Securely Erasing a Disk

From Leo's Notes
Last edited on 20 January 2024, at 22:44.

Here are some tools and methods to wipe a disk securely.

Tools

dd

Write zeros or pseudorandom data:

# dd if=/dev/zero of=/dev/sda bs=4K status=progress
# dd if=/dev/urandom of=/dev/sda bs=4K status=progress

dcfldd

dcfldd is based on an old version of dd and has some extra features. It hasn't been updated since 2006. If you only want to write a bit pattern, also look at badblocks.

You can specify a bit pattern:

# dcfldd pattern="00" of=/dev/sda
# dcfldd pattern="FF" of=/dev/sda

shred

Shred comes as part of coreutils. It will overwrite a file with random data.

# shred /dev/sda

badblocks

Badblocks can be used to write to and verify a storage device.

# badblocks -v -w -s -b 4096 -t 0xff /dev/sda

Options are:

  • -v : verbose
  • -w: write
  • -s: show progress
  • -b: block size
  • -t: test pattern

ATA Secure Erase

Modern ATA devices support a security feature which allows for the firmware to initiate a security erase. Depending on the manufacturer and type of media, an ATA secure erase may wipe the entire device or wipe only the encryption key rendering the data unusable as it can no longer be decrypted. For SSDs, both security erase and enhanced security erase will overwrite the encryption key and is the ideal way to wipe a SSD without inducing unnecessary wear.

The following output from a hdparm -I /dev/sdX command on a SSD shows a both a security erase and enhanced secure erase will take 2 minutes.

Security: 
       Master password revision code = 65534
               supported
               enabled
       not     locked
       not     frozen
       not     expired: security count
               supported: enhanced erase
       Security level high
       2min for SECURITY ERASE UNIT. 2min for ENHANCED SECURITY ERASE UNIT.

An enhanced secure erase will overwrite the entire disk several times with a distinct bit pattern including reallocated sectors that have previously triggered an I/O error. However, I have a Hitachi 3TB disk which reports a 508+ minute security erase but only a 2 minute enhanced security erase which suggests an enhanced security erase doesn't overwrite the entire drive for this model.

more than 508min for SECURITY ERASE UNIT. 2min for ENHANCED SECURITY ERASE UNIT.

Doing the erasure

An ATA secure erase can be accomplished with hdparm.

  1. Ensure the device is not frozen. If it is frozen as is the case below, either restart the computer or power cycle the disk (via hibernation or something)
    # hdparm -I /dev/sda
    ...
    Security:
            Master password revision code = 65534
                    supported
            not     enabled
            not     locked
                    frozen
            not     expired: security count
                    supported: enhanced erase
            928min for SECURITY ERASE UNIT. 928min for ENHANCED SECURITY ERASE UNIT.
    
    You can only proceed if you see 'not frozen' like below:
    # hdparm -I /dev/sda
    ...
    Security:
            Master password revision code = 65534
                    supported
                    enabled
            not     locked
            not     frozen
            not     expired: security count
                    supported: enhanced erase
            928min for SECURITY ERASE UNIT. 928min for ENHANCED SECURITY ERASE UNIT.
    
  2. Enable security using hdparm.
    # hdparm --user-master u --security-set-pass password /dev/sda
    
    If you get an error like "SG_IO: bad/missing sense data, sb[]:  70 00 05 00 00 00 00 0a 04 51 40 01 21 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00", then you're possibly in a frozen state and need to power-cycle the hard drive.
  3. Verify security is enabled. It should say "Security level high"
    # hdparm -I /dev/sda
    ...
    Security:
            Master password revision code = 65534
                    supported
                    enabled
            not     locked
            not     frozen
            not     expired: security count
                    supported: enhanced erase
            Security level high
            928min for SECURITY ERASE UNIT. 928min for ENHANCED SECURITY ERASE UNIT.
    
  4. Issue the ATA secure erase command. Use --security-erase-enhanced. The hard drive will stop responding until the erase command completes. You may interrupt the operation by powering off the drive midway through, but the drive will not be completely erased and may remain in a high security level.
    # hdparm --user-master u --security-erase password /dev/sda
    
  5. Once erased, security should be automatically disabled.
    # hdparm -I /dev/sda
    

DBAN

Darik's Boot and Nuke. A live disk which will automatically wipe any connected storage devices. This doesn't appear to be updated anymore and newer hardware might not be supported.

DBAN supports the following wipe methods:

  • Quick Erase
  • Canadian RCMP TSSIT OPS-II Standard Wipe
  • American DoD 5220-22.M Standard Wipe
  • Gutmann Wipe
  • PRNG Stream Wipe

Methods

Here are some common wipe methods explained.

DoD 5220.22-M (C)

The DoD 5220.22-M (C) requires overwriting an entire device with a pseudo-random bit pattern once.

DoD 5220.22-M (E)

The DoD 5220.22-M (E) standard, also referred to as the DoD 3-pass method, requires the following:

  1. Overwrite with binary 0's
  2. Overwrite with binary 1's
  3. Overwrite with a random bit pattern

DoD 5220.22-M ECE

DoD 5220.22-M ECE combines DoD 5220.22-M E, C, and E to form a 7-pass variant.

Canadian RCMP TSSIT OPS-II

The Canadian RCMP TSSIT OPS-II wipe method is a 7-pass process:

  1. Overwrite with binary 0's
  2. Overwrite with binary 1's
  3. Overwrite with binary 0's
  4. Overwrite with binary 1's
  5. Overwrite with binary 0's
  6. Overwrite with binary 1's
  7. Overwrite with a random bit pattern and verify the write

Gutmann

For the overly paranoid, the Gutmann method uses 35-passes using pseudo-random and bit patterns to wipe a device. This is done with the assumption that intelligence agencies can somehow detect the previous bit values using magnetic force microscopes and image analysis.

See: https://en.wikipedia.org/wiki/Gutmann_method

Schneier

A 7-pass method by Bruce Schneier.

  1. Overwrite with binary 1's
  2. Overwrite with binary 0's
  3. Overwrite with a random bit pattern
  4. Overwrite with a random bit pattern
  5. Overwrite with a random bit pattern
  6. Overwrite with a random bit pattern
  7. Overwrite with a random bit pattern

See Also