0

I have two SSDs in my laptop (dell xps 15 9550):

  1. Toshiba 256gb (PCIe) THNSN5256GPU7
  2. Samsung 1tb (sata 3) EVO860

Both are fully encrypted with VeraCrypt.

Is it safe, to simply make a quick-format on both disks and install windows on one of them ? or maybe I do have to do an extra operation like f.e. "removing vera crypt keys" first ?

user3529850
  • 111
  • 2
  • 2
    Does this answer your question? [Erase disk before selling](https://superuser.com/questions/1370584/erase-disk-before-selling) and [this](https://superuser.com/questions/4678/securely-erasing-all-data-from-a-hard-drive) – Ramhound Oct 10 '20 at 22:11
  • 1
    This question is also a duplicate of [this](https://superuser.com/questions/101465/how-can-i-securely-format-a-solid-state-drive) question – Ramhound Oct 10 '20 at 22:19
  • 1
    Most of those dupes are out of date. If a drive is fully encrypted always & has been , then a simple erase will wipe the data & the encryption keys far beyond any hope of recovery. [Whatever you do, don't follow the advice in the deleted answer below, if you can see it. Unencrypt first & you just gave all your data away. Format from encrypted.] – Tetsujin Oct 11 '20 at 09:33
  • sorry, confusing typo… 'always & has been' == '& always has been' – Tetsujin Oct 12 '20 at 15:29

1 Answers1

1

First of all, most of the suggested answers are out-of-date, just like @tetsujin said.

Having said that, I will answer my question for future readers.

  1. If you use windows with bitlocker and your computer has TPM:

    1. All that should be necessary is to encrypt the drive and wipe TPM (ctrl+r -> tpm.msc -> Clear TPM). TPM is a chip on the motherboard that bitlocker uses to store encryption keys.
    2. If you're really paranoid, after clearing the TPM you could boot a Ubuntu live CD and use hdparm to do an ATA secure erase on the SSD.
    3. Instead of hdparm, you can just run blkdiscard /dev/sda - that'll TRIM the whole drive (so don't ever try that on an SSD that has data you care about).

  2. If you use VeraCrypt

    1. Encrypt the entire drive
    2. Wipe the disk (just like suggested by @tetsujin) using f.e. diskpart or by doing what was said in 1.2 or 1.3

Note1: VeraCrypt does not use TPM, so no need to clean it, in the 2 case
Note2: Sometimes SSD manufacturers release tools/utilities that allow to do "Secure Erase", you might use it to wipe your disk if this is the case for you

user3529850
  • 111
  • 2