18

It's generally accepted that SSDs cannot be securely wiped by writing patterns to the drive, due to features such as wear leveling and over-provisioning, and that the most secure way to wipe a modern SSD is using the ATA Secure Erase firmware commands.

However, from my understanding this doesn't seem to apply to NVMe drives because they're not ATA-based - instead, they connect to and run via the PCIe bus. Looking at the Parted Magic tool seems to confirm that NVMe drives have their own equivalent to the ATA Secure Erase command for SATA SSDs:

enter image description here

However, I haven't been able to find an NVMe equivalent for hdparm. How exactly can I securely erase an NVMe SSD? I'm running Windows, but also have access to a Unix-like environment using Cygwin.

Hashim Aziz
  • 11,898
  • 35
  • 98
  • 166

1 Answers1

21

Yes, it's true that hdparm will not work for NVMe drives, because they don't use the traditional ATA interface protocol that SATA drives use to send low-level firmware commands to the drive.

Thankfully, there's an open-source tool that allows sending the equivalent commands to NMVe drives - nvme-cli. The tool has already been made available as a package for many distributions, and can be compiled for many more.

Once you have the tool installed with something like:

apt-get install nvme-cli

You can then list all recognised NVMe devices with:

nvme list

To securely erase a listed NVMe SSD, run:

nvme format -s1 /dev/nvme0n1

...where /dev/nvme0n1 is the block name of the listed device.

Hashim Aziz
  • 11,898
  • 35
  • 98
  • 166
  • To securely erase all data of a NVMe hard drive on any computer, a bootable grml Linux USB stick is suitable. It contains `nvme-cli` out of the box. – Simon Schürg Mar 21 '21 at 16:57
  • 1
    I like `nvme format -s2 /dev/nvmeXnY` to erase the encryption key. Then follow up with a `blkdiscard /dev/nvmeXnY` to make sure everything is trim and zeroed. – KJ7LNW Jan 06 '22 at 01:43