Problem securely erasing my hard drive

[tuna]

I want to securely erase my hard drive.

I created a OS X Lion USB boot drive. I booted to the USB drive. I selected the option to start Disk Utility. So far I am doing this correctly, right?

So then I select the hard drive "121.33 GB APPLE SSD TS..." from the window on the left. I go to the "Erase" tab. I can select a Format and Name for the selected hard drive and the Erase... button is pressable, but the Erase Free Space... and Security Options... buttons are greyed out. Why is this? I want to do the 7 pass erase to make sure that everything is gone.

It's the same thing when I select the "Macintosh HD" partition name that is under the "121.33 GB APPLE SSD TS..." drive name. I can go to the "Erase" tab but the Security Options... button is greyed out. Only the Erase... button is available.

What am I doing wrong?


This is for a 2010 Macbook Air in case that matters.

 

[tuna]

After doing some more research I have found that Apple (to some controversy) does not have the feature of being able to securely erase SSDs. So yeah. If I wanted to securely erase my SSD I would have to do some sort of linux live CD solution.

 

[-aggie-]

You tried this (after the USB)

https://forums.macrumors.com/threads/1103048/

If you go to format type for the SSD, and choose MacOS with the Encrypted setting, it lets you choose a password for the partition, then once you create that partition, it allowed you to erase with security options.

 

[Tumbleweed666]

There is no point at all overwriting a SSD multiple times. Once is fine.

Personally I don't believe there is any point overwriting a disk multiple times either (the requirement to do so is a hang over from older technology) , but at least you could have an argument about that.

In solid state memory, a bit is either a one or a zero and you cant go read "underneath" it like you used to be abel to do on older tech magnetic disks and some postulate you still can to see what was there before.

 

[tuna]

There is no point at all overwriting a SSD multiple times. Once is fine.

Personally I don't believe there is any point overwriting a disk multiple times either (the requirement to do so is a hang over from older technology) , but at least you could have an argument about that.

In solid state memory, a bit is either a one or a zero and you cant go read "underneath" it like you used to be abel to do on older tech magnetic disks and some postulate you still can to see what was there before.

Well I think that the security problem with SSDs is supposed to be that in order to increase performance and reliability, SSDs write the same data multiple times everywhere and don't zero it out when they are done with it, they just make a note that the particular area isn't being used anymore. So fragments of your deleted data could still remain on your SSD or even multiple times on your SSD and you wouldn't know.

 

[Makosuke]

Well I think that the security problem with SSDs is supposed to be that in order to increase performance and reliability, SSDs write the same data multiple times everywhere and don't zero it out when they are done with it, they just make a note that the particular area isn't being used anymore.

Tumbleweed666 didn't say there was no point in overwriting an SSD, they said that there was no point in overwriting it multiple times.

Filling the drive entirely with zeros (or other unimportant data) once, though whatever means, will overwrite all data on the SSD.

Hypothetically, I suppose that if a block with sensitive data had been bumped off due to overprovisioning, it could still contain that data even with the drive "full" of zeros. But even assuming that that block could be read at all (which presumably isn't the case if the controller took it out of active use), and that you could hack the SSD's internal controller to read out the contents of the block, no OS is going to be able to prevent this; since the management of overprovisioned blocks is handled entirely by the SSD's controller, the OS has no way of knowing whether a logical block is "fresh" or "old", nor any way of accessing blocks that have been removed from the active pool.

Full-drive OS-level encryption would be the workaround to this, since any leftover data would be useless, but otherwise it's going to require support at the hardware level of the SSD. This is, of course, assuming that SSDs don't zero blocks that have been removed from use for exactly this reason, which is entirely possible.