Secure Erasing

Shredding devices and files

With shred

The following writes zeros to /dev/sda

shred -vz -n0 /dev/sda

It is faster than using /dev/zero as --random-source:

# don't use this
shred -v -n1 --random-source=/dev/null /dev/sda

Shred uses an internel pseudo random generator which is faster than using /dev/urandom. Also overwriting data once is usually sufficient today.

shred -v -n1 /dev/sda

SSDs

Secure erase with hdparm. See ata wiki. Also see Solid State Drive/Memory cell clearing

hdparm -I /dev/sda

make sure the device is - not frozen

If it is frozen, send system to sleep and wake it up. Check status again

echo -n mem > /sys/power/state

Then we set a security user password

hdparm --user-master u --security-set-pass pass /dev/sda
# Make sure that it says `enabled` in the Security category
hdparm -I /dev/sda

Check if the device supports the "enhanced security erase"

Security:
...
        not     expired: security count
                supported: enhanced erase
        4min for SECURITY ERASE UNIT. 8min for ENHANCED SECURITY ERASE UNIT.
...

Issue the ATA Secure erase command

time hdparm --user-master u --security-erase pass /dev/sda

# If device supports "Enhanced security erase" use
time hdparm --user-master u --security-erase-enhanced pass /dev/sda

Now the "Security" feature should be disabled again. Check with hdparm -I /dev/sda (should display not enabled)