Secure erasure of data disks - TUXEDO Computers

Secure deletion of harddrives, ssds and other data storage devices protects your privacy and is partly subject to legal regulations in the company. We explain how it works.

Secure erasure of harddrives and ssds

If you delete data files on your PC, notebook or smartphone using the operating system tools, the files and their data are not irretrievably lost. Usually they can be recovered without too much effort. There are plenty of instructions for this on the web.

When deleting, only the references to the data in the index, the table of contents of the hard disk, are deleted and the area is released for overwriting. The overwriting of the now free area may happen much later. Until then, the data or parts of it can be recovered.

Even formatting or partitioning a disk does not necessarily ensure that the data cannot be recovered. Conventional formatting (fast high-level formatting), on the other hand, merely deletes the table of contents and replaces it with a new one; the data is still on the disk.

To ensure that the data on your disks is erased in such a way that there is no chance of recovery, you must ensure that the disk is overwritten, preferably several times, with specific or random characters.

When to erase storage media irretrievably?

A storage device should be securely deleted when you remove it from your personal environment. For example, because you want to sell it, give it away or donate it, or return a device to the manufacturer. The best way to do this is to use specialized tools that reliably overwrite the data.

If this involves the data medium that houses the operating system, it is important that the software you use to erase it is started from a bootable medium such as a CD or a USB thumb drive. Otherwise, the entire data medium cannot be safely overwritten.

When such software is started from the operating system during runtime, the Windows recovery partition, for example, will not be overwritten. As an alternative to a live medium, you can remove the storage devide and install it in another device and delete it from there.

Differences between HDD, SSD and NVMe

When proceeding to securely erase hard disks, differences in the procedure and the programs used between HDD, SSD and NVMe must be taken into account. General differences between these data carriers are explained in the article HDD, SSD or NVMe Which data carrier for which purpose.

Secure Erase: HDD and SSD with SATA connection

A tool for securely erasing disks is already on board with every Linux installation: dd. Start a live environment with the ISO of TUXEDO OS or another distribution and determine the device id in the first step with the command lsblk.

lsblk
(out)NAME        MAJ:MIN RM   SIZE RO TYPE MOUNTPOINTS
(out)sda           8:0    0 232,9G  0 disk
(out)└─sda1        8:1    0 232,9G  0 part /media/ft/mini-ssd1
(out)sdb           8:16   0 232,9G  0 disk
(out)└─sdb1        8:17   0 232,9G  0 part /media/ft/c578fee0-643e-49c6-bbc5-09b828cd385f1
(out)nvme0n1     259:0    0 931,5G  0 disk
(out)├─nvme0n1p1 259:1    0   529M  0 part
(out)├─nvme0n1p2 259:2    0   100M  0 part
(out)├─nvme0n1p3 259:3    0    16M  0 part
(out)├─nvme0n1p4 259:4    0 149,6G  0 part
(out)└─nvme0n1p5 259:5    0 781,2G  0 part /

The exemplary output lists three disks: sda and sdb are hard disks, connected via the SATA port. It does not matter for secure erasure whether it is a mechanical HDD or an SSD as long as it uses the SATA protocol.

Based on the output, you should be able to determine the identifier of the HDD to be erased. Next, make sure that the disk is not mounted. You can do this in a file manager or on the command line. Replace the X in the path of the commands with the correct identifier from the above output.

sudo umount /dev/sdX   # (or /dev/nvme0nX if you want to address a NVMe)

Then, in our case, the dd tool comes into play for sda or sdb: Depending on the size of the storage device, the process can take quite a long time, since the command overwrites each bit of the disk with random characters. Therefore, you should let the process run about overnight – make sure that the computer does not automatically go into standby.

sudo dd if=/dev/urandom of=/dev/sdX bs=1

Why overwriting with zeros is not sufficient for secure deletion is explained in this article. In addition to Dd, there is also the command shred for the command line, which is also already present in TUXEDO OS and most other distributions. The use is simple:

shred -vfz -n 3 /dev/sda

The option n 3 tells the command to overwrite the disk, here /dev/sda, three times with random numbers. The switch -z initiates another pass that fills the disk with zeros. This disguises the fact that data has been erased. The parameter -v then shows a progress bar. Shred is much faster than Dd. However, the following also applies here: Secure deletion of a complete volume is only possible if the tool is started in a live session.

Secure Erase: NVMe SSDs

These SSDs work with the NVMe protocol and are connected via PCI Express without the need for manufacturer-specific drivers. While there are tools provided by the respective manufacturer for the management of NVMe SSDs for Windows, the nvme-cli package is used under Linux.

The package contains a large number of individual commands. You can display these with nvme help. For safe deletion you need the command nvme sanitize. In the first step, use nvme list to determine the device ID of the volume to be erased. A possible output looks like this:

sudo nvme list
(out)Node                  SN                   Model          Namespace Usage                      Format           FW Rev  
(out)--------------------- -------------------- -------------- --------- -------------------------- ---------------- --------
(out)/dev/nvme0n1          1932822900012855056C Force MP600    1          1,00  TB /   1,00  TB     512   B +  0 B   EGFM11.2

After that, use the identifier to determine the SSD’s capabilities:

sudo nvme id-ctrl /dev/nvme0n1 -H | egrep "Sanitize"
(out)  29:29 : 0   No-Deallocate After Sanitize bit in Sanitize command Supported
(out)    2:2 : 0   Overwrite Sanitize Operation Not Supported
(out)    1:1 : 0   Block Erase Sanitize Operation Supported
(out)    0:0 : 0   Crypto Erase Sanitize Operation Not Supported

In this case, the firmware of the disk supports the Block Erase function. Other NVMe SSDs offer other routines for erasing the stored contents. In our example, you initiate the erase with the following command.

nvme sanitize -a 2 /dev/nvme0n1

You can check the status with:

nvme sanitize-log /dev/nvme0n1

If you prefer an application with a graphic interface, you can use the proven open source tool Parted Magic. The download of the ready-to-use ISO image costs 15 Euros in the cheapest variant. The Erase Disk tool is included, which is divided into Secure Erase ATA Devices for SATA and NVMe Secure Erase and thus covers both areas.

Physically destroy data medium

If the data medium is to be disposed of, it can alternatively be physically destroyed. For household use, the use of a hammer should do the task. If, on the other hand, the storage devices of self-employed persons, companies or authorities are to be securely deleted, this is not sufficient.

Large companies have collection garbage cans for this purpose, which hold the data media until a specialized company collects them and destroys them in a shredder in accordance with DIN 66399. Afterwards, the customer receives a certificate of destruction, which serves as proof of data protection-compliant data media destruction.