How to: Secure Erase your Solid State Drive (SSD) with Parted Magic
First off:
Don't do this unless you NEED to. You don't even need to secure erase your SSD when you reinstall. The only reasons to secure erase is if there is a drastic speed decrease from either a hard workload or a TRIMless environment which you need fix quickly or if your SSD is acting up. Otherwise TRIM and garbage collection will take care of everything automatically.
Erasing all the data on the SSD:
It is not safe to use DBAN Nuke or similar on SSDs. First, it's not good for the drive, and second, it wouldn't work properly anyway. Not good for the drive because it writes to the drive too many times. Wouldn't work properly because just like the OS, DBAN and similar cannot control where it writes to on the drive. The SSD's controller is responsible for that, and due to wear leveling algorithms, wouldn't get you the intended results. DBAN in its current state, is not designed for SSDs. It is used for magnetic drives that have a tendency to retain "images" of previously stored magnetic data. It writes (and sometimes overwrites again) data to the drive, and what is called "secure erase" in DBAN, is different than a "secure erase" command issued by a program designed for SSDs. The secure erase command for an SSD is a command that tells the SSD's controller to "flush" all of its stored electrons, that it has trapped, from the individual storage cells. It does not write to the drive in any fashion, like a DBAN secure erase does.With an SSD, all you need is to perform a "secure erase" with the proper software.
Secure Erase and NAND:
To learn about how NAND works at a technical level read this: (link)
Tunneling is used to alter the placement of electrons in the floating gate. An electrical charge is applied to the floating gate. The charge enters the floating gate and drains to a ground. This charge causes the floating-gate transistor to act like an electron gun. The excited electrons are pushed through and trapped on other side of the thin oxide layer, giving it a negative charge. These negatively charged electrons act as a barrier between the control gate and the floating gate. A special device called a cell sensor monitors the level of the charge passing through the floating gate.
NAND flash memory uses floating gate MOSFET transistors. Their default state is when the charge is over the 50%. If the flow through the gate is above the 50% threshold, it has a value of 1. When the charge passing through drops below the 50% threshold, the value changes to 0.
0's are data, 1's is erase....the fundamental laws of MLC NAND dictate this. You only write the 0's when you write data to NAND.
So in an erased state the NAND has to report a 1.
Secure Erase issues the SSD controller firmware's pre-programed ATA Securiy Erase Unit command. It applies a voltage spike at a specific voltage to all of the NAND simultaneously flushing the stored electrons from the flash memory cells, thus cleaning the NAND. Thus, when the Secure Erase command is ran and the voltage to all the NAND is over 50%, all the NAND is set to an erased to a unrecoverable state, speeds are reset to default, and it is in ready to be written to state.
This does use 1 P/E cycle.
↓ More info Below ↓
Disk Drive Secure Erase for User Data: (link)
Secure Erase Q and A: (link)
Parted Magic Free download here: http://www.majorgeeks.com/files/details/parted_magic.html
To Secure Erase Your SSD you will need:
Textual Guide:
Freeze Locked:
Basically "Freeze Locking" your SSD will not let it be allowed to be Secure Erased. If the UEFI/BIOS recognizes the SSD as plugged in at boot up then it will lock it. If you plug in the SSD after the computer is on then it will not be locked and it should be able to be Secure Erased normally.
HDDErase:
Alternatively you can use HDDErase to Secure Erase your SSD.
Quote:
This is another alternative to parted magic.
Info and guides here:
Manufacturer Programs:
SSD manufacturers often have a toolbox which has a secure erase utility built in to wipe their drive. Check the respective manufacturer of your SSD and see if they have something for ya.
Samsung Magician:
When you have a Samsung SSD as a secondary drive you can simply use Samsung Magician in the OS.
First off:
Don't do this unless you NEED to. You don't even need to secure erase your SSD when you reinstall. The only reasons to secure erase is if there is a drastic speed decrease from either a hard workload or a TRIMless environment which you need fix quickly or if your SSD is acting up. Otherwise TRIM and garbage collection will take care of everything automatically.
Erasing all the data on the SSD:
It is not safe to use DBAN Nuke or similar on SSDs. First, it's not good for the drive, and second, it wouldn't work properly anyway. Not good for the drive because it writes to the drive too many times. Wouldn't work properly because just like the OS, DBAN and similar cannot control where it writes to on the drive. The SSD's controller is responsible for that, and due to wear leveling algorithms, wouldn't get you the intended results. DBAN in its current state, is not designed for SSDs. It is used for magnetic drives that have a tendency to retain "images" of previously stored magnetic data. It writes (and sometimes overwrites again) data to the drive, and what is called "secure erase" in DBAN, is different than a "secure erase" command issued by a program designed for SSDs. The secure erase command for an SSD is a command that tells the SSD's controller to "flush" all of its stored electrons, that it has trapped, from the individual storage cells. It does not write to the drive in any fashion, like a DBAN secure erase does.With an SSD, all you need is to perform a "secure erase" with the proper software.
Secure Erase and NAND:
To learn about how NAND works at a technical level read this: (link)
Tunneling is used to alter the placement of electrons in the floating gate. An electrical charge is applied to the floating gate. The charge enters the floating gate and drains to a ground. This charge causes the floating-gate transistor to act like an electron gun. The excited electrons are pushed through and trapped on other side of the thin oxide layer, giving it a negative charge. These negatively charged electrons act as a barrier between the control gate and the floating gate. A special device called a cell sensor monitors the level of the charge passing through the floating gate.
NAND flash memory uses floating gate MOSFET transistors. Their default state is when the charge is over the 50%. If the flow through the gate is above the 50% threshold, it has a value of 1. When the charge passing through drops below the 50% threshold, the value changes to 0.
0's are data, 1's is erase....the fundamental laws of MLC NAND dictate this. You only write the 0's when you write data to NAND.
So in an erased state the NAND has to report a 1.
Secure Erase issues the SSD controller firmware's pre-programed ATA Securiy Erase Unit command. It applies a voltage spike at a specific voltage to all of the NAND simultaneously flushing the stored electrons from the flash memory cells, thus cleaning the NAND. Thus, when the Secure Erase command is ran and the voltage to all the NAND is over 50%, all the NAND is set to an erased to a unrecoverable state, speeds are reset to default, and it is in ready to be written to state.
This does use 1 P/E cycle.
↓ More info Below ↓
Disk Drive Secure Erase for User Data: (link)
Secure Erase Q and A: (link)
Parted Magic Free download here: http://www.majorgeeks.com/files/details/parted_magic.html
To Secure Erase Your SSD you will need:
- To backup any information on the drive you are secure erasing if you want the data back after: (link)
- Download parted magic and make a bootable CD or USB: Parted Magic
Textual Guide:
- Download parted magic and make a bootable CD or USB: Parted Magic
- Once bootable load it and select option 1 (default settings)
- Once booted, at the main screen got to Start > System Tools > Erase Disk
- Now select the "Internal:Secure Erase command writes zeroes to entire data area" option which will write zeroes to your entire data area" option
- Select the disk that you want to secure erase
- If you get a message stating that your SSD drive is "frozen," click the Sleep button to put your PC to sleep, then wake up your system and start over from Step 3. If you don't get this message, move on to Step 7.
- Some drives indicate that they have a password requirement. Leave the password as "NULL" and click OK.
- Now a verify window will pop up, select "Yes" to continue.
Note: If it prompts you to use the "enhanced" or "advanced" method do not use it, click no, it can write random data, and there is also the possibility that it may access parts of the drive that it shouldn't! It is basically an experimental, non-regulated setting that is meant to be "more secure."
- This shouldn't take long on your SSD, most likely only a few seconds. Now you are done.
Freeze Locked:
Basically "Freeze Locking" your SSD will not let it be allowed to be Secure Erased. If the UEFI/BIOS recognizes the SSD as plugged in at boot up then it will lock it. If you plug in the SSD after the computer is on then it will not be locked and it should be able to be Secure Erased normally.
- If your SSD is being "Freeze Locked" or not showing up then try this:
You will get an option to put the PC to sleep, try that first then try to Secure Erase again
- If that still does not work:
When you put the PC into sleep mode make sure you have any USB devices unplugged from the system and the Parted Magic USB/Live CD as well.
- If that doesn't work try below on top of the other suggestions:
- Reboot
- Enable AHCI mode in the UEFI/BIOS and "hot swap" on the SATA ports
- Save & exit
- Turn off the computer
- Unplug EVERYTHING on your SATA ports except for your CD/DVD drive
- Turn on and boot to Parted Magic
- When in the main GUI plug your SSD into a normal SATA 2 port
HDDErase:
Alternatively you can use HDDErase to Secure Erase your SSD.
Quote:
hdparm:Quote:
If the #'s and letter freeze for a few minutes it means there is a hardware incompatibility and you should try to disconnect any excess hardware such as sound cards, PCI cards, etc.Originally Posted by meloj17
One question guys, does the loading take more than 15 minutes because all I see is black and a bunch of white letters and numbers?
Also you can try HDDErase instead of parted magic: http://forums.crucial.com/t5/Solid-State-Drives-SSD/Secure-Erase-Program/m-p/62531#M19287
This is another alternative to parted magic.
Info and guides here:
- http://tinyapps.org/docs/wipe_drives_hdparm.html
- http://www.ocztechnologyforum.com/forum/showthread.php?76612-Secure-Erase-From-Within-Linux-For-Windows-Users
Manufacturer Programs:
SSD manufacturers often have a toolbox which has a secure erase utility built in to wipe their drive. Check the respective manufacturer of your SSD and see if they have something for ya.
Samsung Magician:
When you have a Samsung SSD as a secondary drive you can simply use Samsung Magician in the OS.
- Open Magician
- Go to the secure erase section
- Start the secure erase
- All done, that was easy right?
- Open disk management to format and assign a letter to your drive
