You da man Charlie Brown! Da Man!!!
I found reference to nwipe on MX Package Manager > researched nwipe on a famously infamous alt: infamously famous (?) search engine and guess what!
nwipe is available too. It is running now on another computeron 3 standard DOD thingies with a run of zero at the end.
For belt n braces I will follow advice given above as well.
Item closed based on input from Charlie Brown - cos as evribody knows - he da man!
Re: Securely delete all data on external SSD
Posted: Tue Oct 24, 2023 2:23 pm
by Charlie Brown
Thank you so much :)
Added some more info (edited the above).
In the meantime: There's no evident till now that somebody on Earth managed to restore data after just 1 pass of zero . (for those who might wonder)
Re: Securely delete all data on external SSD
Posted: Tue Oct 24, 2023 2:30 pm
by Charlie Brown
Forgot to say: You can stop it anytime you like (say you noticed it'll take very long and you want to try another way..) you can press Ctrl+C and it'll stop (just the rest will stay un-done )
Re: Securely delete all data on external SSD
Posted: Tue Oct 24, 2023 3:32 pm
by count-72-on-fingers
Hello
Just a note, in case anyone finds it helpful...
SSD erasure.
As far as I know there is no certain method of achieving this. The problem is the controller-chip - you cannot be sure that all NAND-cells have been written to. With an HDD the situation is different; you have good tools and can be sure.
When you begin to work with an SSD - if the data you will put on the SSD is highly confidential, consider firstly encrypting the drive before you save anything to it. Then if you wish to recycle or give away the drive just destroy the password and reformat the drive with a new partition table. If more confidentiality is required use tools to physically destroy the drive.
Re: Securely delete all data on external SSD
Posted: Tue Oct 24, 2023 5:12 pm
by rijnsma11111
count-72-on-fingers wrote: Tue Oct 24, 2023 3:32 pm
[..]
If more confidentiality is required use tools to physically destroy the drive.
Re: Securely delete all data on external SSD
Posted: Tue Oct 24, 2023 5:34 pm
by Aronticuz
Charlie Brown wrote: Tue Oct 24, 2023 2:23 pm
Thank you so much :)
Added some more info (edited the above).
In the meantime: There's no evident till now that somebody on Earth managed to restore data after just 1 pass of zero . (for those who might wonder)
@Charlie Brown
I ctrl-C outa nwipe when my option jumed from 19 hours completion to 24 hours to complete and looked like it might go on a bit more.
So took your advice and started a run of all zeroes.
Thank you for your help
Re: Securely delete all data on external SSD
Posted: Tue Oct 24, 2023 5:39 pm
by Aronticuz
count-72-on-fingers wrote: Tue Oct 24, 2023 3:32 pm
abridged ..
Then if you wish to recycle or give away the drive just destroy the password and reformat the drive with a new partition table. If more confidentiality is required use tools to physically destroy the drive.
This sounds good to me too.
Naively encrypt juggle stuff about and try a reformat over the encryption?
Re: Securely delete all data on external SSD
Posted: Tue Oct 24, 2023 5:43 pm
by Aronticuz
I did wonder if there is a basis for a mish-mash wipe of randomized nwipe options.
If there are software hacks one way to confuse them MIGHT be to vary those options as randomly as possible while erase is taking place?
For SSDs flash the controller chip?
Re: Securely delete all data on external SSD
Posted: Tue Oct 24, 2023 6:35 pm
by CharlesV
Because of the way SSD's 'balance' writing, and none of the makers do strict ATT clearing mechanics.. there 'technically' is no method to guarantee even a 0 wipe will 'over write' everything on an SSD.
You CAN get pretty darn close by wiping, then destroying partitions and creating several partitions, (I usually choose three grabbing the entire drive.) Install to it 100% encrypted. Then destroy those and create one partition 100% drive size and encrypt that as well.
Once there, you can pretty much destroy that partition too and create anything you like and nobody will be 'recovering data' from that drive. ***BUT*** someone WILL tell you that *still* you have not 'over written safely' ;=/
Re: Securely delete all data on external SSD
Posted: Tue Oct 24, 2023 7:00 pm
by Charlie Brown
If you can, just do this:
After just 1 pass of zero:
photorec and/or testdisk on Linux
and Recuva (or any other you like (whichever is supposed to be the most powerful/professional)) on Windows (you can find Recuva also on Hiren's BootCD if you don't want/have Windows..)
Then scan..
and let's see what they'll be able to recover :)
Re: Securely delete all data on external SSD
Posted: Wed Oct 25, 2023 8:00 am
by Aronticuz
Charlie Brown wrote: Tue Oct 24, 2023 7:00 pm
If you can, just do this:
After just 1 pass of zero:
photorec and/or
testdisk on Linux
and Recuva (or any other you like (whichever is supposed to be the most powerful/professional)) on Windows (you can find Recuva also on Hiren's BootCD if you don't want/have Windows..)
Then scan..
and let's see what they'll be able to recover :)
mm hmm - acknowledged - will do and ~ let it be henceforth and thenceforward known by all subject and citizen
Dat Charlie Brown - He da Maan!
Re: Securely delete all data on external SSD
Posted: Wed Oct 25, 2023 1:34 pm
by Aronticuz
CharlesV wrote: Tue Oct 24, 2023 6:35 pm
Because of the way SSD's 'balance' writing, and none of the makers do strict ATT clearing mechanics.. there 'technically' is no method to guarantee even a 0 wipe will 'over write' everything on an SSD.
You CAN get pretty darn close by wiping, then destroying partitions and creating several partitions, (I usually choose three grabbing the entire drive.) Install to it 100% encrypted. Then destroy those and create one partition 100% drive size and encrypt that as well.
Once there, you can pretty much destroy that partition too and create anything you like and nobody will be 'recovering data' from that drive. ***BUT*** someone WILL tell you that *still* you have not 'over written safely' ;=/
The best help is always the help when in need.
I was thinking along similar lines - do all I can to obfuscate residuals if residuals do hang around.
And encryption may just attract a hackers attentions?
Usually I test a new drive but the one I received I plopped it into immediate use and it was too slow. 6 minutes on one external drive too 2 hours to partially complete before I quit it in process.
Ah well let it be known that Aronticuz finds all your help very, very helpful and also learns from own mistakes.
Thus! Henceforth and thenceforward let it be known that Charlie Brown has a colleague in CharlesV and both thenceforth greeted as
Yoo Da Maan bro!
Re: Securely delete all data on external SSD
Posted: Wed Oct 25, 2023 1:51 pm
by CharlesV
Re: Securely delete all data on external SSD
Posted: Thu Oct 26, 2023 6:05 pm
by Aronticuz
Just a heads up on this topic.
Reason: making sure have enough copies of my own data to provide continuity in switching over from 21.3 to 23.1 on this machine.
Thanks to all who contributed - you are great
Re: Securely delete all data on external SSD
Posted: Sun Oct 29, 2023 11:54 pm
by BitJam
Charlie Brown wrote: Tue Oct 24, 2023 2:09 pm
Code: Select all
sudo dd if=/dev/zero of=/dev/sdX conv=noerror,sync,notrunc status=progress
It's also possible to add , say, bs=1M or say 4M to make it faster, but without that (the above way) will be "bit-for-bit" (perfect)..
...Just change the /dev/zero to /dev/random (when needed) and of=/dev/sdX to whatever it is, say ../nvme0
IMO /dev/urandom is far better than /dev/zero for this. Perhaps it was a coincidence but one of the few times I've had a fairly new flash memory device fail was when I wrote a bunch of zeroes to it.
Re: Securely delete all data on external SSD
Posted: Mon Nov 20, 2023 5:22 pm
by Aronticuz
@BitJam hey thanks for this - it will be helpful going forward
Re: Securely delete all data on external SSD
Posted: Tue Jan 16, 2024 10:14 pm
by errorik
Thanks Charlie and Charles. Just finished zeroing my 250GB NVME.
Just cleaning up my mess of daily and spare SSD's and flash drives.
This thread got me thinking of writing a custom dataset. One that the potential "lulz" seeker would have to "un-see".
A typical zero pass and fresh install should be fine for my uses. I typically get free hardware from an IT friend.
His clients NEED the latest. I had to start saying "No". The amount of e-waste is overwhelming.
It is prudent to protect your data. I find it to be a losing battle. Because Microsoft, Google, Apple and others are
harvesting our data at every turn.
Re: Securely delete all data on external SSD
Posted: Wed Jan 17, 2024 3:59 am
by Aronticuz
errorik wrote: Tue Jan 16, 2024 10:14 pm
abridged ...
It is prudent to protect your data. I find it to be a losing battle. Because Microsoft, Google, Apple and others are
harvesting our data at every turn.
Agreed - but like any home protection system if they want to get in and they have skills to do so then they will.
It is more along lines of being prudent and ensuring personal data is not flaunted to general public.