3

I would like to securely erase the hard drive of a SSD in a MacBook Pro. The Disk Utility does not give me the option to wipe this drive even when I boot into the System Partition. (it is greyed out).

When I called Apple Tech support they said

"Secure erase is likely disabled because it will cause undue wear on the hard drive, and reduce its life"

I did notice that I am able to wipe the drive using terminal diskutil and had the following options:

Note: Level 2,3, or 4 secure erases can take an extremely long time.

0 - Single-pass zeros
1 - Single-pass random numbers.
2 - US DoD 7 pass secure erase
3 - Gutmann algorithm 35 pass secure erase
4 - US DoE 3-pass secure erase.

Question

What level of secure erase is sufficient when deploying the machine internally? ... or for sale on EBay?

How much of the hard drives' lifespan is reduced when using each of the wipe options?

CodesInChaos
  • 11,854
  • 2
  • 40
  • 50
makerofthings7
  • 50,090
  • 54
  • 250
  • 536
  • 1
    You asked two questions and I feel the one on HDD lifespan is off-topic. – Shurmajee Jun 18 '13 at 13:06
  • 3
    Here's a question on wiping SSDs that already has an answer. http://security.stackexchange.com/questions/12503/can-wiped-ssd-data-be-recovered – Xander Jun 18 '13 at 13:36
  • Here is the official NIST paper on wiping various media. http://csrc.nist.gov/publications/nistpubs/800-88/NISTSP800-88_with-errata.pdf While it doesn't specifically mention SSDs, it does mention flash media in different forms. The value of this paper is in thinking about the value of what was on the drive compared to how you're going to dispose of it. – John Deters Jun 19 '13 at 02:07
  • Also, a wiping pass will not cost much in terms of drive life. The figures for 1,000,000 write life(or whatever) are for a specific bit. If you are writing all the bits on a single pass, it won't appreciably wear too many out. Wear leveling keeps the directory blocks sliding around. But you need an actual file allocating and overwriting tool, like sdelete, and not just an ordinary tool trying to wipe block after block. The concept of "block" in wear-leveling-SSD-land is not fixed in position. – John Deters Jun 19 '13 at 02:15

1 Answers1

2

There are a few problems with secure erasing SSDs. Sometimes the blocks are unassigned, but the data is still available if people where to dig into it at a lower level. Also studies have shown that secure erase ATA commands are often poorly implemented and as one article states on Arstechnica:

Basically, the issue with SSDs is this—let's say your SSD is a pirate, and your data is buried treasure. If you tell an SSD pirate to make his buried treasure disappear, all he really does is burn the treasure map. The buried treasure is still out there for someone to find if they know where to look. This isn't the case for all SSDs in the long term, but it is the case for all of them in the short term.

What seems to be the consensus is that you have to encrypt your hard drive and then zero it. The life span can be impacted and reduced by maybe 10 to 25 percent, ( and this is not from one time obviously but continuous, heavy strain) however lifespan is normally rated at about 10 years. So realize that by the time it dies you will probably have already bought a new one for other reasons. Also note that you will still be able to read the drive, just writing will not work anymore.

Community
  • 1
Lucas Kauffman
  • 54,169
  • 17
  • 112
  • 196