How to secure erase your SSD's on a Mac

Discussion in 'Mac Pro' started by VirtualRain, Dec 29, 2009.

  1. VirtualRain, Dec 29, 2009
    Last edited: Oct 8, 2011

    macrumors 603

    VirtualRain

    Joined:
    Aug 1, 2008
    Location:
    Vancouver, BC
    #1
    UPDATE: with TRIM now available for those SSDs that support it (as most do nowadays) this procedure is no longer required. If you have an early drive (eg Intel G1) then you will want to do this secure erase perhaps once a year to keep your SSD at top performance.

    For those not familiar, secure-erase is an ATA command that most SSD controllers will recognize (i.e. Intel) that will mark all NAND blocks as free, thus returning the drive to the "factory" state and maximum performance.

    Unfortunately, executing this command can be extremely troublesome as it turns out. HDDErase is the most common utility, but requires a BIOS equipped computer to run (aka a PC). Even then, SATA controller and BIOS support for this utility is spotty at best... it wouldn't work on my friends Dell PC and there are numerous reports across a variety of forums of all kinds of motherboards failing to work with this utility.

    Fortunately, I was able to piece a couple of nuggets together from a couple of different sources that actually allowed me to execute the secure-erase on my 2009 Mac Pro. (BTW, I can't see why this won't work on any Intel Mac from laptops to workstations).

    Here's what's required:

    To keep things simple, I would recommend you pull all your other SSD's and HDD's from your Mac Pro... only use the optical drive and the target drive (one at a time if you have multiple).

    #1 Prep your SSD's by ensuring their firmware is up to date. For Intel SSD's this thread may help in that regard (post #11)... http://forums.macrumors.com/showthread.php?t=686672

    #2 Unfreeze your SSD: This is required because the firmware for the on-board SATA connectors "freezes the drive" (to use the ATA nomenclature) making it unable to accept the secure-erase command. There are at at least 3 reported ways to solve this...

    Option A: Attaching the target drive via a USB enclosure eliminates this issue. This is the method I used. Get A USB enclosure or dock for your SSD. Apparently eSATA enclosures may also work if that's more convenient for you.

    Option B: Use the Disconnect/Reconnect method. There are a few people reporting success with unfreezing their drives using the technique of disconnecting and reconnecting them to the Sata connection during boot... Here's the process in detail from post #69:

    Option C: Sleep the computer to unfreeze the drive? This hasn't been verified with the Linux disk recommended below but people have reported success with this method using Ubuntu 10.04 LTS (see post #100 and post #142 and post #168 and post #169)

    #3 Prep a GParted Live bootable Linux CD. Burn the following ISO to a blank CD or DVD to boot with (using either Disk Utility or your favorite burning utility)...
    http://sourceforge.net/projects/gparted/files/gparted-live-stable/

    Of course, to boot this you have to hold the "Option" key during startup to invoke the startup disk options... select the CD. At the end of the boot sequence, you have the option to use the X GUI or command line. The GUI mode does not support widescreen display resolutions. So unless you have an old-school 4:3 monitor around (like I did), or your display supports 4:3 resolutions (the 24" ACD does not), you will have to use the command line.

    If you get to the GUI, you will get a screen that looks like this...

    [​IMG]

    The key benefit of the GUI is getting the device ID for the drive as circled above. However, if you don't get the GUI, and you only have one drive (the target SSD) connected as I recommended, then it will always assign the device ID of "/dev/sda" so you don't really need the GUI.

    #4 Command Line Steps. Armed with the device ID or assuming "/dev/sda" if you never got to the GUI, you then follow these instructions exactly... (you can get to the command line from the GUI by double-clicking the "Terminal" icon)
    http://peter.membrey.hk/2011/09/11/...structions-on-how-to-securely-erase-your-ssd/

    Notes on the command line steps:
    - These steps will wipe all your data... be sure you have backed up or don't care about loosing the contents of your drive
    - Step 1: the first time I entered the hdparm command at the command line, I got an error. Try again. For some reason, it always gave me an error the first time but then worked properly for all subsequent commands.
    - Step 1A: This is enabled by using the USB enclosure mentioned above. If you try to do this operation with the SSD connected to your main board SATA ports, you will find the drive "frozen"
    - Step 2: This password assignment step is left out of most tutorials on this subject which is odd, because it won't work without it. Simply follow the instructions exactly as shown and it will work fine.

    I think that covers it... of course, YMMV and I'm not responsible if you blow up your computer and all that crap! :)
     
  2. rtrt, Dec 29, 2009
    Last edited: Aug 13, 2011

    macrumors 6502a

    Joined:
    Jan 19, 2008
    #2
    1
     
  3. macrumors 6502

    Joined:
    Feb 7, 2006
    #3
    Thanks VR. It's something I have been wondering about..
     
  4. macrumors 6502a

    Joined:
    May 11, 2008
    Location:
    is everything!
    #4
    Doesn't a single pass of zeroing out the data from disk utility do pretty much the same thing? I've done that in the past and it brought my intel drives back to life. It made them noticeably faster in real world use, and my scores in xbench proved I wasn't just imagining it.
     
  5. macrumors 6502

    Joined:
    Feb 7, 2006
    #5
    Actually not exactly... Read here:

    http://macperformanceguide.com/Storage-SSD-Reconditioning.html
     
  6. Moderator emeritus

    mkrishnan

    Joined:
    Jan 9, 2004
    Location:
    Grand Rapids, MI, USA
    #6
    This is really interesting. Thanks (to you and the OP) -- I wasn't really aware that this was an issue for drive performance (as opposed to security). I wonder if it applies to "cheap" SSDs like the one in my Eee too...

    Out of curiosity, are there advantages, then, of going to all the trouble of creating the Linux bootable drive, vs. just using the OS X install DVD and Disk Utility to do >1 passes of overwrite (which, the guide smacman linked seems to indicate, is more or less sufficient)?
     
  7. macrumors 6502

    Joined:
    Feb 7, 2006
    #7
    I think the solution VirtualRain has posted is the most elegant. It essentially works the same way as Intel's own tool which won't run on our Macs.
     
  8. macrumors 6502a

    Joined:
    May 11, 2008
    Location:
    is everything!
    #8
    That article doesn't explain anything.. Of course just erasing the drive won't do anything, but zeroing out the data has the same effect as writing a 73g file. It overwrites the entire drive exactly the same way his terminal command creates a 73GB file.

    Maybe I don't have enough coffee in me yet, but am I missing something?
     
  9. rtrt, Dec 29, 2009
    Last edited: Aug 13, 2011

    macrumors 6502a

    Joined:
    Jan 19, 2008
    #9
    1
     
  10. thread starter macrumors 603

    VirtualRain

    Joined:
    Aug 1, 2008
    Location:
    Vancouver, BC
    #10
    In essence, conventional HD erase programs are doing the opposite of what you want to do with an SSD. Zeroing out an SSD effectively writes a "0" to every cell. What you want to actually do is "unwrite" to all cells, which can only be done with the secure-erase feature built into the drives controller which effectively free's up all written NAND blocks. By doing this, you remove any write-erase block penalty going forward, at least until usage has resulted in writing once to all NAND blocks.

    The HDDErase utility is the most common method for PC users to do a secure-erase, and in fact, this is what Intel recommends. However, this utility will NOT work on a Mac due to the EFI firmware. It requires a BIOS to work and even then, support is spotty from one motherboard to the next.

    The approach I outlined above, will work equally as well on Mac's or PC's as it completely ignores the firmware/bios and simply instructs the drive's controller to issue the secure-erase command directly.
     
  11. macrumors 601

    Icaras

    Joined:
    Mar 18, 2008
    Location:
    California, United States
    #11
    +1 Thanks for this. Thread subscribed.
     
  12. rtrt, Jan 23, 2010
    Last edited: Aug 13, 2011

    macrumors 6502a

    Joined:
    Jan 19, 2008
    #12
    a
     
  13. macrumors newbie

    Joined:
    Feb 19, 2010
    #13
    Getting "Invalid Exchange" error when used hdparm -I /dev/sda

    I was so happy to find this solution but could not get it to secure Erase my Corsair P256 SSD.

    Step 1 hdparm -I /dev/sda gave me an error "Failed: Invalid Exchange". I tried the command several times, hoping that the first time error rule was the case but could not go any further.

    # hdparm -I /dev/sda

    /dev/sda:
    HDIO_DRIVE_CMD(identify) failed: Invalid exchange
    HDIO_GET_IDENTITY failed: Invalid argument

    I did this with a USB enclosure with my SSD in it and no hard drive inside my MacBoook Pro. Booting the Gparted Live CD like in the instructions just fine.

    Also plugged the SSD into the internal drive slot and could issue the hdparm -I /dev/sda but the drive is "frozen" like the writeup said.

    Anyone see this? Please help.
     
  14. macrumors 65816

    300D

    Joined:
    May 2, 2009
    Location:
    Tulsa
    #14
    Do a single pass erase of the drive, all data will be removed.
     
  15. macrumors newbie

    Joined:
    Feb 19, 2010
    #15
    Found a solution to ATA erase without needing a USB enclosure

    I found a solution to my SSD ATA secure erase problem WITHOUT using an "external enclosure":

    Here are the steps:

    0. Back up my SSD, using SuperDuper app to another regular 2.5 hard drive

    1. Put in the Gparted Live CD created with the downloaded ISO and turn off my MacBookPro (MBP)

    2. Open the back of my MBP and removed SSD and leave the MBP back open. I put MBP on a phone book so that the hard drive wire is exposed to the side.

    3. Boot with CD, without any drive or SSD connected. Will boot straight from CD.

    4. After completely booted into Gparted Live, plug in the SSD to the internal SATA cable in the back of my MBP. I like to stress that this is the internal cable for the internal drive and NOT cables from any external enclosure whatsoever.

    5. Then I did a hdparm -I /dev/sda and see that my drive is NOT "Frozen". This is the only way to have your SSD NOT frozen.

    6. I then proceeded with setting a password and could secure erase my SSD with success. These steps were outlined from the first post of this topic.

    I am back with incredible speed just like when I first got it.
     
  16. thread starter macrumors 603

    VirtualRain

    Joined:
    Aug 1, 2008
    Location:
    Vancouver, BC
    #16
    Nice... I had read that some people were successful exploiting the hot-swap capabilities of SATA to do this... looks like you've confirmed it.
     
  17. macrumors 6502

    Joined:
    Mar 30, 2008
    #17
    Hi VR. just wondering... If your boot and apps are on your SSD, I'm guessing your home folder is on another HDD, how long before you started to see a decrease in speed form the SSD?
     
  18. thread starter macrumors 603

    VirtualRain

    Joined:
    Aug 1, 2008
    Location:
    Vancouver, BC
    #18
    I have 3x80GB SSD's in a SW RAID0 array... so I have 240GB of SSD storage. Thus I have everything on my SSD array... OS, Apps, home directory, iTunes, etc. I even have enough space to put the source files for a 5 min HD video project (about 50GB worth of files) and still have 20% spare space.

    I archive my projects to a 1TB WD Black and also back everything up to a 1TB Time Capsule.

    I didn't perceive any degradation in performance of the SSD's... the reason I decided to do a secure erase was just because it was an appropriate opportunity when I added a 3rd SSD to the array at Christmas time. I will probably do a secure erase and reinstall the latest OSX version from scratch once a year or so just to ensure everythings running optimally.
     
  19. macrumors 6502

    Joined:
    Mar 30, 2008
    #19
    I Mroogled & Googled it, but nothing much came up on what sort of half life can be expected / a time when you would notice speed drops requiring a full erase. I guess it would obviously depend heavily on how it is used - everyone's MMV...

    Anyone care to take a guess if you're just adding the OS, and apps to the SSD? Would putting bootcamp on it for playing games severely speed up its demise? It would be great to not have to do a full wipe for a couple of years, but I may be being optimistic?
     
  20. macrumors 6502a

    Joined:
    Feb 5, 2008
    #20
    Sounds like a lot of pain in the ass tbh, Apple needs to step up and come up with a decent solution already ffs.
     
  21. thread starter macrumors 603

    VirtualRain

    Joined:
    Aug 1, 2008
    Location:
    Vancouver, BC
    #21
    Agreed... support for TRIM would go a long way and should be relatively easy to add.
     
  22. macrumors 6502a

    Joined:
    Feb 5, 2008
    #22
    Have you worked with any OCZ drives that have "garbage collection"? Looks like it might be a way to go until there is some kind of standard that is adopted by Apple. Im actually looking into getting my first ssd and it looks rather appealing solution to get that instead of an Intel.
     
  23. macrumors newbie

    Joined:
    Mar 7, 2010
    #23
    First ever post on here and I hope that this can be of use to someone and clarify that it works with my model

    Thank you VirtualRain so much for the direction to the GParted application,

    I had the same error as hln98 by using my external enclosure and could not find a fix, but I used hln98 approach of hot plugging it in..

    I have a White MacBook 4,1 and I am using a 40GB Intel X25 SSD.

    I took the battery out of my MacBook and removed the metal strip guarding the RAM and the HD SATA port. I then removed my SSD. I connected my power cable back into the MacBook and had no battery connected (make sure is safely plugged in so that you won’t pull it out during the secure erase... could be bad news for your speed toy.). Insert the disk and hold the ‘C’ key, CD will then boot up. Select the first option, this is the important part, just after you select the first option, straight away insert the SSD back into the SATA port effectively hot plugging the device in (perfectly safe) and the subsequent drivers will be loaded (I tried hot plugging the drive in to the SATA slot after the failed attempt with the USB enclosure, it did not load and this may of been down to the drivers not being loaded during boot)

    Test that the device is not locked by running the $ hdparm -I /dev/sda in the terminal

    (It should be that drive if you only that one connected) If it is not locked follow on,

    GParted should automatically load (the GUI worked fine for me), erase the drive (I didn’t format to a file system, I did that when re-installing Snow Leopard).

    Follow the instructions on then Wiki that was linked previsouly and you should be good to go. The screen shot below proves that it worked for me. I hold no responsibility if any drive is damaged through this method.

    If your reading this in preparation to buy a SSD, GET ONE, honestly wouldn’t worry about trim not being supported by OS X, you only have to run the command every 6 months or so, and the SSD will last for a long time, as you will probably upgrade before you notice degradation of the drive. It has made the biggest difference to me.

    All though at the end of the day, it would be nice if the most ‘advanced operating system in the world’ could have a trim function, save messing around with screw drivers, I will cross my fingers for the next iteration of OS X to have them included.

    T
     
  24. macrumors newbie

    Joined:
    Mar 12, 2010
    #24
    secure delete

    Could someone use the CCleaner secure delete option to function like trim?
    it is a 3 pass process.
     
  25. thread starter macrumors 603

    VirtualRain

    Joined:
    Aug 1, 2008
    Location:
    Vancouver, BC
    #25
    This kind of secure erase is completely different to that used to return SSDs to "new" and unutilized condition. Most disk utilities that secure erase the data do so by over writing data bits with 0 or 1's. This is exactly the opposite of what we are talking about here which is marking all storage locations in flash as unutilzed.

    EDIT: @Skiffx... I have no experience with OCZ drives, but my understanding is that without TRIM, you would be facing the same issues of degraded performance over time and need to use the secure erase solution described here to restore full performance periodically.
     

Share This Page