Do I need to secure erase SSDs before selling?

Discussion in 'Mac Basics and Help' started by SkyLinx, Apr 11, 2018.

Tags:
  1. SkyLinx macrumors member

    SkyLinx

    Joined:
    Mar 24, 2018
    Location:
    Espoo, Finland
    #1
    I wasn't sure where to post this. I just bought a new iMac and am about to sell my previous computer which I have used as a Hackintosh (I wanted to use macOS but needed to save money to buy a real Mac). Of course I want to make sure the buyer cannot recover my data from the SSD in it.

    Apple says that a secure erase should not be necessary with an SSD, and in fact the secure erase options aren't even available in Disk Utility for SSDs. But I have also read somewhere that this is instead because it's not possible to guarantee a secure erase is actually "secure" with SSDs....

    I am confused. What is your opinion regarding this? Is there anyone here with a background in security who can give more details?

    I've also read that encrypting the SSD with FileVault and then doing a normal erase would be secure, however.... getting FileVault to work on the Hackintosh is quite challenging it seems.

    Because the SSD is of NVMe / M.2 type, I would need to buy some adapter in order to plug it as an external drive with the real Mac and encrypting it there with FileVault etc.

    So, the question is... will I be safe if I just do a normal erase of the SSD as Apple seems to suggest, or not?

    Thanks!
     
  2. Lunder89 macrumors 6502

    Lunder89

    Joined:
    Oct 16, 2014
    Location:
    Denmark
    #2
    In short, just make sure you delete the partition completely and create new one and format it. Then if anyone wants to recover anything, they will need some serious tools to even attempt it.

    I would like to ease your mind with the long version. Now I am not a security expert, but I do know on a basic principal how data storage works. So a simplified explanation here:

    On a classic harddrive when you store files on it, a little piece of information about the files is being stored in the partition table, which is a little bit like a map of where all the files on HD is stored. The files physical location is on the spinning discs inside the HD. You can google for video or photos of what that looks like.

    When you then delete a file, only the information in the partition table is being deleted, and the physical location of the data on the harddrive is registered as free space. The actual deletion happens when other files writes new data in that physical location.

    A SSD drive is a lot of little power storage units. If they do not store data they are 0, and if the do they store data (meaning a tiny electric charge) they are 1. These 1's and 0's make up your data. And the SSD measures the storage units to see if they contain a charge. As I understand the partition table is directly linked to the storage units, and therefore when deleting and formating the partition, the entire SSD is written as 0's. Which means no data left.

    For the real techies out there, I know this is simplified. And may not be 100% technically accurate.

    But to return to the short answer. I havn't heard of anyone where they needed to do a secure deletion, and I don't think you need to either.
     
  3. Kingcr macrumors member

    Joined:
    Feb 1, 2018
    Location:
    UK
    #3
    The answer to this depends on your security requirements.

    If you enabled TRIM on your device from new (i.e. using "trimforce" since you have a hackintosh), then simply deleting files or doing a standard erase is probably sufficient. This is because with TRIM enabled, any file deletes trigger a command to the SSD controller notifying it that the space occupied by the file is no longer in use, and *most* controllers then report the relevant locations as zeroed out when read again rendering the files unrecoverable to anyone but the most sophisticated attackers.

    If you want to increase security a bit more, consider doing a full-device trim from an external environment, e.g. using "blkdiscard" across the entire device from Linux live cd or creating a partition from a Windows installer disk that spans the entire device (Windows trims partitions when formatting). This just ensures that *all* the files on the device are gone which isn't possible when trying to clean up a drive that you're currently running your operating system on. This is what i would do.

    Beyond that, you can consider a device-level secure erase command (e.g. via "hdparm"), also issued from something like a Linux live cd. In theory, this causes the controller to actually zero the physical chips on the SSD (as opposed to the controller simply reporting the contents as empty), but the implementation would depend on the disk manufacturer.

    Anything beyond this is only for the uber-paranoid.
     
  4. SkyLinx thread starter macrumors member

    SkyLinx

    Joined:
    Mar 24, 2018
    Location:
    Espoo, Finland
    #4
    Thanks for the clarification on this difference hdd vs sdd :)

    Thanks a lot, TRIM was enabled on the NVMe SSD but not on the SATA one, so I have used blkdiscard on both just to be sure. The operation was just a few seconds on each drive though, is it normal?
     
  5. Kingcr macrumors member

    Joined:
    Feb 1, 2018
    Location:
    UK
    #5
    Yes it’s normal. It just tells the controller to free up the space, it doesn’t actually write to the drive NAND.
     
  6. SkyLinx thread starter macrumors member

    SkyLinx

    Joined:
    Mar 24, 2018
    Location:
    Espoo, Finland
    #6
    Cool! Thanks again :)
     
  7. MacBH928 macrumors 68030

    MacBH928

    Joined:
    May 17, 2008
    #7
    I don't want to scare you...but,

    I heard with the right tools, you can always recover data from an SSD. Since you have a hackintosh its even worse because maybe there is software/hardware incompatibility to perform the delete process properly.

    My personal recommendation is that buy new or used HDD, install it in your computer and sell it that way. As for your SSD, best would be to delete everything, fill with different data, encrypt the SSD, then physically destroy it by sending it to an HDD shredding service or you can drill or break wholes in each of the SSD chips. Then throw the broken parts in different places not together so it won't be reassembled.

    This might sound like an overkill or paranoid, but after some research myself, this is about the only sure way to be safe. Better safe than sorry. It depends on the data on the device, if there is something that someone might find out and will be usd against you in the future(or illegal), I would be very careful. If its just loaded with game files(remember everything you have ever put on that SSD even if you deleted it long ago), then no harm can be done and you don't have to be so worried.

    Only a security expert can answer this question as I have been looking for that answer myself and this is the only conclusion I have come to where you can be safest.

    Its much easier with a regular HDD where you just have to secure erase the HDD about 3 times(fully write the HDD with garbage data) then breaking the platters into pieces, then trash in different places.
     
  8. Fishrrman macrumors P6

    Fishrrman

    Joined:
    Feb 20, 2009
    #8
    If you REALLY want to be "secure", do this:
    - take the existing SSD OUT OF the hackintosh
    - put a brand-new SSD into it.
    - install the basic hackintosh OS install onto it
    - sell it that way

    You can then either re-use the old SSD yourself, or destroy it.
     
  9. SkyLinx thread starter macrumors member

    SkyLinx

    Joined:
    Mar 24, 2018
    Location:
    Espoo, Finland
    #9
    I used blkdiscard with a Linux live disc as suggested earlier rather than doing it from macOS (also because I had to erase the drive where macOS was installed).


    Yep that's what I've done with the HDD.

    Problem is that the SSDs I have (NVMe of 512 GB and SATA of 1 TB) are expensive so if I have to destroy them and replace them it would cost quite a bit. I am trying to sell ASAP this computer to recover money I spent for the iMac.

    Any particular reason why either of you think the procedure with blkdiscard suggested by Kingcr would not be enough?
     
  10. KALLT macrumors 601

    Joined:
    Sep 23, 2008
    #10
    The problem is that it depends upon the firmware of the SSD and what the controller does when it receives a ATA Secure Erase command, if the command is implemented at all. SSDs differ in that way from HDDs.
     
  11. rpmurray macrumors regular

    Joined:
    Feb 21, 2017
    Location:
    Back End of Beyond
    #11
    Or to make absolutely sure you can nuke it from orbit.
     
  12. MacBH928 macrumors 68030

    MacBH928

    Joined:
    May 17, 2008
    #12
    I am not saying its not enough... I am saying I am not sure if it is enough. I know the SSD is expensive, but are you willing to risk if any of your data was leaked? Better safe than sorry is my motto. You really don't want to regret it down the line, at least now you are in control. It really depends whats on that SSD. No need to be paranoid if the data is not sensitive, then again, there are many hackers and data miners out there.

    Maybe I am paranoid, but I rather keep or destroy my data instead of being blackmailed by stranger in the future.
     
  13. Kingcr macrumors member

    Joined:
    Feb 1, 2018
    Location:
    UK
    #13
    Recovering data from an SSD depends almost entirely on the controller. This is because data stored on the underlying NAND (at least on a fairly well-used drive) can only be made sense of by the controller after all the wear-levelling, GC, page-mapping and so on that it does continuously. SSD firmware is incredibly complex these days. So, when the controller discards the known state of some or all of the data (e.g. via a TRIM command), the effort involved in recovering it is huge. As long as the controller does indeed report trimmed space as empty. To the OP: you can verify your SSD's behaviour in Linux using something like:
    dd if=/dev/<disk> bs=10M count=<some reasonable number of blocks> | hexdump -C
    This will read a number of 10 meg blocks from the device and present them in hex, without repeating. So if you just see all zero's coming back, then your drive controller is just reporting trimmed space as empty.

    For secure erase (as opposed to TRIM), the implementation depends on the manufacturer. Conceivably, the controller could write zero's to each NAND cell or it could just mark them as empty - much like a full device trim. In either case, getting data back is going to be near impossible.

    So, the thing to ask yourself is, who is your adversary in all this? If you think that someone might try to run some data recovery or forensic tools, I wouldn't be worried at all. If you think someone might be able to attack the firmware or NAND to recover your data, then (a) you've got bigger problems and probably shouldn't be asking for advice on a forum and (b) you should physically destroy the drive rather than ever considering selling it.
     
  14. SkyLinx thread starter macrumors member

    SkyLinx

    Joined:
    Mar 24, 2018
    Location:
    Espoo, Finland
    #14
    What kind of forensic tools could be used to attempt a data recovery from an SSD? Can this be done with just some software? Are these tools expensive? My adversary is some random guy who's going to buy the PC.... so who knows :p
     
  15. Kingcr macrumors member

    Joined:
    Feb 1, 2018
    Location:
    UK
    #15
    The tools I’m referring to are generic, not specific to SSD’s. And that’s the point. A random buyer if nefarious may try some of them (there are free and expensive tools) but they won’t be effective if your SSD has been properly erased.

    Anyway, this thread has progressed from a fairly simple question to a whole lot of FUD. I stand by my initial comment. Cheers.
     
  16. kschendel macrumors 65816

    Joined:
    Dec 9, 2014
    #16
    If you are concerned about someone cleverly abstracting the data out from under the controller, the best thing that I can think of is to format the SSD as one giant partition and write one giant file of zeros into it, filling it up. Do it a few times and you have a pretty good chance of zeroing everything including filesystem metadata, at least once.

    Or, you could place it carefully on a firm concrete surface, and drive your car back and forth over it a few times. That will likely erase it safely as well (without the environmental issues involved in pouring gasoline over it and lighting it.) If there was ever anything on the SSD that might potentially expose you to ruin, I think that's what I would recommend.
     
  17. Fishrrman macrumors P6

    Fishrrman

    Joined:
    Feb 20, 2009
    #17
    Another course of action for the OP (requires a DVD/CD drive).

    1. Download the "Parted Magic" iso (DVD image).
    2. Burn this to DVD/CD (don't remember which is required, I -think- it's just a CD)
    3. BOOT FROM the Parted Magic CD.
    4. Go to the disk tools and choose to do an "ATA Secure Erase" (or is it "ATA reset", can't remember) on the internal drive.
    5. This will literally reset it to a factory-fresh state. I don't think there's any better way to get rid of the data.
     
  18. SkyLinx thread starter macrumors member

    SkyLinx

    Joined:
    Mar 24, 2018
    Location:
    Espoo, Finland
    #18
    I read that this can damage some drives though?
     
  19. Fishrrman macrumors P6

    Fishrrman

    Joined:
    Feb 20, 2009
    #19
    Again --

    If you're THAT WORRIED about the data on the SSD, take it out and PHYSICALLY DESTROY IT.

    Then, put ANOTHER drive into the hackintosh and set it up for the buyer...
     
  20. MacBH928 macrumors 68030

    MacBH928

    Joined:
    May 17, 2008
    #20
    Remember, you will never know what will the buyer do to the SSD. He can give it away, donate it, do tests on it, use it, use it for sometime then sell it for someone else which you have no idea what they wil do with it.
     
  21. davidmartindale macrumors regular

    davidmartindale

    Joined:
    Jan 28, 2011
    Location:
    PNW, USA
    #21
    I am not sure if anyone else mentioned this as there is a lot here. But it should be noted that an SSD has a finite amount of read/write cycles. If you were to do say a 7 pass erase on an SSD that is going to substantially reduce the life of the SSD. They are not designed to be erased that way.
     
  22. kschendel macrumors 65816

    Joined:
    Dec 9, 2014
    #22
    Actually it shouldn't make much of a difference unless the SSD is on its last legs anyway. Most SSD's released in the last few years should have an endurance of at least a large fraction of 1 DWPD for the warranty period, if not better. So doing say 10 full write cycles might lop off a few weeks from the drive lifetime, but it shouldn't have a huge effect.

    One thing I wrote was wrong, though: some controllers compress the data to be stored, so rather than writing zeros, it would be better to write a random bit stream, ideally generated by a noise junction or something. I'm sure that a good pseudo-random generator would be OK as well.

    Theorizing is fun, but to get back to serious practicalities: if there's something on the drive that could potentially seriously impact your life, like true blackmail fodder, or various illegalities, don't sell the drive! Destroy it. If you're an average or even above average Joe with no vendettas against you, an ordinary erase or full-device trim will do just fine.
     
  23. theluggage macrumors 68040

    Joined:
    Jul 29, 2011
    #23
    ...but on the other hand, because SSDs work in totally different ways to HDs there's no guarantee that a secure erase routine designed for HDs will actually do the job - so you're potentially wearing out the SSD for no good reason.

    Sending a "secure erase" command to a SSD that supports it is the only way to be sure, and (as you say) be proportionate - if you've got the nuclear launch codes stored on there, the whole MacBook is going in the industrial shredder afterwards anyway, right?

    ...that makes it simple. If in doubt, just pull the drive and keep it. If its a good size, get a USB3 enclosure for it and you've got a nice fast external drive. If necessary, stick some cheap'n'cheerful spinning rust in the old Hackintosh so you can sell it in working condition.

    Now, when the SSD is soldered in to a MacBook, that's a problem.
     

Share This Page