Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

jannikmeissner

macrumors member
Original poster
Dec 17, 2014
32
3
London, UK
I searched and found nothing (maybe I didn't search well enough) - is the secure erase option still there? I can't find it.
After a recent M1 Upgrade I was planning to sell my old MacBook Pro and wanted to secure erase for this purpose.... But the option seems to be no longer inside of Disk Utility.
 

chrfr

macrumors G5
Jul 11, 2009
13,592
7,135
I searched and found nothing (maybe I didn't search well enough) - is the secure erase option still there? I can't find it.
After a recent M1 Upgrade I was planning to sell my old MacBook Pro and wanted to secure erase for this purpose.... But the option seems to be no longer inside of Disk Utility.
The secure erase option in Disk Utility has long been unavailable for SSDs.
 

Honza1

macrumors 6502a
Nov 30, 2013
935
435
US
I believe the suggested thing (by Apple) here is encrypt the disk with filevault and forget the key. Of course, erase the drive. But the encryption will effectively do what you want - scramble every bit - and without key it is useless to normal human being, even if recovered somehow from the disk.
 
  • Like
Reactions: Apple_Robert

Apple_Robert

Contributor
Sep 21, 2012
34,993
51,054
In the middle of several books.
I believe the suggested thing (by Apple) here is encrypt the disk with filevault and forget the key. Of course, erase the drive. But the encryption will effectively do what you want - scramble every bit - and without key it is useless to normal human being, even if recovered somehow from the disk.
That is correct. Using FileVault will accomplish the goal rather easily.
 
  • Like
Reactions: gilby101

phalseHUD

macrumors 6502
Mar 7, 2011
281
356
Digital Sprawl
In recovery, open terminal and use the diskutil command.

‘diskutil list’ gives you a list of the disks attached.

‘diskutil secureErase 0 /dev/diskx’ where x is the number representing the disk you want to wipe. There are a number of different wipe levels. 0 as above simply writes 0’s across the disk, thus overwriting everything previously on the disk. That means they’ve (for all intents and purposes) gone forever - so use with caution!
I suggest some research before you start wiping if your not confident. You can ‘increase’ security by choosing a 7-pass (no.2), 35-pass (no.3) or a 3-pass (no.4). No idea why they’re numbered like that. Obviously the more passes done, the higher the security. In theory...
 

chrfr

macrumors G5
Jul 11, 2009
13,592
7,135
In recovery, open terminal and use the diskutil command.

‘diskutil list’ gives you a list of the disks attached.

‘diskutil secureErase 0 /dev/diskx’ where x is the number representing the disk you want to wipe. There are a number of different wipe levels. 0 as above simply writes 0’s across the disk, thus overwriting everything previously on the disk. That means they’ve (for all intents and purposes) gone forever - so use with caution!
I suggest some research before you start wiping if your not confident. You can ‘increase’ security by choosing a 7-pass (no.2), 35-pass (no.3) or a 3-pass (no.4). No idea why they’re numbered like that. Obviously the more passes done, the higher the security. In theory...
These are not reliable with SSDs. There's no guarantee that an erase will actually zero out all the cells on the disk.
 

phalseHUD

macrumors 6502
Mar 7, 2011
281
356
Digital Sprawl
The fella didn’t say if he had an SSD or not. If I were selling a MBP with an SSD, I’d still secure erase it, reinstall, FileVault, erase, reinstall.
 

chrfr

macrumors G5
Jul 11, 2009
13,592
7,135
The fella didn’t say if he had an SSD or not. If I were selling a MBP with an SSD, I’d still secure erase it, reinstall, FileVault, erase, reinstall.
The secure erase option would still be available in Disk Utility if the OP was trying to erase a spinning disk.
 

phalseHUD

macrumors 6502
Mar 7, 2011
281
356
Digital Sprawl
Are you certain about that? I had Catalina on a mechanical external volume as a rescue drive and I'm fairly sure the secure erase option was not there... I could be wrong. I know they removed the 35-pass erase from the GUI, despite it still being available in terminal.

What do you make of the erasure software from the likes of Blancco? They claim to erase SSDs... What do you know that they don't?
 

chrfr

macrumors G5
Jul 11, 2009
13,592
7,135
Are you certain about that? I had Catalina on a mechanical external volume as a rescue drive and I'm fairly sure the secure erase option was not there... I could be wrong. I know they removed the 35-pass erase from the GUI, despite it still being available in terminal.

What do you make of the erasure software from the likes of Blancco? They claim to erase SSDs... What do you know that they don't?
The secure erase options are definitely there in Catalina and Big Sur for standard disks. I have not looked at 3rd party tools but there are some tools which can issue a secure erase command to the SSD but you won’t be able to do this within macOS.
 
  • Like
Reactions: gilby101

phalseHUD

macrumors 6502
Mar 7, 2011
281
356
Digital Sprawl
Do you wish to caveat what you said above then? “These are not reliable with SSDs.” ?

Same goes for the comments from others I guess. Blancco came from Darik’s Boot n Nuke, which is free open source software but no longer maintained as far as I know... Blancco is paid software, giving industry standard certification, after data erasure. So one expects they must be doing something right... Something that Apple either can’t or won’t.
 

KALLT

macrumors 603
Sep 23, 2008
5,372
3,394
As chrfr pointed out, the “secure erase” options that overwrite blocks are not effective for SSDs and were made unavailable for that reason. Provisionally enabling FileVault as a substitute is not effective for the same reason. For HDDs, a single-pass overwrite (or zeroing out) is typically enough. The multi-pass options were developed in times where HDDs had a significantly lower storage capacity. The probability of recovering any data at all is extremely low using specialised forensic tools.

An Apple-branded SSD is erased by the Trim command that Disk Utility sends to the disk upon an erase option. If the Mac has a T2 chip, the drive would already been encrypted. If you put in your own SSD, then you’d have to refer to the SSD manufacturer for a secure-erase option or use a third-party tool, such as Paragon Disk Wiper.
 

phalseHUD

macrumors 6502
Mar 7, 2011
281
356
Digital Sprawl
the “secure erase” options that overwrite blocks are not effective for SSDs and were made unavailable for that reason.
But third party companies can do secure erase. So Apple either can’t or won’t then... I’d still use the commands I originally mentioned above if I’m selling. Call me paranoid.

If you put in your own SSD, then you’d have to refer to the SSD manufacturer for a secure-erase option or use a third-party tool, such as Paragon Disk Wiper.
Or use the trimforce command in terminal? If you’re brave enough...
 

Ritsuka

Cancelled
Sep 3, 2006
1,464
969
trimforce enabled trim, which has got nothing to do with what we are discussing it…

"Secure erase" works by overwriting the each disk block with new data. The issue is that on a SSD there aren't fixed blocks, the SSD automatically reuse whichever portion of memory works better, so "Secure Block" writes on different portions of the SSD and does not actually overwrite the portion you want to erase. In the end, this only cause the SSD to lose some months of life, and your file are probably still readable.

You have to use the tool provided by he SSD manufacture to erase the SSD (if they provide one).
 

chrfr

macrumors G5
Jul 11, 2009
13,592
7,135
Do you wish to caveat what you said above then? “These are not reliable with SSDs.” ?
I do not. The secure erase tools provided by macOS are of no use on SSDs. A truly paranoid user would put no data on an unencrypted drive and would not sell or dispose of the disk without physical destruction. The good news is that with T2 or M1 equipped Macs, the data is always encrypted on disk even if FileVault is not enabled.
 

Henk Poley

macrumors 6502
Sep 22, 2008
347
117
There is an option the wipe the Mac in (Internet) Recovery. From the menu open Terminal, then type `resetpassword`, from the menu of the application that just opened, chose 'Wipe Mac'.

This works since at least Catalina, but probably longer.

AFAIK this ought to also unlink some things, like you having to enter your App Store password (with pre-filled username that you cannot change) to install macOS.
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.