90

I'm selling a computer with an SSD (it's a Lenovo ThinkPad Carbon X1). I wiped the drive using Parted Magic. I used the ATA method. I'm not sure what that is but it was the only setting available. It said it would take two minutes but the wipe was done in a few seconds. Is this expected behavior? It's not a major issue as the drive was encrypted with VeraCrypt, but I'm curious for future reference.

forest
  • 64,616
  • 20
  • 206
  • 257
user1102550
  • 981
  • 1
  • 10
  • 15
  • 14
    Since you mention that you encrypted the drive with VeraCrypt: the implementation of the Seure Wipe is in fact *exactly* the same as if you forgot your VeraCrypt passphrase. The data is rendered unreadable *without* having to delete it. The drive simply "forgets" its key. – Jörg W Mittag Apr 09 '18 at 13:34
  • 9
    Two seconds is more like it. But the field in the ATA spec where the drive gives an estimate of how long a secure erase takes is specified in minutes. This is a throwback to when most all media was rotational. – Michael Hampton Apr 09 '18 at 18:10

1 Answers1

166

Modern SSDs use a technology called SED which allows instant erasure. It works by transparently encrypting the entire drive and keeping the key on the drive. ATA Secure Erase is then implemented by wiping the key alone, which renders the rest of the data immediately unreadable (assuming of course that it has been correctly implemented on that particular storage device). The reason two minutes specifically is quoted is because it is the minimum value the ATA protocol can report.

But note a potential caveat: Recovery of EEPROM data after bulk erase operation

forest
  • 64,616
  • 20
  • 206
  • 257
  • 34
    It's worth to note that this technique works only if the original key was proper and randomly chosen. Which is not always the case. – Agent_L Apr 09 '18 at 14:19
  • Isn't two minutes the **maximum** value? https://ata.wiki.kernel.org/index.php/ATA_Secure_Erase#Command_time-out_during_erase_with_larger_drives - it cannot be higher than 2 minutes... – Mindwin Apr 09 '18 at 18:22
  • 1
    @Mindwin That says that older versions of hdparm **artificially** limited secure erase to 2 **hours**. Earlier on the page, it says "a 1TB hard disk it might take 3 hours or more!" – jaxad0127 Apr 09 '18 at 19:35
  • 1
    @Agent_L For the Opal standard at least, the key is required to be made with an HWRNG. – forest Apr 10 '18 at 01:01
  • 6
    @forest There were numerous cases when a product was shipped with all-zero key. SSD on arrival should be assumed as poorly initialized unless proven otherwise. Just because a requirement exists doesn't mean that the manufacturer was successful in implementing it, an audit is necessary to prove it. – Agent_L Apr 12 '18 at 08:08
  • 5
    @forest AFAIR it was few years ago, well after Opal. Opal is a set of specifications. One can try to implement them but one can always fail. There are Opal test cases, but there is no certification, so you can't even look for "ssd with Opal TCG certificate". The only way to be sure is to reinitialize your drive on arrival. – Agent_L Apr 26 '18 at 09:14