[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Advice on encrypted filesystem



On 2020-06-27 12:47, David Christensen wrote:

The ATA secure erase command is designed to erase all blocks, both host-accessible and hidden.

STFW, "secure erase" (aka "security erase") is an older feature and may not erase all NAND blocks, just the "mapping table". (When I have done this on my Intel SSD 520 Series devices and then dumped the entire drive with hexdump(1), the host reported all zeroes. But, I have not disassembled a drive, removed the NAND chips, and put them into a NAND chip reader.)


There is a newer feature "sanitize' that is supposed to erase both the mapping table and all data storage NAND blocks:

https://www.micron.com/about/blog/2017/march/how-to-securely-erase-micron-sata-ssds

https://www.diskpart.com/articles/sanitize-or-secure-erase-ssd-4125.html

https://www.microcontrollertips.com/ssds-secure-erase-sanitize-faq/


David


Reply to: