How to securely erase hard drive with ubuntu live cd?

Question

I want to sell my old SSD on EBay. How do I prepare the hard drive to protect my personal data and get the hard drive in a good shape using an Ubuntu live cd?

Take a look at Securely wipe disk - Arch Wiki – leorize Jul 24 '15 at 08:03 — leorize, Jul 24 '15 at 08:03

score 12 · Accepted Answer · edited Jan 16 '19 at 03:18

The best way to wipe a SSD is to issue an ATA SECURE_ERASE command rather than using low-level utilities such as dd, because it's faster and more reliable, due to a number of reasons.

Run lsblk and determine to which block device the drive is currently mapped (if you have only that drive attached it will likely be mapped to /dev/sda)

Run sudo hdparm -I /dev/sda and determine whether the drive is currently frozen or not:

Security: 
    Master password revision code = 65534
        supported
    not enabled
    not locked
        **frozen**
    not expired: security count
        supported: enhanced erase
    2min for SECURITY ERASE UNIT. 8min for ENHANCED SECURITY ERASE UNIT.

If it is, suspend the system and resume:

Security: 
    Master password revision code = 65534
        supported
    not enabled
    not locked
    not frozen
    not expired: security count
        supported: enhanced erase
    2min for SECURITY ERASE UNIT. 8min for ENHANCED SECURITY ERASE UNIT.

Run sudo hdparm --user-master u --security-set-pass password /dev/sda to set a security password (this is mandatory in order to securely erase the drive)
Run sudo hdparm --user-master u --security-erase password /dev/sda to securely erase the drive

As pointed out by Takkat, mind that this won't catch reallocated bad sectors.

To catch those as well, if you have any and if supported by the drive, you can issue an enhanced ATA SECURE_ERASE command, that writes manufacturer-predefined patterns multiple times and catches reallocated bad sectors as well:

Run sudo hdparm --user-master u --security-erase-enhanced password /dev/sda to securely erase the drive

This is the recommended way to wipe SSDs but we should point out that on some drives it still may leave recoverable data remnants (which would not be a big issue for the usual private data but it may be for highly sensitive data). — Takkat, Jul 24 '15 at 08:35
@Takkat That's true, I've added a second method to take care of possible reallocated bad sectors and even of possible laboratory recovery attempts, now it should be fine. — kos, Jul 24 '15 at 08:53
@Takkat - Is there any value in using security erase on non-SSD devices e.g. rotational disks. Please see my post at (https://security.stackexchange.com/questions/200332/should-a-secure-ata-erase-be-performed-on-a-non-ssd-drive) — Motivated, Dec 25 '18 at 03:03

xyz · Answer 2 · 2015-07-24T08:39:57.913

3

Use lsblk to list all the drives and find yours /dev/sdx.

Run the following:

# dd if=/dev/urandom of=/dev/sdx bs=8M && sync

Replace x with the drive you want to wipe. Run it multiple times if you're paranoid (eject and reinsert the drive each time to ensure that the data gets flushed).

This will erase everything, so be careful. I mean it. It's not possible to recover data by any means after this.

EDIT: based on further reading, it's quite likely that with the above method the drive will be securely erased, but some pieces may be recoverable (very little chance). With this warning in mind, I am not deleting this answer as this offers a very simple method to wipe data, and the recovery technique requires physically bypassing the ssd controller, which in most cases will damage the drive itself.

edited Jul 24 '15 at 08:39

answered Jul 24 '15 at 08:20

xyz

1,786
1
12
22

1
Some claim to do that 2 times. - Might be prudent to make a backup of all personal data prior to doing this. Disaster is 1 digit away :D

Rinzwind

Jul 24 '15 at 08:21

Data could still be restored after the drive has been zero-ed – leorize Jul 24 '15 at 08:26

This method will not securely wipe data on a SSD - it should only be done on conventional hard drives. – Takkat Jul 24 '15 at 08:28

This doesn't erase data in a way that it can't be easily and fully recovered in a laboratory. The old patterns written to a magnetic disk are still visible several overwrites (the signal just gets a bit weaker every time). If you want data to be totally 100% unrecoverable you need to overwrite every part of the disk 20 times with well chosen patterns - overwriting it a single time with zeroes will stop nobody except a normal person who uses nothing but the harddisk itself to see what data is on it. – Carlo Wood May 04 '17 at 17:08

@CarloWood when you overwrite any disk multiple times (full capacity), it will wipe the old data. And this method writes random numbers, not zeros, increasing the chances of corruption of old data.

For SSDs secure erase is a faster method, but doing this multiple times does the trick as well!

– xyz May 05 '17 at 06:11

score 2 · Answer 3 · answered Mar 04 '18 at 21:02

The accepted answer here did not work for me, and I might save others from wasting their time with a different answer:

Drop Ubuntu live for this purpose. Get DBAN (http://dban.org).

DBAN is a linux bootable that launches a program with a single purpose--to erase hard disks. It boots, you choose a disk, specify a method of erasure. It has a choice of several algorithms. The simple/fast method will write disk over with 0's. Intermediate will rewrite several times and most secure method will take a week or more to completely obliterate any chance that even the NSA can recover any of your data.

Using the hdparm-based approach described above, I never succeeded. I could not get past the "frozen disk" problem. As the accepted answer here warns, when hdparm -I output says frozen, the password assignment and erasure methods do not work. Among the many things I tried to unfreeze this, none helped. When booting from the Ubuntu live drive, suspending and then resuming caused the keyboard and mouse to become disabled, so the first suggested fix failed.

I usually think "I'll keep banging on this till it works" and I kept trowling for suggestions to unfreeze these from the Ubuntu live disk. I probably spent 5 hours trying various things to unfreeze these disks. If you Google, you'll see a laundry list of things to do for this, some of which seem ridiculous. For example, it is suggested to disconnect the drive from the SATA and power cables, start the machine, then reach in and plug in the drive after the system starts. Electrocution, anyone?

OTOH, DBAN was a success first time. It takes about 3 minutes to boot up. We chose the DOD wipe, which is in the middle of the security spectrum. It writes over the disk 31 times with random noise. The only shortcoming is that it took 8 hours for a 1TB disk drive. To erase a dozen machines, I made 6 bootable USB and got it done over 2 nights. I was trying to wipe Dell workstations that were 3-5 years old with 1TB SATA drives. Maybe this would be faster with better computers. Or smaller drives. It really does take 8 hours.

In my opinion, writing over the disk 31 times was overkill. I would sleep well if I overwrote each drive a just a few times. I already had destroyed the partition tables and repartitioned the drives. My experience is that an attacker generally can't recover anything useful after just doing that part. In my opinion, if the attacker does not have quite a bit of information about the file table that was erased, there is virtually no chance they can recover much useful information. Here you need to make a personal assessment about how hard your enemy will try to recover your data and what data you have to protect from them.

If you are insistent that you want to use Ubuntu live, you are stuck on Ubuntu Island and are not allowed to use any other tools, you can still use the terminal to destroy the partitions, make new partitions, new file systems, and use dd or similar to write on the disk over a few times. I'd be shocked if anybody could recover anything useful.

I'm not teasing when I say this. If you are worried about the NSA or Russian gangsters getting your drive and recovering something after you destroy the partitions, make new partitions, create new file systems, and write 0's and 1's over every sector, then you have a worse problem than software erasure can solve. The only rational thing to do is to take the drive and shoot it with your rifle a few times. Or get a sledge hammer.

http://dban.org/ currently won't load (seems down), but this article about it from May 2022 https://www.lifewire.com/how-to-erase-a-hard-drive-using-dban-2619148 links to a copy of it on SourceForge. — Ryan, Jul 05 '22 at 12:09

How to securely erase hard drive with ubuntu live cd?

3 Answers3