How to securely erase hard drive with ubuntu live cd?
The best way to wipe a SSD is to issue an ATA SECURE_ERASE command rather than using low-level utilities such as dd
, because it's faster and more reliable, due to a number of reasons.
- Run
lsblk
and determine to which block device the drive is currently mapped (if you have only that drive attached it will likely be mapped to/dev/sda
) Run
sudo hdparm -I /dev/sda
and determine whether the drive is currently frozen or not:Security: Master password revision code = 65534 supported not enabled not locked **frozen** not expired: security count supported: enhanced erase 2min for SECURITY ERASE UNIT. 8min for ENHANCED SECURITY ERASE UNIT.
If it is, suspend the system and resume:
Security: Master password revision code = 65534 supported not enabled not locked not frozen not expired: security count supported: enhanced erase 2min for SECURITY ERASE UNIT. 8min for ENHANCED SECURITY ERASE UNIT.
Run
sudo hdparm --user-master u --security-set-pass password /dev/sda
to set a security password (this is mandatory in order to securely erase the drive)- Run
sudo hdparm --user-master u --security-erase password /dev/sda
to securely erase the drive
As pointed out by Takkat, mind that this won't catch reallocated bad sectors.
To catch those as well, if you have any and if supported by the drive, you can issue an enhanced ATA SECURE_ERASE command, that writes manufacturer-predefined patterns multiple times and catches reallocated bad sectors as well:
- Run
sudo hdparm --user-master u --security-erase-enhanced password /dev/sda
to securely erase the drive
The accepted answer here did not work for me, and I might save others from wasting their time with a different answer:
Drop Ubuntu live for this purpose. Get DBAN (http://dban.org).
DBAN is a linux bootable that launches a program with a single purpose--to erase hard disks. It boots, you choose a disk, specify a method of erasure. It has a choice of several algorithms. The simple/fast method will write disk over with 0's. Intermediate will rewrite several times and most secure method will take a week or more to completely obliterate any chance that even the NSA can recover any of your data.
Using the hdparm-based approach described above, I never succeeded. I could not get past the "frozen disk" problem. As the accepted answer here warns, when hdparm -I output says frozen, the password assignment and erasure methods do not work. Among the many things I tried to unfreeze this, none helped. When booting from the Ubuntu live drive, suspending and then resuming caused the keyboard and mouse to become disabled, so the first suggested fix failed.
I usually think "I'll keep banging on this till it works" and I kept trowling for suggestions to unfreeze these from the Ubuntu live disk. I probably spent 5 hours trying various things to unfreeze these disks. If you Google, you'll see a laundry list of things to do for this, some of which seem ridiculous. For example, it is suggested to disconnect the drive from the SATA and power cables, start the machine, then reach in and plug in the drive after the system starts. Electrocution, anyone?
OTOH, DBAN was a success first time. It takes about 3 minutes to boot up. We chose the DOD wipe, which is in the middle of the security spectrum. It writes over the disk 31 times with random noise. The only shortcoming is that it took 8 hours for a 1TB disk drive. To erase a dozen machines, I made 6 bootable USB and got it done over 2 nights. I was trying to wipe Dell workstations that were 3-5 years old with 1TB SATA drives. Maybe this would be faster with better computers. Or smaller drives. It really does take 8 hours.
In my opinion, writing over the disk 31 times was overkill. I would sleep well if I overwrote each drive a just a few times. I already had destroyed the partition tables and repartitioned the drives. My experience is that an attacker generally can't recover anything useful after just doing that part. In my opinion, if the attacker does not have quite a bit of information about the file table that was erased, there is virtually no chance they can recover much useful information. Here you need to make a personal assessment about how hard your enemy will try to recover your data and what data you have to protect from them.
If you are insistent that you want to use Ubuntu live, you are stuck on Ubuntu Island and are not allowed to use any other tools, you can still use the terminal to destroy the partitions, make new partitions, new file systems, and use dd or similar to write on the disk over a few times. I'd be shocked if anybody could recover anything useful.
I'm not teasing when I say this. If you are worried about the NSA or Russian gangsters getting your drive and recovering something after you destroy the partitions, make new partitions, create new file systems, and write 0's and 1's over every sector, then you have a worse problem than software erasure can solve. The only rational thing to do is to take the drive and shoot it with your rifle a few times. Or get a sledge hammer.