Tuesday, September 27, 2011

Easily Secure Erase an SSD (alternate to HDDerase.exe)

EDIT: OCZ have their own secure erasing and firmware updating Linux distro now, and have a great 'how too' on their forums. Check it out here

I was recently looking for a way to run a Secure Erase command on my SSD to ensure its performance wasn't being hampered. I tried a ton of different ways (including HDDerase.exe and hdparm) but all failed due to the security on my mother board (and laptop) that stops certain harmful commands like Secure Erase being issued to a hard drive.

If you don't know what performance issues I'm referring too then you should stop and do a little reading. AnandTech has a great article on it here, and just to be clear this post has nothing to do with data security on SSD's, its only about performance.

If you're like me and have had trouble finding an easy solution to issuing a secure erase command to your SSD's controller then this might be a solution for you.

You will need Parted Magic for this (free and opensource), and obviously ability to boot to it. I used 6.6 from a CDRom but I'm positive it will work just as well from any other version and any other medium (USB, network).

Warning, this will completely erase your drive, be careful! If you have important data on other drives in the same system then it you should probably unplug them, just in case :)

1. When booted, hit the menu button in the bottom left, head to System Tools and then Erase Disk 

2. A menu will be displayed like the picture below. You want to choose Internal:Secure Erase command writes zeroes to entire data area (Parted Magic is using hdparm to perform this)

3. Choose your disk


4. Here is the tricky that Parted Magic handles much better than the rest of the utilities out there. You need to tell the computer to Sleep so that, when it wakes, the drives security will be unfrozen.

5. Wake the computer up, go through 1, 2 and 3 and you should have a different menu instead of what was displayed in 4. If you don't, then run through the process again. If that doesn't work then your system may be e a little more secure then most and this probably wont work. Don't change the password, just leave it as NULL (unless you know what you are doing of course)

6. Confirm the erase

7. And your done, and yes, it is normal for it to only take a couple of seconds. On a normal platter hard drive it would take longer, but this is normal for an SSD. Its faster because basically SECURE ERASE command just resets the SSD's controller instead of erasing each sector, like it would on a platter based drive. If it take longer than 30 seconds you have an problem or you have chosen a platter drive.

8. Jump into GParted to confirm your that the erase has worked, your should have an entirely blank SSD. If it still has a partition then the Secure Erase command hasn't worked or you have erase the wrong drive. 

This is a really easy, GUI way to use hdparm utility to issue Secure Erase command, and the 'sleep' trick seems to work on everything I've tried (ASUS P5KC, MacBook Pro 6.2). 

Sorry for the bad photos, I did this in a rush.