Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

How to securly erase all data in SSD of rMBP?

H

hajime

macrumors 604
Original poster
Jul 23, 2007
7,733
1,217
Sorry I am moving forum. I am looking for a way to securely erase all the data in the SSD of the rMBP provided by my employer. What is the best way to do it besides setting up a new account with admin right and then delete my current account from there and then reformat? Does this method erase all the data in the ssd so that they cannot be retrieved even by IT?
 
Tumbleweed666

Tumbleweed666

macrumors 68000
Mar 20, 2009
1,761
141
Near London, UK.
It depends upon your definition of "securely". Seriously.
With SSDs there may always be some data left than can in theory be accessed by a determined person.
If your employer is the NSA or CIA or Shin Bet you need to destroy the drive physically.
If your employer is an ordinary company then just do a one pass erase writing zeroes with disk utility since there is literally no additionally benefit doing more with an SSD.
 
Weaselboy

Weaselboy

Moderator
Staff member
Jan 23, 2005
34,133
15,596
California
hajime said:
Sorry I am moving forum. I am looking for a way to securely erase all the data in the SSD of the rMBP provided by my employer. What is the best way to do it besides setting up a new account with admin right and then delete my current account from there and then reformat? Does this method erase all the data in the ssd so that they cannot be retrieved even by IT?
Click to expand...

The normal "secure erase" option in Disk Util will be greyed out since you have a flash storage device and secure erase degrades the drive.

Do this instead... go into the Security and Privacy pane of System Preferences and turn on Filevault encryption than way for the encryption to complete. Then turn off the Mac.

Now turn it on while holding the command-option-r keys all three at once. You will see a spinning wheel while the recovery tool downloads. It will look like this.

Xm7rMyl.png


From this screen start Disk Utility and select the drive brand name at the very top of the left column above Macintosh HD. Then go to the erase tab and format the entire disk to Mac OS Extended (Journaled).

Then quite Disk Util and click reinstall OS and the ~5GB OS will download and install. This will give you a drive with nothing on it except the OS that came with the machine.

The idea is that you have erased an encrypted core storage volume and even if someone managed to unerase some of it, it would still be encrypted.
 
H

hajime

macrumors 604
Original poster
Jul 23, 2007
7,733
1,217
Weaselboy said:
The normal "secure erase" option in Disk Util will be greyed out since you have a flash storage device and secure erase degrades the drive.

Do this instead... go into the Security and Privacy pane of System Preferences and turn on Filevault encryption than way for the encryption to complete. Then turn off the Mac.

Now turn it on while holding the command-option-r keys all three at once. You will see a spinning wheel while the recovery tool downloads. It will look like this.

Xm7rMyl.png


From this screen start Disk Utility and select the drive brand name at the very top of the left column above Macintosh HD. Then go to the erase tab and format the entire disk to Mac OS Extended (Journaled).

Then quite Disk Util and click reinstall OS and the ~5GB OS will download and install. This will give you a drive with nothing on it except the OS that came with the machine.

The idea is that you have erased an encrypted core storage volume and even if someone managed to unerase some of it, it would still be encrypted.
Click to expand...

Thanks. Before I do this, will it be better if I also create another admin account and delete the account I use all the time? By combining these two methods, can they find a way to retrieve the data?

My evil boss worked for a government on forensic-related research. I don't want him to have access to the data.
 
Weaselboy

Weaselboy

Moderator
Staff member
Jan 23, 2005
34,133
15,596
California
hajime said:
Thanks. Before I do this, will it be better if I also create another admin account and delete the account I use all the time? By combining these two methods, can they find a way to retrieve the data?

My evil boss worked for a government on forensic-related research. I don't want him to have access to the data.
Click to expand...

That would sure not hurt, but I have not read of anybody able to crack FV encryption.
 
chown33

chown33

Moderator
Staff member
Aug 9, 2009
10,740
8,416
A sea of green
hajime said:
Thanks. Before I do this, will it be better if I also create another admin account and delete the account I use all the time? By combining these two methods, can they find a way to retrieve the data?

My evil boss worked for a government on forensic-related research. I don't want him to have access to the data.
Click to expand...

Repeat the process (total of 2 times, with different keys). Overwriting with encrypted data once, then overwriting that again with data encrypted under a different key is about as close as you can get to a secure-erase of an SSD.

If you're more paranoid, repeat it more times.

Or just remove the SSD and smash it into tiny little pieces.
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom