[MacTUG] Secure Erase of SSDs
Peter Schepers
schepers at uwaterloo.ca
Fri Nov 9 11:24:59 EST 2018
I’m never 100% sure of erasure on SSDs. From vendor tools that are *supposed* to wipe using the ATA Erase command but fail, to encrypting/formatting, to simply wiping the disk (like an HD) 3 times… which is best? I wish a vendor would come up with some guidelines.
I’m not convinced that encrypting will do all the sectors on the entire disk. And therefore encrypting and then wiping could still leave some old data around.
My thinking is still to do a standard HD wipe 3 times. First pass covers about 95% of the surface, less the reserved space. A second pass should do the reserved space as well. Wear levelling should insure that everything is done after the second pass, so the 3’rd pass is a guarantee. And you’ve lost about 3 lives.
Of course a lot of what people “know” about SSDs is mostly conjecture. The folks that write the firmware keep things close to their chests.
PS
From: Donald Duff-McCracken
Sent: Monday, November 5, 2018 2:37 PM
To: MacTUG <mactug at mailman.uwaterloo.ca>
Cc: Peter Schepers <peter.schepers at uwaterloo.ca>
Subject: Re: [MacTUG] Secure Erase of SSDs
Peter, I am looping you in on this one as I am trying to remember the details of a Friday morning seminar you gave many moons ago…
I believe that you said that a normal “secure erase” does not work because as there is a portion of the SSD that is always reserved for its own use (for things like file allocation tables) and unlike the partition that would be reserved for such things on a conventional disk, on an SSD this space is always changing. Which means that a secure erase may not get all the bits of the SSD that have had data written to them.
I believe you said the best solution is to erase the disk and then encrypt is and reformat is while encrypted. Is that right?
If so I think the protocol here follows along that line of thinking…
https://www.macobserver.com/tips/how-to/securely-erase-macs-ssd/
------------------------------------
Donald Duff-McCracken
Technical Services Manager
Mapping, Analysis & Design
Faculty of Environment
University of Waterloo
(519) 888-4567 x32151
https://uwaterloo.ca/environment-computing/about/people
------------------------------------
The information in this message, including any attachments, may contain confidential information intended only for the person(s) named above. Any other distribution, copying or disclosure which is not necessary and proper in the discharge of the University's functions is strictly prohibited. If you are not the intended recipient or have received this message in error, please notify us immediately by reply e-mail and permanently delete the original transmission from us, including any attachments, without making a copy. Thank you.
From: <mactug-bounces at lists.uwaterloo.ca<mailto:mactug-bounces at lists.uwaterloo.ca>> on behalf of Dani Roloson <daroloso at uwaterloo.ca<mailto:daroloso at uwaterloo.ca>>
Date: Monday, November 5, 2018 at 2:26 PM
To: MacTUG <mactug at mailman.uwaterloo.ca<mailto:mactug at mailman.uwaterloo.ca>>
Cc: Chris Roth <cmroth at uwaterloo.ca<mailto:cmroth at uwaterloo.ca>>
Subject: [MacTUG] Secure Erase of SSDs
Colleague has a question about preparing Macs for surplus and is wondering what others do on campus.
------------------------------------------------------
What is the best way to securely erase the SSD in an Apple computer that is going to surplus?
The Apple web site: https://support.apple.com/en-ca/HT208496
How to erase a disk for Mac - Apple Support<https://support.apple.com/en-ca/HT208496>
support.apple.com
Use Disk Utility to erase (format) a hard disk, flash drive, or other storage device for Mac.
says to use Disk Utility – it does not specify that a particular version has to be used. Article is from September 2018.
In general, data on SSDs can be rendered unreadable by encrypting the drive and then removing the encryption key, but how to do this in MacOS?
---------------------------------------------
Christine Roth
MFCF
MC3068 X36463
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.uwaterloo.ca/pipermail/mactug/attachments/20181109/e16677d9/attachment.html>
More information about the MacTUG
mailing list