SSD Secure Erase: ATA Commands

TL;DR

This guide shows you how to securely erase an SSD using ATA commands. This is more thorough than simply deleting files or formatting the drive, making it ideal before disposal or resale. We’ll use tools available in Linux.

Prerequisites

• A Linux distribution (e.g., Ubuntu, Fedora).
• Root access (or sudo privileges).
• Identify the SSD you want to erase – be absolutely sure you’ve selected the correct drive! Data loss is permanent.

Step-by-Step Guide

1. Identify Your SSD
• Use lsblk to list block devices. Look for your SSD based on size and model number.

  lsblk

• Example output:

  NAME   MAJ:MIN RM   SIZE RO TYPE MOUNTPOINT
  vda      8:0    0 465.8G  0 disk 
  vda1     8:1    0   512M  0 part /boot/efi
  vda2     8:2    0 465.3G  0 part /

• In this example, vda is the SSD. Double-check!
2. Check ATA Security Support
• Use hdparm to check if your SSD supports security features.

  hdparm -I /dev/vda | grep 'Security'

• Look for lines indicating support for Secure Erase and Enhanced ATA Security. If these are not present, your SSD may not be securely erasable with this method.
3. Set a Password (Required for Secure Erase)
• You need to set a password on the drive before you can initiate a secure erase.

  hdparm --user-master u --security-set-pass your_password /dev/vda

• Replace your_password with a strong password. Remember this password!
4. Initiate Secure Erase
• Use the following command to start the secure erase process.

  hdparm --user-master u --security-erase your_password /dev/vda

• Again, replace your_password with the password you set in the previous step.
• This command can take a significant amount of time (minutes to hours) depending on the SSD’s size and speed. Do not interrupt it!
5. Verify Secure Erase Completion
• After the secure erase completes, check the security status.

  hdparm -I /dev/vda | grep 'Security'

• The output should indicate that the drive is no longer locked and has been erased.
6. Clear Password (Important!)
• Remove the password from the drive after successful erasure.

  hdparm --user-master u --security-disable your_password /dev/vda

• Replace your_password with the password you used earlier.

Important Considerations

• Data Loss: Secure erase is irreversible. Ensure you have backed up any important data before proceeding.
• Drive Compatibility: Not all SSDs support ATA secure erase reliably. Check your drive’s specifications.
• TRIM Command: While TRIM helps with performance, it doesn’t securely erase data. Secure Erase is required for complete sanitization.
• Alternative Tools: If hdparm doesn’t work or you prefer a GUI, consider using tools like Disks (GNOME Disks) which often provide secure erase options.