Secure Erase your SSD

Written by Panos Georgiadis on July 17, 2012. Posted in Hardware Linux, Linux tutorials

The SSD drives have already hit the market and their arena is shaping up to be fierce with a lot of players. For those who have never heard of the SSD technology, here is a brief explanation: The SSD (Solid State Drive) is another storage unit for your computer, similar to your hard drive – but zillions times faster!Yes sir, not mechanical components here, so if you look under the hood of your SSD, you won’t find any magnetic head & platters, but just a plain PCB board. This means huge read/write transfer rate for your data (eg OCZ Revodrive3 X2 operates at ~900mb/s, while a typical WD Green at 110mb/s max).

Before you crack a big smile, let me remind you what Ben Parker said to Peter: “With Great Power comes Great Responsibility”. In other words, this hell-of-a-speed data flow comes with a price – its limited lifespan. If you are careless enough, then your brand-new Vertex 4 SSD will probably degrade its perforamance and kiss its speed goodbye. Thus, you need to be well-informed about whether you should enable or not certain “hacks” to your Linux distribution. The most common mistake that new SSD users tend to make is installing a new Linux distro or replacing the current one without secure erase it first.

Look inside of an SSD drive

Okay, suppose you have Slackware or whatever Linux distro you like. Then, something happens and you decide that this distro is not suitable for you, so you want to replace it. The typical process will be downloading the CD/USB, booting from the media, running the installer and after several next-clicks you have to choose where to install it.

As you can see from the print-screen above, even the the most user-friendly distributions like Ubuntu, have no Secure Erase option. Thus, they treat your SSD as a normal hard drive writing zeros everywhere.

The more you read and write from/into your SSD, the more you lose from its performance. So please DO NOT FORMAT your SSD drive, because you are killing its performance. The majority of users, install their Operating System into their SSD and have separate drives for their applications and downloads (for example, the most common choice is to have another drive for /home directory). Thus, partitioning is not recommended because of SSD limited capacity.

So how to Secure Erase your SSD drive ?

We are going to use any Linux BootCD that has HDParm utility ready to use, such as an Ubuntu liveCD. In case you are not aware of your drive’s path (/dev/sda, sdb, sdc erc), please remove all your SATA cables and leave only the SSD cable plugged in. Then boot from your BootCD and run GParted in order to identify its directory (it will probably be /dev/sda).

Open the Terminal and please type:

sudo hdparm -I /dev/sda

Okay, now scroll down and check if your SSD is frozen. If you ‘re unlucky, then it’s gonna be frozen :(

Security: supported

not enabled

not locked

frozen

not expired: security count

not supported: enhanced erase

In order to Secure Erase your SSD you need to defroze it first. But keep in mind that the following procedure requires a minimum of hardware experience. It’s a child’s play in the hands of advanced users who already have the experience of re-installing hardware. If you are newbie, please be careful here. Using the manual and our helpful instructions, there is no doubt that you will accomplish this task quite easily. To do this, unplug the SATA cable from the SSD’s backport and then plug it back in, while your computer is still running. If it is still frozen, then repeat the procedure using the power cable (instead of the SATA).

Try different configurations until you manage to defroze your disk. Finally, your output will be similar to this:

Security: supported

not enabled

not locked

not frozen

not expired: security count

not supported: enhanced erase

Okay, now we are able to tweak your SSD disk. If you are ready to Secure Erase this little fellow made of NAND gates, please type the following command:

sudo hdparm --security-erase NULL /dev/sda

Finally your output should be similar to this:

ubuntu@ubuntu:~$ sudo hdparm --security-erase NULL

/dev/sda security_password=""

/dev/sdb: Issuing SECURITY_ERASE command,

password="", user=master

Congratulations! You ‘ve made it. Now, your SSD will maintain its speed performance. However, after some time there will be some degradation which is inevitable due to flash NAND memory behavior. Off the record, I was lucky enough to test and review several SSD drives during the past three years, from Intel to OCZ and G.Skill. I have to tell you my Unixmen friends that every single time I had to Secure Erase these little beasts in order to hit the best benchmark score for the review. So, if you feel unhappy spending $200-400 contrary to your SSD’s performance, try to Secure Erase it and who knows … you may unleash its hidden potential.

For questions please refer to our Q/A forum at : http://ask.unixmen.com

Hardware

Secure Erase

SSD

13 Comment(s)

Pingback: Computers | Pearltrees
Worblux

While you have the drive unfrozen, might as well look to see if there are firmware updates available.
Vagelis Giannadakis

I’m sorry, but you are ill-informed and are just ill-informing everyone not-knowledgeable with SSDs and Linux.

First, a secure erase is one of the WORST things you can do to your SSD! A secure erase performs a write on every erase block of the SSD. It’s like filling-up your SSD with data up to the last byte! The only difference is that the SSD controller regards all the erase blocks as empty, so it’s like the SSD is new, but in reality it’s significantly older, as the full capacity write normally happens during some months of real use.

PLEASE, ONLY do a secure erase when either DUMPING the drive or giving it to someone else and you’re concerned about your sensitive data!!

Second, whatever OS one chooses to put on a SSD, it is important that it supports TRIM. It is TRIM that prolongs the life of the drive and allows its controller to uniformly spread the writes to all the erase blocks of the SSD.

Third, a format will most DEFINITELY NOT write zeros over a partition! That’s super-old-school FAT stuff, that even it, in its newer incarnations, is not doing. File systems’ format processes these days just create the structures they need.

Fourth, there are currently two FSs you can use with SSDs on Linux, EXT4 and BTRFS. That’s because they’re the only ones that support TRIM. Now I haven’t tried BTRFS, but EXT4′s format program (mke2fs) does recognize the device is solid-state and issues a TRIM over the entire partition. That’s the proper and only needed step to do when formating a partition. Everything else will be done by the SSD controller.

You mention in your article that a secure erase is what you do to measure the full speed of your SSDs. Yes, a secure erase will bring back the lost performance. But it will also kill your SSD faster! With each secure erase you do, the performance benefits will last for a shorter and shorter time! Benchmarks on top of that will suck the life out of them. I wonder how many SSDs you’ve killed this way!

Please read more, get educated more, THEN write articles!
- http://www.osarena.org/ Panos Georgiadis
  
  Okay, I suppose Intel, G.Skill and OCZ have trusted the wrong guy for their official reviews during the past three years. yeah that’s me – the uneducated man:P Since you’re a Greek my friend, have a taste from my inexperience in hardware http://www.youtube.com/watch?v=M_oT-0foPfQ and please judge me later :)
  
  I mention that SSD comes with a price – the culprit for MLC is its limited lifespan. So, how long will it really last? Well, reading the specs and doing the maths in theory, you can answer this question by giving me the MTBF number (Mean Time Before Failure). Although, the true is that only the future will tell … ’cause these numbers mean nothing. So, predicting the life expectancy of an SSD remains a gamble.
  
  TRIM in Linux? Even Joker can’t laugh that hard. There are some kind of experimental stuff using BTRFS but using ext4 along with TRIM hacks ‘n forks found in Google, I’ve never seen real TRIM support in Linux. Maybe Enterprise distros but again… it’s not like Windows… sad but true.
  
  Personally I don’t like the new 25nm NAND FLASH memories, because their overall lifespan of the ICs has been reduced from 10.000 towards 5,000 program/erase cycles. In daily use scenario this will be reduced even more, let’s say about 3000 program/erase cycles. So let’s see our options here, shall we ?
  
  The SandForce controller (I mean the SF-2281), enforces a trick as they can write to the FLASH memory less than the competition needs to by using real time compression. The SF controllers store a representation of your data but not the actual data itself. The competition (Indilinx) works with a large memory cache, whereas SandForce uses a segment of the NAND flash (as an extra cache). That’s an essential difference really as it’ll leave more space/volume available on the Indilinx drives.
  
  Now if someone gets too worried about lifespan, feel free to buy an SLC model. SLC is faster, and has around ~100,000 up-to 1 million write cycle, while MLC SSDs are cheaper and less reliable.Eventually, if you change distros like T-Shirts and formating your SSD every week then it’s gonna fail anytime soon, using secure erase or mkd2fs either. Yes, secure erase is killing the drive faster, yes benchmarks do so, but in the very end any SSD outhere will last LONGER than any HDD. So, from my point of view, if you format your primary Operating System annualy or if you feel a little bit slower than before, then do Secure Erase in order to get its hidden speed back. You don’t buy an SSD for it’s life expectancy or securing your data, there are BlackCaviars and Raid 0 for that matters. Your buy an SSD for its Speed.
  
  So if you want to format your primary OS disk every week or month, then ask yourself why on Earth did you buy an SSD on the first place :)
  
  Cheers
  - Noboubt12
    
    Since when Intel has official reviews? None manufacturer hasn’t official reviews but some -no accurate- benchmarks.
    - http://www.osarena.org/ Panos Georgiadis
      
      I mean they prublshed my reviews into their PR such as trusted articles for promoting their products ;)
  - Vagelis Giannadakis
    
    I don’t care about your reviews. They are performance-oriented, clearly NOT reliability-oriented. Do the names AnandTech and TomsHardware say anything to you? If yes, then you probably only read them for graphics cards and gaming… Guess what? They ALSO talk about SSD reliability!
    
    What I do care about, is that you’re “advising” your readers to cut slices off their drives’ life with secure erase. This is the reason I was initially harsh on you, your act of misinforming. Your reply doesn’t make things better.
    
    TRIM support is experimental in Linux???
    
    Any SSD will last LONGER than any HDD?????
    
    Your reply is further proof of your lack of knowledge on the subject of SSD, Linux and even baseline research. It’s amazing how easy someone can act like they’re “experts” in this age and this medium…
    - http://www.osarena.org/ Panos Georgiadis
      
      Hard drives: have moving parts, so they can die suddenly.
      
      Solid-state drives: they start to die in certain places after a lot of re-writes. Conclusion:
      SSDs are definitely more reliable than hard drives if you treat the properly, based on today’s limited backup for such a claim.
      
      Marketing-wise, manufacturers make SSDs as reliable as economically feasible. If they use more reliable NANDs, the cost will go much higher for the average computer customer to pay for. So their current target is enthusiast/gamers group and not the enterprise domain. Thus, nowadays people buy SSD for its speed, not its reliability. It’s the best upgrade for your old Desktop PC actually.
      
      In a couple of years, when better NAND flash chips and controllers will be used (at normal price) then we will start off to consider reliability as a key factor for SSDs market. But right now, all the marketing and hypes tell us stories only for their fast response times.
      
      All newer versions of Ubuntu/Fedora/OpenSUSE etc come with a kernel which supports TRIM but you will have to manually activate it.. Run some benchmarks and see it for urself…that TRIM doesn’t work good enough to name it rock stable yet -thats why Linux can’t detect your SSD and enable TRIM automatically ;).Even Intel Smart SSD Caching in not supported in Linux.btw TomsHardware and Anandtech are 99% Windows and 1% Linux oriented. But, hey — even Tom justifies my words about SSD reliability over HDD (see the image below).Again, if you want to talk about reliability and life expectancy issues, there is not futile SSD ground. We need to wait a couple of years and then return back to that discussion. For the time being, when I want my speed back, I secure erase this little fellow. Right or wrong? Only time will tell. Wir mussen wissen. Wir werden wissen!
      
      Cheers
- Basil Kurian
  
  ++1
Basil Kurian

Please don’t write articles about things that you don’t know.
Pingback: Secure SSD erasure « 0ddn1x: tricks with *nix
http://twitter.com/jackiass Jacki Ass

If you go to the OCZ forums, you will see them warn you to NEVER do a secure erase on your SSD. They have a tool for it themselves that you should use, if necessary. They also do not advocate the use of TRIM (at least with the never drives), as GC is already doing the job, so that would double the work load on the disk for no reason.
Ryan

Wow, can’t believe these comments. You all have done zero research. Below is a quote by an OCZ employee:

“Secure Erase doesn’t write zeros to a SSD. The actual
process only takes a few hundred milliseconds applying a high voltage to the
substrate.”

It’s well known that secure erase on a SSD is NOT the same as secure erase on a mechanical HD. The fact you people can’t do simple research astounds me.

The only thing I would recommend adding to the article is the fact you sometimes need to set a password before secure erasing (http://mackonsti.wordpress.com/2011/11/22/ssd-secure-erase-ata-command/). Otherwise, thanks for the information!

pigmej

June 18, 2013 | #

Just one thing:

What about pep8 in your python code ? How can you give ‘tutorials’ on quite popular website, of such a bad quality ?

Amit Rai

I just renamed shared.xml and it logged in and created a new shared.xml.

DB Griffin

Larry Page is not being completely honest! The manner in which the PRISM program/project works does not need access from company administrators or owners, so called “direct access”; the access to the information is already there. These tech company CEOs take for granted the actual intelligence of most end users of their products. All it takes is a little digging and reading to go from ignorant to informed on these things especially on exactly how the internet works/functions in the U.S.A. I find Larry Page’s remarks just as laughable as Al Gore’s claim to “inventing” the internet/world wide web!

If you, as an end user, are reading this post; I challenge you to research these matters yourself. It really is quite simple with all the “information sites” that exist on the web today ie Wikipedia, & other online encyclopedias that actually list source material, as well as highly respected tech sites and blogs that also list their source material. Be warned: this is only the tip of the iceberg and these tech CEOs know and understand this; they are scrambling in attempt to perform DAMAGE CONTROL to save the company and what little trust thay have left from their products end users/consumers.

Am I a skeptic? I believe someone has to be or needs to be at this point in time! If your not just a little skeptical of the government, tech companies, and the people that are in charge of these agencies and companies; you need to be, even if just a little skeptic. For your own personal protection and security! I know I was a part of this community for over 14 years!

Anders Jackson

As I understand it so do VLC use same encoders as ffmpeg. And yes, there are less code that can break when you use command line instead of a graphical UI.

And may I ask what mono has to do with VLC? *facepalm*

Just some thoughts about Java.

OpenJDK7 are now THE Java implementation and Oracles are just one more of the reimplementations. So you should not need to install Oracles version.

And you really don’t need to remove the OpenJDK7 installation to also have Sun Java JDK 7. Just run

sudo update-java-alternatives –list

and select which java you want to have as default java of all that is installed.

And if you want to run a program with one special version, check manpage for java-wrappers how to do that.

How to Install uTorrent Client on Ubuntu/Debian/Linux Mint

Brand New Unixmen Forum is Now Live!

How To: Disable or Enable Guest Account in Ubuntu 13.04

Retroshare: A Next Generation Secure Communication and File Sharing Platform

Basic mplayer Usage from Command-Line

Command-Line Downloading Using aria2

Haiku: Package Manager - Doing Things Right

Ubuntu 13.10 'Saucy Salamander' - New kernel, Unity 7 and 8 with Mir

Larry Page, Dear Google Users

How to Install and Configure Subversion Server on Ubuntu 13.04 Server

Secure Erase your SSD

Panos Georgiadis

Like us on Facebook

This week Top Posts

Recent Posts

Recent Comments

pigmej

Amit Rai

DB Griffin

Anders Jackson

Anders Jackson

Favorite Links

Unixmen Archive

Tags Cloud

Unixmen Twitts