0

If an SSD uses TRIM such as a Mac with TRIM support when it deletes files, I've been told that it is completely unrecoverable. Therefore, is it ever really better protection to physically destroy the SSD to protect one's data?

sangstar
  • 13
  • 2

2 Answers2

1

There are a couple reasons you might still want to physically destroy a drive instead of relying on TRIM:

  • The OS may or may not have implemented TRIM correctly. Linux in particular can require a decent amount of configuration to get TRIM to work properly in all cases.
  • The SSD may or may not have implemented TRIM correctly or at all. The feature is optional, and due to the significant number of security vulnerabilities in disk firmware relating to encryption, it's probably not prudent to place significant amounts of trust in SSD firmware when it comes to security.
  • There may be sensitive regions of the disk, such as filename tables, that tend to get overwritten and don't get TRIM called on them.
  • SSDs don't necessarily overwrite data. They contain wear-leveling algorithms that may write data to different places, and it's possible that old data may remain available.
  • Physical destruction is guaranteed, and TRIM is not. Destroying the drive is generally cheap and easy and is, in any event, much, much cheaper and easier than dealing with a data breach.

If you'd like to reuse the disk, it's better just to encrypt the entire disk with a strong algorithm (such as AES-256-XTS) and then you can overwrite the segments of the disk with the parameter block by writing zeros to it. Once the parameter block is gone, the key is gone, and the data will be functionally unrecoverable unless the parameter block is backed up. However, this is still subject to the same limitations of wear-leveling algorithms and potential backups, so it carries some risk.

bk2204
  • 7,828
  • 16
  • 15
  • Does Mac configure TRIM correctly? – sangstar Jul 01 '21 at 23:16
  • I assume so, but I haven't audited the code and so I don't know for certain. I always use full-disk encryption, so if I were getting rid of a Mac, I'd at least overwrite the encryption parameter block; I wouldn't rely on TRIM. – bk2204 Jul 01 '21 at 23:33
  • I think the last point is very important: Consider what is cheaper? Destroying a 200 USD SSD or having a breach with damages of 2,000,000 USD. –  Jul 02 '21 at 11:50
  • @sangstar No it does not, unfortunately. macOS only enables TRIM for Apple-branded SSDs. If you have a third party SSD you can use trimforce to turn it back on, but most people won't be aware of this. – Michael Hampton Sep 12 '21 at 13:27
0

TRIM is not designed to erase data, and very likely does not at all. TRIM is designed to assist in wear leveling, and thus should not trigger extra writes to the TRIMed cell.

The standard says that reading a block that has been TRIMed gives undefined results -- likely, this is zeros, but it could be the original data, at least until the device decides to reallocate and reuse the block.

Even if a device does return zeros after a TRIM, it probably just marked the block as free and didn't actually erase the data in the cells. Data from that is "unrecoverable" in the sense that it can't be recovered by normal means. However, it might be possible to hack the firmware on the device to return all the data from TRIMed cells.

user10489
  • 1,217
  • 1
  • 3
  • 13