Securely Erasing a Disk

From Leo's Notes
Last edited on 30 December 2021, at 01:20.

Here are some tools and methods to wipe a disk securely.

Tools[edit | edit source]

dd[edit | edit source]

Write zeros or pseudorandom data:

# dd if=/dev/zero of=/dev/sda bs=4K status=progress
# dd if=/dev/urandom of=/dev/sda bs=4K status=progress

dcfldd[edit | edit source]

dcfldd is based on an old version of dd and has some extra features. It hasn't been updated since 2006. If you only want to write a bit pattern, also look at badblocks.

You can specify a bit pattern:

# dcfldd pattern="00" of=/dev/sda
# dcfldd pattern="FF" of=/dev/sda

shred[edit | edit source]

Shred comes as part of coreutils. It will overwrite a file with random data.

# shred /dev/sda

badblocks[edit | edit source]

Badblocks can be used to write to and verify a storage device.

# badblocks -v -w -s -b 4096 -t 0xff /dev/sda

Options are:

  • -v : verbose
  • -w: write
  • -s: show progress
  • -b: block size
  • -t: test pattern

ATA Secure Erase[edit | edit source]

Modern ATA devices support a security feature which allows for the firmware to initiate a security erase. Depending on the manufacturer and type of media, an ATA secure erase may wipe the entire device or wipe only the encryption key rendering the data unusable as it can no longer be decrypted. For SSDs, both security erase and enhanced security erase will overwrite the encryption key and is the ideal way to wipe a SSD without inducing unnecessary wear.

The following output from a hdparm -I /dev/sdX command on a SSD shows a both a security erase and enhanced secure erase will take 2 minutes.

       Master password revision code = 65534
       not     locked
       not     frozen
       not     expired: security count
               supported: enhanced erase
       Security level high

An enhanced secure erase will overwrite the entire disk several times with a distinct bit pattern including reallocated sectors that have previously triggered an I/O error. However, I have a Hitachi 3TB disk which reports a 508+ minute security erase but only a 2 minute enhanced security erase which suggests an enhanced security erase doesn't overwrite the entire drive for this model.


Doing the erasure[edit | edit source]

An ATA secure erase can be accomplished with hdparm.

  1. Ensure the device is not frozen. If it is frozen, either restart the computer or power cycle the disk (via hibernation or something)
    # hdparm -I /dev/sda
  2. Enable security using hdparm.
    # hdparm --user-master u --security-set-pass password /dev/sda
  3. Verify security is enabled.
    # hdparm -I /dev/sda
  4. Issue the ATA secure erase command. Use --security-erase-enhanced if supported and desired.
    # hdparm --user-master u --security-erase password /dev/sda
  5. Once erased, ensure security is disabled.
    # hdparm -I /dev/sda

DBAN[edit | edit source]

Darik's Boot and Nuke. A live disk which will automatically wipe any connected storage devices. This doesn't appear to be updated anymore and newer hardware might not be supported.

DBAN supports the following wipe methods:

  • Quick Erase
  • Canadian RCMP TSSIT OPS-II Standard Wipe
  • American DoD 5220-22.M Standard Wipe
  • Gutmann Wipe
  • PRNG Stream Wipe

Methods[edit | edit source]

Here are some common wipe methods explained.

DoD 5220.22-M (C)[edit | edit source]

The DoD 5220.22-M (C) requires overwriting an entire device with a pseudo-random bit pattern once.

DoD 5220.22-M (E)[edit | edit source]

The DoD 5220.22-M (E) standard, also referred to as the DoD 3-pass method, requires the following:

  1. Overwrite with binary 0's
  2. Overwrite with binary 1's
  3. Overwrite with a random bit pattern

DoD 5220.22-M ECE[edit | edit source]

DoD 5220.22-M ECE combines DoD 5220.22-M E, C, and E to form a 7-pass variant.

Canadian RCMP TSSIT OPS-II[edit | edit source]

The Canadian RCMP TSSIT OPS-II wipe method is a 7-pass process:

  1. Overwrite with binary 0's
  2. Overwrite with binary 1's
  3. Overwrite with binary 0's
  4. Overwrite with binary 1's
  5. Overwrite with binary 0's
  6. Overwrite with binary 1's
  7. Overwrite with a random bit pattern and verify the write

Gutmann[edit | edit source]

For the overly paranoid, the Gutmann method uses 35-passes using pseudo-random and bit patterns to wipe a device. This is done with the assumption that intelligence agencies can somehow detect the previous bit values using magnetic force microscopes and image analysis.


Schneier[edit | edit source]

A 7-pass method by Bruce Schneier.

  1. Overwrite with binary 1's
  2. Overwrite with binary 0's
  3. Overwrite with a random bit pattern
  4. Overwrite with a random bit pattern
  5. Overwrite with a random bit pattern
  6. Overwrite with a random bit pattern
  7. Overwrite with a random bit pattern

See Also[edit | edit source]