How to Secure erase??

Discussion in 'macOS' started by comda, Apr 24, 2016.

  1. comda macrumors 6502a

    comda

    Joined:
    Mar 15, 2011
    #1
    im in CMD + R and i want to secure erase my hard drive. But blast this new Disk Utility in El Captain.

    I want to secure erase the ssd and then reinstall OSX for the next owner.
     
  2. rigormortis macrumors 68000

    rigormortis

    Joined:
    Jun 11, 2009
    #2
    a SSD cannot be secure erased. the only thing you can do is to encrypt it with file vault 2 and then do a regular erase.

    make sure you erase your PRAM also. your PRAM contains the password to the last known wifi network


    if you do not want to encrypt it with file vault 2 and want a better solution, the only thing you can do is smash the drive into a million pieces
    --- Post Merged, Apr 24, 2016 ---
    it's not el capitals fault. you could never do more then one pass erase on a SSD
     
  3. Fishrrman macrumors G3

    Joined:
    Feb 20, 2009
    #3
    I disagree with the statement that it's not possible to "securely erase" an SSD.

    I propose that it could by done thusly:

    1. First, one would need to have a disk image of an "empty" SSD available, in the same size as the SSD to be securely erased.

    1a. By "empty" SSD, I mean an SSD that has only been initialized for the first time, and has never held any data in its sectors.

    2. Next, one would mount the image of the empty SSD as "the source" in Disk Utility.

    3. Then, select the SSD to be erased as "the target".

    4. Then, turn Disk Utility loose to copy the entire image from one SSD to another.

    4a. I reckon one could also use a cloning app such as CarbonCopyCloner or SuperDuper to do this, would work as well.

    5. This would replace nearly every available sector on the "previously used" drive with data from the "empty" drive -- which would be "no data at all", since there never was data on the source drive.

    6. In this case the existing data would be over-written with "null data".

    This might not replace EVERY sector on the old SSD due to provisioning, etc., but it would pretty well guarantee that the overwhelming majority of files that once were on that drive would now be un-recoverable for all practical purposes.

    Would this not work?
    Why not?

    One other observation:
    I can use older copies of Drive Genius to "shred" (securely erase) the free space on my SSD's. Or at least DG tells me it's doing this (when perhaps it may not be). What's going on here?
     
  4. Weaselboy Moderator

    Weaselboy

    Staff Member

    Joined:
    Jan 23, 2005
    Location:
    California
    #4
    You can secure erase an SSD with the ATA Secure Erase command, but it is kind of a hassle. You need to make a Linux boot CD to do it. If you search around you can find instructions like this.

    Otherwise, the next best thing is to encrypt the drive with FileVault then erase afterwards. That is not a true secure erase, but even if somebody managed to recover some data from the erased drive, it would still be encrypted.
     
  5. comda thread starter macrumors 6502a

    comda

    Joined:
    Mar 15, 2011
    #5
    Thank-you to all That assisted here! Its well appreciated! However since i imaged the SSD drive to another hard drive, i booted off it and used yosemite Disk utility and selected a Secure erase option. Hopefully that was it.
     
  6. rigormortis macrumors 68000

    rigormortis

    Joined:
    Jun 11, 2009
    #6
    because of wear leveling, a ssd drive can not be secure erased. you have to encrypt it or smash it
    256 bit is good enough. that is what protects our iPhones and wifi networks but you could go 4096 bit if you want.


    The NSA approved method for data destruction on a SSD, flash drives, hybrids etc., is by grinding them into a fine powder.

    this is basically how AVAST purchased hundreds of android phones and were able to recover data off of them.

    with an android phone you have to plug it in and wait 2 hours, only to find out the data was recoverable. when you securely erase an iPhone, all your doing is telling the iPhone to erase its key.

    if you believe that ssd memory can be securely erased, you should notify apple of your discovery. i think all of us really want to go back to the days of the iPhone in 2007 and have to wait 2 hours for your iPhone to erase. i hear retro is in


    you can wipe a ssd drive 40 times, and the data would still be there.

    https://nakedsecurity.sophos.com/2011/02/20/ssds-prove-difficult-to-securely-erase/
    http://macosxfilerecovery.com/data-recovery-possible-on-securely-erased-ssds/



    https://en.wikipedia.org/wiki/Write_amplification
     
  7. BLUEDOG314 macrumors member

    BLUEDOG314

    Joined:
    Dec 12, 2015
    #7
    use cmd R and go to recovery, or use a bootable installer.

    Then type in terminal "diskutil info disk0" as disk0 should be your internal drive. Somewhere in the output you see something like the following:

    Total Size: 251.0 GB (251000193024 Bytes) (exactly 490234752 512-Byte-Units)

    This is for my 256GB drive in a rMBP. So the block size is 512 bytes and there are 490234752 blocks.

    The you could do "dd if=/dev/urandom of=/dev/disk0 bs=512 count=490234752"
    You could use urandom, random, or zero, or some combination of them. I once knew the difference between urandom and random but I forget now, I think it has something to do with the PRNG not being mathematically perfect in one of them but im not sure.
     
  8. rigormortis macrumors 68000

    rigormortis

    Joined:
    Jun 11, 2009
    #8
  9. Fishrrman macrumors G3

    Joined:
    Feb 20, 2009
    #9
    I have a hypothetical question -- I've never tried this, and it might not work anyway, but...

    Let's use a 240gb SSD for an example.

    Suppose I have a 240gb SSD with data on it.
    I'd like to overwrite that data so as not to be recoverable.

    What if -- one took ANOTHER, NEVER-USED 240gb SSD, also of 240gb size,
    then
    Initialized it for the first time, but put NO data onto it,
    then
    Used a cloning app (such as CarbonCopyCloner or SuperDuper) to clone the contents of the "new-but-empty" SSD to the old SSD (with data on it).

    What would be the result?
     
  10. BLUEDOG314 macrumors member

    BLUEDOG314

    Joined:
    Dec 12, 2015
    #10
    I would assume it would make a bit for bit copy of the drive with no data on it onto the drive you want to erase, but it would be easier to just zero the drive or write random data over it.
     
  11. Marshall73 macrumors 6502a

    Marshall73

    Joined:
    Apr 20, 2015
    #11
    Get a power drill and drill out the SSD chips, that will erase it :rolleyes:
     
  12. grahamperrin macrumors 601

    grahamperrin

    Joined:
    Jun 8, 2007
    #12
    Finder

    From the foot of Disk Utility (El Capitan): Create a disk image I assume that Secure Empty Trash is still offered by Finder.

    As far as I can tell, Finder in pre-release macOS Sierra no longer offers that feature.

    srm - securely remove files or directories

    Apple notes for a pre-release (thanks to @tywebb13) show that srm(1) has been removed because it is no longer useful on SSD/Flash-based systems.

    Thoughts

    I understand the constraining of Finder to suit an Apple ecosystem that assumes no customer use of hard disk drives.

    However: Apple's removal of srm is inconsiderate to customers who understand the technology, and wish to securely remove data from a hard disk drive.

    Related

    OS X Yosemite: Securely erasing your deleted files


    Does Secure Empty Trash actually write random patterns of data?

    http://opensource.apple.com/source/srm/srm-7/ in Apple open source for OS X 10.11.6
     
  13. KALLT macrumors 601

    Joined:
    Sep 23, 2008
    #13
    Who would sell a hard-disk drive these days... :rolleyes:

    Screen Shot 1.png
     
  14. grahamperrin macrumors 601

    grahamperrin

    Joined:
    Jun 8, 2007
    #14
    To clarify: I understand the constraining of Finder to suit an Apple ecosystem that assumes no customer use of hard disk drives. – I understand things to be that way, but I don't like it.
     
  15. chown33 macrumors 604

    Joined:
    Aug 9, 2009
    #15
    You can still customize the system yourself.

    You could get the source for 'srm' from Apple, compile it, then use it from Terminal. Or run the compiled 'srm' from a script or Automator, as a Service. Or write a Mac app. Or look for a secure erase app on the App Store.

    Plenty of options remain, especially if you can compile or write software yourself. By removing 'srm', Apple has not forbidden you from doing a secure erase. It's simply moved the capability from the "standard equipment" category to "aftermarket add-on".

    In short, you're free to not like it, and you're still free to change it.
     
  16. grahamperrin macrumors 601

    grahamperrin

    Joined:
    Jun 8, 2007
    #16
    Understood.

    'Inconsiderate' was probably an overreaction. I sometimes see such things as the thin end of a wedge, with a potentially displeasing fat-ended future.
     
  17. KALLT macrumors 601

    Joined:
    Sep 23, 2008
    #17
    That only works reliably if you’ve been using volume encryption the whole time. Opportunistic encryption prior to sale does not work for the same reason that overwriting with random data does not: the SSD may still have pages with data in the ‘over-provisional’ part that it uses for garbage collection. ATA Secure Erase is the only method that should produce an acceptable result, provided the manufacturer actually supports it well.

    The trouble really is that you can never be sure. Disk encryption should be used from the start as an additional layer, in case Trim or Secure Erase don’t work correctly. The costs of having this professionally verified probably easily outweigh the costs of the SSD itself, which is why you should indeed destroy it if you are unsure.
     
  18. Weaselboy Moderator

    Weaselboy

    Staff Member

    Joined:
    Jan 23, 2005
    Location:
    California
    #18
    I don't agree this is accurate. You are correct a FV encryption would not get the data in the over provisioned area, but that is a very small portion of the drive. Between that and the way data is stored on a SSD to begin with, any data retrieval is going to be very very difficult and even then only likely partial recovery. I agree a FV encryption then wipe is not perfect, but I would not say it does not work.
     
  19. KALLT, Aug 25, 2016
    Last edited: Aug 25, 2016

    KALLT macrumors 601

    Joined:
    Sep 23, 2008
    #19
    This is a contradiction. ;) You cannot get around the fact that data may still be there. Some SSDs reserve about 10% of their storage cells for this purpose.

    Encrypting the volume with system tools is not different from ‘overwriting’ with zeros, at least not to the SSD controller. It can even be less reliable than the latter depending on the disk setup. FileVault only encrypts the Macintosh HD volume, not the disk. If you have additional free space or empty partitions, then the data may end up there. Besides, encrypting with FileVault takes more time than ‘overwriting’ with zeros.

    It is better to use FileVault from the start, to make sure that even the over-provisional part of the disk has no retrievable data. Before you give it away, you can safely call ATA Secure Erase with tools from the manufacturer, with the Linux tools you mentioned or with free commercial tools like Paragon Disk Wiper.
     
  20. Weaselboy Moderator

    Weaselboy

    Staff Member

    Joined:
    Jan 23, 2005
    Location:
    California
    #20
    I believe I acknowledged that in my reply. You are just saying the same thing over and over.
     
  21. inscrewtable, Sep 21, 2016
    Last edited: Sep 21, 2016

    inscrewtable macrumors 65816

    inscrewtable

    Joined:
    Oct 9, 2010
    Location:
    Australia
    #21
    Would I get the equivalent of secure erase on mbp ssd if I reformatted it first then do a clean install then load photoshop and create a sribbley piece of artwork then saved it to the ssd at a file size that would fill the ssd?

    I realise that there will be some stuff left but that should get rid of most of the SSD shouldn't it?
     

Share This Page