Re: Wiping hard drives

[Martin Steigerwald <Martin@lichtvoll.de>]

Am Mittwoch, 14. September 2011 schrieb yudi v:
> > For SSDs or harddisk which do encryption internally - with or without
> > encryption password in BIOS - an ATA Secure Erase should be enough:
> > 
> > http://ata.wiki.kernel.org/index.php/ATA_Secure_Erase
> > 
> > Search "site:kernel.org secure erase" on Google and use webcache as
> > long as kernel.org is down.
> > 
> > I wiped a Windows 7 installation very quickly from the Intel SSD 320
> > in my new ThinkPad T520. Had to plug in the SSD externally tough, as
> > the BIOS froze security settings and disabled secure erase for the
> > internel drive.
> > 
> > An ATA Secure Erase does not need much write accesses, which is great
> > for SSDs: The drive just forgets the key and then is not able to
> > encrypt the old data anymore.
> 
> Excellent info. Can't believe this is in use since 2001 and this is the
> first time I am hearing about it. Thank you very much for sharing.
> 
> USA's NIST considers it to be on par with degaussing.
> 
> My HDD even supports enhanced erase, my laptop BIOS locks the drive I
> need to figure out how to unlock it.
> 
> Security:
>         supported
>     not    enabled
>     not    locked
>         frozen
>     not    expired: security count
>         supported: enhanced erase

I used an external USB/eSATA case hooked up via eSATA and then bootet 
GRML. The BIOS did not protect the external drive and I was able to 
transfer the ATA Secure Command via eSATA. I bet it might not work via USB 
tough.

Tough my SSD also reports SECURITY ERASE UNIT, does your HDD have that 
too?

merkaba:~> hdparm -I /dev/sda | grep -i erase
                supported: enhanced erase
        2min for SECURITY ERASE UNIT. 2min for ENHANCED SECURITY ERASE 
UNIT.

-- 
Martin 'Helios' Steigerwald - http://www.Lichtvoll.de
GPG: 03B0 0D6C 0040 0710 4AFA  B82F 991B EAAC A599 84C7