Secure Erase HDDs/SSDs(SATA/NVMe) using hdparm & nvme-cli on Linux

[Vasudev]

Hey everyone, I wanted to post a new thread dedicated for secure wiping SSD/HDDs after I tried hdparm and nvme-cli. I wasn't willing to share it initially, since it maybe dangerous if used incorrectly! Anyway, I posted this guide after searching many sources and made it as simple as possible! I've linked the sources at the end of the post. For images, I'm using Imgur so if anyone has any issues with images not loading or staying blank, please let me know!

I must warn everyone that incorrect name for example /dev/sdX can wipe out other drives, so backup.. backup... so as to prevent data loss. Don't hold me responsible for lost data.

For newbies, I'd recommend using Ubuntu ISO( I used Xubuntu distro) since it includes all necessary packages without needing to download anything from repos. For people who use other distros Gnome disk utility,gparted and nvme-cli packages are recommended to be installed for ease of use.

Don't forget to Backup your data before proceeding.

1. Open Gnome disk utility aka Disks and see the Disk name sdX you want to erase. My SSD is sdb, so I'm using /dev/sdb and yours might be different.

 

hdparm -I /dev/sdb

 

The output should look something similar to mine aside from terminal colors and background:

 

2. If you see Frozen then you can Suspend the PC just to get rid off it when waking from Suspend state. The command is shown below:

 

 

3. Once its woken from suspend/sleep mode you will see Not frozen when running hdparm -I /dev/sdX, subsitute X with your SSD or disk name.

4. You need to set a Password for Secure erase or Secure Erase enhanced to work. For the sake of simplicity, I'm using 'p' as a password and the command is:

hdparm --user-master u --security-erase p /dev/sdb

 

5. Now lets secure erase SSDs, I'm using Secure SSD Enhanced since my drive supports it. It works for 2.5" SATA and M.2 SATA versions perfectly!

 

6. It will take under a minute to secure erase a SSD.
7. I re-initialised the SSD using gparted by using gpt as shown in the link here (optional step) I used it to create a fresh filesystem table so that HPA and other things are reset to defaults just like a new drive.

For NVMe drives:

8. Assuming nvme-cli package is installed, let's query list of NVMe installed in the system using:

sudo nvme list

 

 

9. Follow Step 2 if you never suspended the Ubuntu or Linux LiveCD environment to un-freeze the disks.
10. Check if the NVMe drives support Secure erase or not: (As always if you've multiple NVMe disks choose appropriate name. If in doubt, check Gnome disk aka Disks or gparted for detailed info.)

nvme id-ctrl -H /dev/nvme0

 

Format NVMe support for basic formatting of NVME disk(s):

Secure erase or crypto erase:

11. Format NVMe drive(s) with Secure Erase command:

Code:

nvme format /dev/nvme0 --ses=1

 

You will get a Success message or statement once NVMe secure erase is done, it takes a little more time than SATA so be patient! and once complete, follow Step 7 for best results.

 

Spoiler

Sources:
SATA SES:
https://grok.lsu.edu/article.aspx?articleid=16716

nvme secure erase:

http://blog.pythonaro.com/2018/05/how-to-securely-wipe-nvme-drive.html
https://tinyapps.org/docs/nvme-secure-erase.html
https://github.com/linux-nvme/nvme-cli/blob/master/Documentation/nvme-format.txt
https://www.mankier.com/1/nvme-format

 

[Vasudev]

@RecieverI have added my secure erase sata/nvme ssd guide.

[Reciever]

8 minutes ago, Vasudev said:

@RecieverI have added my secure erase sata/nvme ssd guide.

Thanks! 

 

Let me know if you have issues with posting guides (in terms of formatting or unjustified difficulties) and we will do what we can to facilitate. :) 

[jaybee83]

good guide bud, ive personally been using parted magic in a live ram environment via usb stick to properly reset my ssds every once in a while. helps keep them fresh performanse-wise!

[Vasudev]

Thanks Jaybee.