2

I'm selling a laptop that was used to handle my personal data, and want to wipe the SSD before getting rid of it. However, I just realized that my SSD doesn't support any of the Sanitize or Secure Erase NVMe commands.

How can I securely clear my data from the drive? I've heard that overwriting it with zeroes or random data isn't enough and is additionally terrible for the drive itself.

I'd post a picture of the output of nvme id-ctrl and my secure erase attempts but apparently I'm not allowed to do so as a new user.

ebopalisesy
  • 43
  • 1
  • 5
  • If the SSD is not already encrypted, your best option is to use FDE (and encrypt the empty space), then simply delete the partitions. This won't be 100%, since the firmware on it's own, prevents to many writes on specific cells. [If you drive does not support ATA erase commands there is way to do it 100%](https://superuser.com/questions/22238/how-to-securely-delete-files-stored-on-a-ssd?rq=1) – Ramhound Jul 01 '20 at 21:12
  • 1
    Does this answer your question? [How to securely delete files stored on a SSD?](https://superuser.com/questions/22238/how-to-securely-delete-files-stored-on-a-ssd) – Moab Jul 01 '20 at 21:21
  • 1
    For the future: Turn on full disk encryption before the first bit of sensitive data touches the SSD. – gnasher729 Jul 01 '20 at 21:53
  • You can do Secure Erase for your NVMe drive via `nvme-cli` tool, https://github.com/linux-nvme/nvme-cli – Maksim Shamihulau Feb 22 '21 at 11:23

1 Answers1

0

If you are not selling it to a three-letter agency, and you don't have a specific fear of a nation-state learning the contents of the drive, you can simply overwrite once with zeros.

This will NOT protect the data with strong confidence, as there may be cells of the SSD that could still contain original data. However, it would take someone interested enough to work hard and spend money to recover the data on the drive.

The amount of money it would take is open for debate, but unless you are selling it to someone who is actively out to get you, you're probably fine, as they are most likely going to install an operating system and just use it.

Also, next time you set up a computer, make sure you encrypt the drive. That way you won't have this problem again.

Slartibartfast
  • 7,978
  • 2
  • 25
  • 27
  • 1
    Probably better to overwrite with random data, and even better to overwrite with reasonable looking data. Like a gazillion images of butterflies, mixed with a gazillion copies of War and Peace. Overwriting with zeroes means the attacker will know exactly what was not overwritten. (And you can do obviously better than my example). – gnasher729 Jul 01 '20 at 21:56
  • 2
    It is common for those in the security industry to assume a motivated, resource-rich attacker. If you start with that assumption, you are ahead of the game. In real life, the number of attackers is low, of those attackers the vast majority are not particularly motivated or resource rich, and the motivated and resource-rich attackers are not motivated by you (for most values of "you"). That said, sure, random data, why not. (IMHO, YMMV, BBQ) – Slartibartfast Jul 01 '20 at 22:52