PDA

View Full Version : New 11" MBA 2011, Cannot Zero Drive




iViking
Jul 21, 2011, 06:09 PM
I just purchased a new 11" MBA. There's no thumb drive, so you reinstall OSX via WiFi. No problem. However, I like to do a clean install and when you go to disk utility, although you can select:

Erase

the option:

Security Options

is grayed out. Security Options is where you find the option to zero the drive.

So if it's grayed out, how does one go about writing zero's to the SSD for a clean install?

Thanks



JD92
Jul 21, 2011, 06:12 PM
I just purchased a new 11" MBA. There's no thumb drive, so you reinstall OSX via WiFi. No problem. However, I like to do a clean install and when you go to disk utility, although you can select:

Erase

the option:

Security Options

is grayed out. Security Options is where you find the option to zero the drive.

So if it's grayed out, how does one go about writing zero's to the SSD for a clean install?

Thanks

Why would you want to zero out the SSD if you're just going to reinstall OS X and use it as normal? The only reason I know of for zeroing out a drive is to prevent someone recovering data if , for example, you sell it.

iViking
Jul 21, 2011, 06:29 PM
Also, when I went to reinstall LION via the internet, the "Customize" button was grayed out, which is another enigma because I wanted to install Lion without all the drivers and languages, etc., to save 3-5 GBs of space.

Any ideas?

EspressoLove
Jul 21, 2011, 08:30 PM
Why would you want to zero out the SSD if you're just going to reinstall OS X and use it as normal? The only reason I know of for zeroing out a drive is to prevent someone recovering data if , for example, you sell it.

He wanted to have a clean install, without crap for newbies and possibly with no Lion.installer occupying a separate partition ...
I just purchased a new 11" MBA. There's no thumb drive, so you reinstall OSX via WiFi. No problem. However, I like to do a clean install ...
... I wanted to install Lion without all the drivers and languages, etc., to save 3-5 GBs of space.



Any ideas?
I'd create a USB thumbdrive with Lion installer, and start from there ....
If it still doesn't give you options you look for (Apple was de-geek-ifying even Mac OSX these days agressivey :confused: did they go this far ?:eek:)
then make a USB drive with 10.6 (10.5?) installation or installer and try disk utility from there ....

P.S. please report here, as I'm yet to upgrade amongst a lot of us here :rolleyes:

KPOM
Jul 21, 2011, 08:33 PM
Zeroing out an SSD is ineffective because of the way data is written to them. It's a larger issue that does require solving before enterprises will adopt SSDs on a mass scale. They are too expensive to physically destroy, but also can be difficult to properly wipe.

Insilin1i
Jul 21, 2011, 08:45 PM
Restart your computer while holding Command - R. This will let you reinstall Mac OSX though I'm not sure if it is what you are looking for.

It's page 42 of the manual found here http://manuals.info.apple.com/en_US/macbook_air_13inch_mid2011_ug.pdf

Stetrain
Jul 21, 2011, 09:17 PM
He wanted to have a clean install, without crap for newbies and possibly with no Lion.installer occupying a separate partition ...

Why would that require a secure zeroing of the drive rather than just a normal erase?

eyespii
Jul 29, 2011, 08:27 PM
is there an answer to this? I'm returning my 13" MBA and wanted to zero out the drive before giving it back, but the option is greyed out.

KPOM
Jul 29, 2011, 08:30 PM
is there an answer to this? I'm returning my 13" MBA and wanted to zero out the drive before giving it back, but the option is greyed out.

Use the Erase Free Space option after you delete your files. It's still available.

eyespii
Jul 29, 2011, 08:31 PM
Use the Erase Free Space option after you delete your files. It's still available.

It's grayed out as well.

eyespii
Jul 29, 2011, 08:40 PM
both security options are grayed out...

ntrigue
Sep 12, 2011, 01:35 AM
I would appreciate an answer to the clean install question. Is it best to just delete GarageBand?

NutsNGum
Sep 12, 2011, 02:07 AM
Perhaps they've disabled the option on the SSDs due to the significant number of writes a zero-ing requires. If what I've read is the case, it would have the potential to significantly reduce the lifespan of the drive, if not render it completely unusable.

Gregintosh
Sep 12, 2011, 10:00 AM
I noticed when doing an installation of Snow Leopard on the last gen MacBook Air that by default they DO NOT install all the printer drivers. But they do install 1.6GB worth of language translations.

iLife is not installed by default when you reformat. After you finish reinstalling Lion on your new MacBook Air, you will NOT have iLife anymore. You will have to go to the App store and download it from there (from the purchased section). You will be able to install iPhoto, Garageband, and iMovie separately, so just pick the ones you want and you can skip Garageband.

Just make sure you go to the App store and "claim" it (it will appear under purchased items when you turn the App store on, and once you log in you will be able to claim it) before you reformat (though I assume it will appear there regardless).

JPizzzle
Sep 12, 2011, 10:17 AM
From what I've read you cannot zero out an SSD. This is not just an apple issue from my understanding.

flight
Sep 12, 2011, 01:24 PM
There's a discussion here (http://forums.macrumors.com/showthread.php?t=1222632) about secure erase and SSD's. There are some interesting links posted regarding the differences between zero-ing hard disks and solid-state drives. The option is likely grayed due to a combination of avoiding wear and the ineffectiveness.

DieterRams
Sep 15, 2011, 11:46 AM
Any definitive answer here? I need to secure erase my MBA in order to return it to Apple by late afternoon today. The Security Options button is greyed out, the only one available is just "Erase". I clicked and reinstalled Lion but I'd rather do a secure erase to ensure that my data is completely unrecoverable. Anyone know for sure?

KPOM
Sep 15, 2011, 11:59 AM
Any definitive answer here? I need to secure erase my MBA in order to return it to Apple by late afternoon today. The Security Options button is greyed out, the only one available is just "Erase". I clicked and reinstalled Lion but I'd rather do a secure erase to ensure that my data is completely unrecoverable. Anyone know for sure?

There really aren't many good options for an SSD. If you have a Linux boot drive, you could try booting into it and doing a secure erase of your OS X partition. One option to try is to simply copy dummy data to fill the drive, but that isn't 100% effective for the same reason that the wipe free space option doesn't work.

Is there a particular reason you are returning the Air (seeing as you just recently purchased it)? If it's to replace a faulty screen or something similar, perhaps you can ask them if they can simply swap out the SSD and put it in your new one. They usually don't do that, but it's worth a shot.

DieterRams
Sep 15, 2011, 01:30 PM
KPOM, thanks for your reply. I'm returning because I'm thinking I'd rather go for the 13". I bought the 11" to try out. No Linux drive here either.

So there is no real option? And even if there are some options, none of them really work?

alecgold
Sep 15, 2011, 01:58 PM
you need to click on 121.33 Gb Apple SSD to be able to pick erase free space.
Otherwise you can only select to erase, which erases your entire disk.

DieterRams
Sep 15, 2011, 02:19 PM
I've clicked on all options on the left and none of them enable the "Erase Free Space" or "Security Options" buttons.

GekkePrutser
Sep 15, 2011, 03:31 PM
I zeroed out my 11" yesterday (through Disk Utility) and it worked fine. I did have to boot into recovery mode though, command-R on bootup.

It didn't show it at first but after I mounted my (FileVault-protected) partition I was able to select Secure Erase from the Erase tab. So it was available but only under certain conditions.

One thing to note was that after a reboot it wouldn't get back into recovery mode, it had to do the whole internet boot thing (which somehow wasn't compatible with my router, so I had to find another router). It then downloaded a new recovery image and I could then reinstall Lion over the Internet. Took about 2 hours over 25mbit.

So it must have zeroed out the recovery partition as well, strange because I was expecting for it to leave that alone automatically.

KPOM
Sep 15, 2011, 03:35 PM
KPOM, thanks for your reply. I'm returning because I'm thinking I'd rather go for the 13". I bought the 11" to try out. No Linux drive here either.

So there is no real option? And even if there are some options, none of them really work?

Probably the best option is to turn on FileVault2 and encrypt the contents of the drive. That way, if someone does access your data, it's encrypted anyway.

DieterRams
Sep 15, 2011, 03:57 PM
I zeroed out my 11" yesterday (through Disk Utility) and it worked fine. I did have to boot into recovery mode though, command-R on bootup.

It didn't show it at first but after I mounted my (FileVault-protected) partition I was able to select Secure Erase from the Erase tab. So it was available but only under certain conditions.

One thing to note was that after a reboot it wouldn't get back into recovery mode, it had to do the whole internet boot thing (which somehow wasn't compatible with my router, so I had to find another router). It then downloaded a new recovery image and I could then reinstall Lion over the Internet. Took about 2 hours over 25mbit.

So it must have zeroed out the recovery partition as well, strange because I was expecting for it to leave that alone automatically.

So it only shows if you FileVault-protect your Macintosh HD partition? Otherwise, it won't show? If so, then only an encrypted partition will be allowed to secure erase and it won't let you for a non-encrypted partition?

----------

Probably the best option is to turn on FileVault2 and encrypt the contents of the drive. That way, if someone does access your data, it's encrypted anyway.

I see, but I guess it's too late for that now right?

AlecEdworthy
Sep 15, 2011, 04:01 PM
So it only shows if you FileVault-protect your Macintosh HD partition? Otherwise, it won't show? If so, then only an encrypted partition will be allowed to secure erase and it won't let you for a non-encrypted partition?
This will be because "securely erasing" an encrypted storage medium (be it flash, SSD, hard drive, CD etc.) can be achieved by trashing the encryption keys. Once this is done the storage device is still full of your data but it is useless because it is just unintelligible noise to all intents and purposes. This isn't secure wiping, it just renders the data useless. In the case of a hard drive, after trashing the keys the hard drive will then go on a perform a secure erase as normal, on an SSD this will not happen AFAIK. The same technique is used for iPhone/iPod Touch/iPad for wiping the device (remotely or locally). It just trashes the encryption key once again.

Alec

KPOM
Sep 15, 2011, 04:42 PM
So it only shows if you FileVault-protect your Macintosh HD partition? Otherwise, it won't show? If so, then only an encrypted partition will be allowed to secure erase and it won't let you for a non-encrypted partition?

----------



I see, but I guess it's too late for that now right?

You can activate FileVault2 at any time. It only took me about 30 minutes to encrypt about 70GB of data on my 11" i7.

ntrigue
Sep 15, 2011, 10:18 PM
This will be because "securely erasing" an encrypted storage medium (be it flash, SSD, hard drive, CD etc.) can be achieved by trashing the encryption keys. Once this is done the storage device is still full of your data but it is useless because it is just unintelligible noise to all intents and purposes. This isn't secure wiping, it just renders the data useless. In the case of a hard drive, after trashing the keys the hard drive will then go on a perform a secure erase as normal, on an SSD this will not happen AFAIK. The same technique is used for iPhone/iPod Touch/iPad for wiping the device (remotely or locally). It just trashes the encryption key once again.

Alec

I turned on FV2 and then restored the Air as new before returning.

GekkePrutser
Sep 19, 2011, 04:22 AM
This will be because "securely erasing" an encrypted storage medium (be it flash, SSD, hard drive, CD etc.) can be achieved by trashing the encryption keys. Once this is done the storage device is still full of your data but it is useless because it is just unintelligible noise to all intents and purposes. This isn't secure wiping, it just renders the data useless.

This is not what it did on my Air. It did do a full wipe. Otherwise it wouldn't have taken 15 minutes.

DieterRams
Sep 21, 2011, 05:27 PM
This will be because "securely erasing" an encrypted storage medium (be it flash, SSD, hard drive, CD etc.) can be achieved by trashing the encryption keys. Once this is done the storage device is still full of your data but it is useless because it is just unintelligible noise to all intents and purposes. This isn't secure wiping, it just renders the data useless. In the case of a hard drive, after trashing the keys the hard drive will then go on a perform a secure erase as normal, on an SSD this will not happen AFAIK. The same technique is used for iPhone/iPod Touch/iPad for wiping the device (remotely or locally). It just trashes the encryption key once again.

Alec

I see but the original guy I'm quoting said he actually saw the options available and used them. So how is that possible? And even if it is, it seems that a secure erase option does nothing on SSD but no one is absolutely sure?

DieterRams
Sep 21, 2011, 10:15 PM
Also, how much does FileVault slow down computer performance? Does it at all? I'm afraid I'm not at all familiar with it and how it may affect my usage. I take it whenever I save anything, whether big or small, there is a performance hit of some sort due to it encrypting everything - is this true?

AlecEdworthy
Sep 22, 2011, 12:59 AM
Also, how much does FileVault slow down computer performance? Does it at all? I'm afraid I'm not at all familiar with it and how it may affect my usage. I take it whenever I save anything, whether big or small, there is a performance hit of some sort due to it encrypting everything - is this true?
See this review on osx daily (http://osxdaily.com/2011/08/10/filevault-2-benchmarks-disk-encryption-faster-mac-os-x-lion/). It looks like very little impact. The one issue is that it stops software designed to help you track your laptop down if it's stolen from working by requiring a username and password at boot time (whereas the software which helps you to track you Mac relies on the miscreant being able to access an account on the device, a guest account for instance).

Alec

DieterRams
Sep 22, 2011, 09:16 AM
See this review on osx daily (http://osxdaily.com/2011/08/10/filevault-2-benchmarks-disk-encryption-faster-mac-os-x-lion/). It looks like very little impact. The one issue is that it stops software designed to help you track your laptop down if it's stolen from working by requiring a username and password at boot time (whereas the software which helps you to track you Mac relies on the miscreant being able to access an account on the device, a guest account for instance).

Alec

Ah, thank you for the information, I was planning on running that tracking software actually. So it seems there's a choice here. Either run FileVault and have my data protected no matter what but not be able to use tracking software in case it gets stolen, or don't run FileVault and be able to use tracking software but my data is retrievable even if I do a standard erase with disk utility. Do I have that right? Which would you choose?

It seems funny to me (as well as annoying) that there is no guaranteed way of securely erasing an SSD like you could with a hard drive with a 7-pass erase or something equivalent.

GekkePrutser
Sep 22, 2011, 03:20 PM
I see but the original guy I'm quoting said he actually saw the options available and used them. So how is that possible? And even if it is, it seems that a secure erase option does nothing on SSD but no one is absolutely sure?

Secure Erase is possible - I did do it to the 11" Air I returned. Used the normal Disk Utility in the preinstalled recovery image, I just had to unlock the drive to do it (by entering the password).

And yes it does do something, it was busy for 15 minutes and on an SSD that means it was doing a lot of writing. Basically what it does is overwrite the whole filesystem with zeroes (or repeatedly with multiple values if you choose a really high setting, which I would not recommend on an SSD because of the extra wear).

Writing zeroes does delete data, but the way SSDs work is that they move blocks around on every write. They have a spare capacity (between 8 and 20% or so) for their wear levelling algorithm and to cope with failed blocks due to wear.

The problem about doing a single pass (zeroeing the drive) is that you won't be deleting the spare capacity. However this isn't a big deal because there is no way to get the spare blocks (since they're marked as 'Spare' the SSD will never read from them until they are overwritten again with new data). The only way to get to them is by reading directly from the chips (and destroying the SSD), and because you have a random 8-20% of blocks from the drive it will be very hard to get any useful data from it. It will also require specialized equipment.

However zeroing the drive does make the 'visible' (to the computer) drive space completely blank. And yes, that does do something. If you don't do this, even without the password someone may be able to get data from it if for example they find the recovery key that is made when FileVault2 creates a new volume. If the volume was not encrypted then it will be fairly easy to recover some data.

Due to the wear & tear I wouldn't recommend zeroing an SSD much but in the event of handing it over to a third party (such as when selling or returning a laptop) it does, in my view, make much sense to zero the drive first.

hfg
Sep 22, 2011, 07:36 PM
This will be because "securely erasing" an encrypted storage medium (be it flash, SSD, hard drive, CD etc.) can be achieved by trashing the encryption keys. Once this is done the storage device is still full of your data but it is useless because it is just unintelligible noise to all intents and purposes. This isn't secure wiping, it just renders the data useless. In the case of a hard drive, after trashing the keys the hard drive will then go on a perform a secure erase as normal, on an SSD this will not happen AFAIK. The same technique is used for iPhone/iPod Touch/iPad for wiping the device (remotely or locally). It just trashes the encryption key once again.

Alec

How exactly do you "trash the keys" after you encrypt the drive?

Thanks,
-howard

jon08
Sep 27, 2012, 05:31 AM
Hey guys, I'll be selling my SSD in the Macbook Pro real soon and since the "Security Options" is grayed out for me in Disk Utility, I'm trying to figure out a different way of preventing anyone to access my *erased* data once I've sold the SSD.

Therefore, I'm thinking of encrypting my partition with FileVault. Could someone please instruct me what exactly am I supposed to do?

1. Turn on FileVault
2. Boot into Safe Mode
3. Will I be able to erase my SSD securely? If not, do I simply select the "Erase" option and I'll be safe anyway, since all my data has been encrypted with FileVault?

Thanks!