Securely delete all data on external SSD [Solved]

[Aronticuz]

Hi
Background
I need to dispose/return a SSD drive and need to erase all data on the drive first.

Help
How to do that using MX linux?

Thanks!


ps yes I have 23.1 on the other computer. It looks fine end of ps

QSI

Code: Select all

System:    Kernel: 6.1.0-12mx-ahs-amd64 [6.1.52-1~mx21ahs] x86_64 bits: 64 compiler: gcc v: 10.2.1 
           parameters: BOOT_IMAGE=/boot/vmlinuz-6.1.0-12mx-ahs-amd64 root=UUID=<filter> ro hush 
           loglevel=0 quiet init=/lib/systemd/systemd 
           Desktop: KDE Plasma 5.20.5 wm: kwin_x11 vt: 7 dm: SDDM 
           Distro: MX-21.3_KDE_x64 Wildflower January 15  2023 
           base: Debian GNU/Linux 11 (bullseye) 
Machine:   Type: Mini-pc Mobo: AZW model: S5 v: V1.0 serial: <filter> 
           UEFI: American Megatrends LLC. v: 5800H502 date: 02/15/2023 
CPU:       Info: 8-Core model: AMD Ryzen 7 5800H with Radeon Graphics bits: 64 type: MT MCP 
           arch: Zen 3 family: 19 (25) model-id: 50 (80) stepping: 0 microcode: A50000D cache: 
           L2: 4 MiB 
           flags: avx avx2 lm nx pae sse sse2 sse3 sse4_1 sse4_2 sse4a ssse3 svm bogomips: 102206 
           Speed: 1300 MHz min/max: 1200/3200 MHz boost: enabled Core speeds (MHz): 1: 1300 
           2: 1200 3: 1300 4: 1200 5: 2077 6: 1200 7: 1200 8: 1200 9: 1200 10: 3200 11: 1200 
           12: 1200 13: 1200 14: 1200 15: 1300 16: 1200 
           Vulnerabilities: Type: gather_data_sampling status: Not affected 
           Type: itlb_multihit status: Not affected 
           Type: l1tf status: Not affected 
           Type: mds status: Not affected 
           Type: meltdown status: Not affected 
           Type: mmio_stale_data status: Not affected 
           Type: retbleed status: Not affected 
           Type: spec_rstack_overflow mitigation: safe RET, no microcode 
           Type: spec_store_bypass mitigation: Speculative Store Bypass disabled via prctl 
           Type: spectre_v1 mitigation: usercopy/swapgs barriers and __user pointer sanitization 
           Type: spectre_v2 mitigation: Retpolines, IBPB: conditional, IBRS_FW, STIBP: always-on, 
           RSB filling, PBRSB-eIBRS: Not affected 
           Type: srbds status: Not affected 
           Type: tsx_async_abort status: Not affected 
Graphics:  Device-1: AMD Cezanne driver: amdgpu v: kernel bus-ID: 04:00.0 chip-ID: 1002:1638 
           class-ID: 0300 
           Display: x11 server: X.Org 1.20.14 compositor: kwin_x11 driver: loaded: amdgpu,ati 
           unloaded: fbdev,modesetting,vesa display-ID: :0 screens: 1 
           Screen-1: 0 s-res: 1920x1080 s-dpi: 96 s-size: 508x285mm (20.0x11.2") 
           s-diag: 582mm (22.9") 
           Monitor-1: HDMI-A-0 res: 1920x1080 hz: 60 dpi: 85 size: 575x323mm (22.6x12.7") 
           diag: 660mm (26") 
           OpenGL: renderer: AMD RENOIR (LLVM 14.0.5 DRM 3.49 6.1.0-12mx-ahs-amd64) 
           v: 4.6 Mesa 22.0.5 direct render: Yes 
Audio:     Device-1: AMD Renoir Radeon High Definition Audio driver: snd_hda_intel v: kernel 
           bus-ID: 04:00.1 chip-ID: 1002:1637 class-ID: 0403 
           Device-2: AMD ACP/ACP3X/ACP6x Audio Coprocessor driver: snd_rn_pci_acp3x v: kernel 
           alternate: snd_pci_acp3x,snd_pci_acp5x,snd_pci_acp6x bus-ID: 04:00.5 chip-ID: 1022:15e2 
           class-ID: 0480 
           Device-3: AMD Family 17h/19h HD Audio driver: snd_hda_intel v: kernel bus-ID: 04:00.6 
           chip-ID: 1022:15e3 class-ID: 0403 
           Sound Server-1: ALSA v: k6.1.0-12mx-ahs-amd64 running: yes 
           Sound Server-2: PulseAudio v: 14.2 running: yes 
Network:   Device-1: Realtek RTL8111/8168/8411 PCI Express Gigabit Ethernet driver: r8169 
           v: kernel port: f000 bus-ID: 01:00.0 chip-ID: 10ec:8168 class-ID: 0200 
           IF: eth0 state: up speed: 1000 Mbps duplex: full mac: <filter> 
           Device-2: Intel Wi-Fi 6 AX200 driver: iwlwifi v: kernel modules: wl port: f000 
           bus-ID: 02:00.0 chip-ID: 8086:2723 class-ID: 0280 
           IF: wlan0 state: down mac: <filter> 
Bluetooth: Device-1: Intel AX200 Bluetooth type: USB driver: btusb v: 0.8 bus-ID: 3-3:4 
           chip-ID: 8087:0029 class-ID: e001 
           Report: hciconfig ID: hci0 rfk-id: 6 state: down bt-service: enabled,running rfk-block: 
           hardware: no software: no address: <filter> 
           Info: acl-mtu: 1021:4 sco-mtu: 96:6 link-policy: rswitch sniff link-mode: slave accept 
Drives:    Local Storage: total: 1.38 TiB used: 420.93 GiB (29.9%) 
           SMART Message: Unable to run smartctl. Root privileges required. 
           ID-1: /dev/nvme0n1 maj-min: 259:0 vendor: Kingston model: OM8SEP4512N-A0 
           size: 476.94 GiB block-size: physical: 512 B logical: 512 B speed: 63.2 Gb/s lanes: 4 
           type: SSD serial: <filter> rev: SBM01100 temp: 33.9 C scheme: GPT 
           ID-2: /dev/sda maj-min: 8:0 vendor: Crucial model: CT1000MX500SSD1 size: 931.51 GiB 
           block-size: physical: 4096 B logical: 512 B speed: 6.0 Gb/s type: SSD serial: <filter> 
           rev: 043 scheme: GPT 
Partition: ID-1: / raw-size: 203.12 GiB size: 198.87 GiB (97.91%) used: 21.24 GiB (10.7%) fs: ext4 
           dev: /dev/sda2 maj-min: 8:2 
           ID-2: /boot/efi raw-size: 256 MiB size: 252 MiB (98.46%) used: 283 KiB (0.1%) fs: vfat 
           dev: /dev/sda1 maj-min: 8:1 
           ID-3: /home raw-size: 720.14 GiB size: 707.77 GiB (98.28%) used: 399.14 GiB (56.4%) 
           fs: ext4 dev: /dev/sda4 maj-min: 8:4 
Swap:      Kernel: swappiness: 15 (default 60) cache-pressure: 100 (default) 
           ID-1: swap-1 type: partition size: 8 GiB used: 558.8 MiB (6.8%) priority: -2 
           dev: /dev/sda3 maj-min: 8:3 
Sensors:   Message: No sensor data found. Is lm-sensors configured? 
Repos:     Packages: 2845 note: see --pkg apt: 2832 lib: 1506 flatpak: 13 
           No active apt repos in: /etc/apt/sources.list 
           Active apt repos in: /etc/apt/sources.list.d/debian-stable-updates.list 
           1: deb http://deb.debian.org/debian bullseye-updates main contrib non-free
           Active apt repos in: /etc/apt/sources.list.d/debian.list 
           1: deb http://deb.debian.org/debian bullseye main contrib non-free
           2: deb http://security.debian.org/debian-security bullseye-security main contrib non-free
           Active apt repos in: /etc/apt/sources.list.d/google-chrome.list 
           1: deb [arch=amd64] https://dl.google.com/linux/chrome/deb/ stable main
           Active apt repos in: /etc/apt/sources.list.d/librewolf.list 
           1: deb [arch=amd64] http://deb.librewolf.net bullseye main
           Active apt repos in: /etc/apt/sources.list.d/mx.list 
           1: deb http://mxlinux.mirrors.uk2.net/packages/mx/repo/ bullseye main non-free
           2: deb http://mxlinux.mirrors.uk2.net/packages/mx/repo/ bullseye ahs
Info:      Processes: 338 Uptime: 9h 4m wakeups: 0 Memory: 12.59 GiB used: 3.28 GiB (26.0%) 
           Init: systemd v: 247 runlevel: 5 default: 5 tool: systemctl Compilers: gcc: 10.2.1 
           alt: 10 Client: shell wrapper v: 5.1.4-release inxi: 3.3.06 
Boot Mode: UEFI

[Charlie Brown]

" dd zero "

Simplest. There are also tools, Bleachbit etc.

In the meantime, there are always discussions: on "zero or random" and "1 pass or more"..

But even 1 pass is enough and zero is either faster also better (long story).


So, if you like, you can do: "dd zero" then "dd random" (or the vice versa ...)

All you need is a terminal.


i.e.

Code: Select all

sudo dd if=/dev/zero of=/dev/sdX conv=noerror,sync,notrunc status=progress

It's also possible to add , say, bs=1M or say 4M to make it faster, but without that (the above way) will be "bit-for-bit" (perfect)..


...Just change the /dev/zero to /dev/random (when needed) and of=/dev/sdX to whatever it is, say ../nvme0

Also if it's very big and will take long time, you can first add bs=.. then do it (the last one) plain ...

You can first open power manager and set it to never suspend etc. and plug the AC, then start before going to dinner etc.. (can turn off the monitor manually).

[Aronticuz]

@Charlie Brown You da man Charlie Brown! Da Man!!!

I found reference to nwipe on MX Package Manager > researched nwipe on a famously infamous alt: infamously famous (?) search engine and guess what!

nwipe is available too. It is running now on another computeron 3 standard DOD thingies with a run of zero at the end.

For belt n braces I will follow advice given above as well.

Item closed based on input from Charlie Brown - cos as evribody knows - he da man!

[Charlie Brown]

Thank you so much :)

Added some more info (edited the above).


In the meantime: There's no evident till now that somebody on Earth managed to restore data after just 1 pass of zero . (for those who might wonder)

[Charlie Brown]

Forgot to say: You can stop it anytime you like (say you noticed it'll take very long and you want to try another way..) you can press Ctrl+C and it'll stop (just the rest will stay un-done )

[count-72-on-fingers]

Hello

Just a note, in case anyone finds it helpful...

SSD erasure.
As far as I know there is no certain method of achieving this. The problem is the controller-chip - you cannot be sure that all NAND-cells have been written to. With an HDD the situation is different; you have good tools and can be sure.

When you begin to work with an SSD - if the data you will put on the SSD is highly confidential, consider firstly encrypting the drive before you save anything to it. Then if you wish to recycle or give away the drive just destroy the password and reformat the drive with a new partition table. If more confidentiality is required use tools to physically destroy the drive.

[rijnsma11111]

[..]
If more confidentiality is required use tools to physically destroy the drive.

[Aronticuz]

Thank you so much :)

Added some more info (edited the above).


In the meantime: There's no evident till now that somebody on Earth managed to restore data after just 1 pass of zero . (for those who might wonder)

@Charlie Brown
I ctrl-C outa nwipe when my option jumed from 19 hours completion to 24 hours to complete and looked like it might go on a bit more.

So took your advice and started a run of all zeroes.

Thank you for your help

[Aronticuz]

abridged ..
Then if you wish to recycle or give away the drive just destroy the password and reformat the drive with a new partition table. If more confidentiality is required use tools to physically destroy the drive.

This sounds good to me too.

Naively encrypt juggle stuff about and try a reformat over the encryption?

[Aronticuz]

I did wonder if there is a basis for a mish-mash wipe of randomized nwipe options.

If there are software hacks one way to confuse them MIGHT be to vary those options as randomly as possible while erase is taking place?

For SSDs flash the controller chip?