HOT TOPICS

Friday, May 23, 2014

How to Securely Erase a Solid State Drive on Mac OS X

How to Securely Erase a Solid State Drive on Mac OS X


Does your computer have a solid-state drive? All new Apple laptops come with SSDs, and you better be careful what you do if you want to erase it. "Cleared" memory is not actually cleared; sensitive info may be available for the taking. The Apple experts at Stack Exchange provide tips on staying safe.


I'm pretty new to SSD technology, so I don't know how it compares to hard drives when it comes to securely erasing the drive. Is it enough to run Disk Utility and erase the drive with the option "overwrite with zeroes," or does this only work with hard drives? Are there other actions that should be taken?


I'm not looking for NSA-grade security, but I'd like to be safe if selling my Mac.


See the full original question here.


Total SSD Security Isn't Easy (Answered by Gordon Davisson)


Unfortunately there isn't a simple answer, and it really depends on your paranoia level. Because of the way SSDs handle writing data, doing a zero-once on an SSD is not as good a method of removing data as it is on a hard drive.


When you write a particular data page on an HD, the new data is simply written over the old data, replacing it. If you write zeros over the whole disk, all of the old data will be gone. SSDs, on the other hand, cannot simply overwrite individual pages. In order to replace the data on a page, the old data must first be erased, and SSDs cannot erase individual pages; they have to erase entire blocks consisting of many pages.


So what happens when you ask an SSD to overwrite, say, page #5, is that the SSD leaves the data on page #5 alone, but marks it as invalid, allocates another currently-blank page (say, #2305), writes the new data to page #2305, and makes a note that next time the OS asks for page #5 it should get #2305 instead. The original page #5 data sits there until some later time, when the drive needs more space, moves any remaining valid pages away from the block, and erases it. See this AnandTech review for more through details.


The net result is that if you write zeros over the "whole" drive, you haven't actually overwritten all the old data. You have updated the controller's translation table so it'll never return any of the old data to the OS, as those pages are all marked as invalid. But if someone's interested enough to bypass the controller, they could get some of your data back.


Overwriting twice will probably work, but it depends on the controller's allocation strategy. Overwriting twice with random data (diskutil randomDisk 2 /dev/diskN) is a little more likely to work, but still not guaranteed. Both of these also have some bad side-effects: they may slightly diminish the lifetime of the drive, and also increase the logical fragmentation on the SSD, decreasing its write performance.


Note that recent versions of OS X's graphical Disk Utility disable the secure erasure options on SSDs for the aforementioned reasons, but the command-line version still allows them. I have also seen several recommendations to securely erase SSDs by converting them to an encrypted format, but this is (if anything) slightly less secure than overwriting with random data.


The best way to securely erase an SSD is to invoke the controller's built-in secure-erase feature. This should—if the controller designers did their jobs—truly erase all blocks, and also have the side-effect of resetting the logical page map, essentially defragmenting it and restoring its original performance. Unfortunately, most of the utilities I've seen for doing this (e.g. CMRR's HDDErase) run under DOS, which won't boot on a Mac. Some users MacRumors offer some rather complex instructions for doing a secure erase from a GParted boot CD. It might also be possible to use Parted Magic from a bootable flash drive.


Researchers at the Non-Volatile Systems Lab at UCSD have tested various ways of sanitizing SSDs by "erasing" the drive, then disassembling it to bypass the controller, and checking for remnant data (you can read the summary or the full paper). Their results mostly agree with what I've said above, and also show that the built-in secure-erase command isn't always implemented properly:



Our results lead to three conclusions: First, built-in commands are effective, but manufacturers sometimes implement them incorrectly. Second, overwriting the entire visible address space of an SSD twice is usually, but not always, sufficient to sanitize the drive. Third, none of the existing hard drive-oriented techniques for individual file sanitization are effective on SSDs.



So there you have it; overwriting the entire drive twice is probably secure enough for most people, but absolute security may require some extra effort.




There are more answers where that came from. Check them out or leave your own at the original post. Find more questions like it at Ask Different, a question and answer community for Apple enthusiasts and power users. And if you've got your own question that requires a solution, ask. You'll get an answer. (And it's free.)


Photo by Yutaka Tsutano.


0 comments:

Post a Comment