Linux – How to send “ATA Secure Erase” command to SSD

disk-encryptionencryptionhdparmlinuxssd

A very good way to erase a SSD which have SED support is to change the password/key. But what to do with those that doesn't have SED support?

This article says

Fortunately it is possible to erase most SSDs, though this is closer
to a “reset” than a wipe. The “ATA Secure Erase” command instructs the
drive to flush all stored electrons, forcing the drive to “forget” all
stored data. This command essentially resets all available blocks to
the “erase” state, which is what TRIM uses for garbage collection
purposes.

Question

I suppose it is something that can be done with hdparm, so does anyone know what command that does this?

Best Answer

Here are the steps:

See if the feature is not frozen. hdparm -I /dev/sdX. If it is (usually by the BIOS), a good way to unfreeze it is to suspend the computer, and resume - then the drive gets powered up, but without BIOS.
IMPORTANT: set the password. This will enable the security feature of the drive: hdparm --user-master u --security-set-pass password /dev/sdX
Lastly, erase the drive:hdparm --user-master u --security-erase password /dev/sdX

The procedure is described here in more detail: https://wiki.archlinux.org/index.php/SSD_memory_cell_clearing

Example from my drive:

Security: 
    Master password revision code = 65534
        supported
    not enabled
    not locked
        frozen
    not expired: security count
    not supported: enhanced erase
    2min for SECURITY ERASE UNIT.

So it is frozen... now I suspend... and...

Security: 
    Master password revision code = 65534
        supported
    not enabled
    not locked
    not frozen
    not expired: security count
    not supported: enhanced erase
    2min for SECURITY ERASE UNIT.

Best Answer

Related Solutions

Setting up array of SSDs for Oracle Database, recommendations

VMware ESXI – SSD on VMware ESXI 4 (TRIM? Good Idea?)

Related Topic