Apple - SRM gone in macOS Sierra (10.12)
From this comment:
can you come up with a better idea or safely removing files from SSD on newer macs? – Niktin Roman
There's no need for srm
; provided that TRIM is enabled on your machine1
TRIM support handles this for you. When you delete a file from your drive, the OS will mark the file space as "not in use" - this applies to any drive. On an SSD, unlike a HDD, a TRIM command is sent to wipe any data in that marked space. This allows your SSD to be able to write data to that marked space as if it was brand new and never used, and skip the traditional deletion process.
If you are looking for more security, turn on FileVault.
Per Apple Support:
Note: With an SSD drive, Secure Erase and Erasing Free Space are not available in Disk Utility. These options are not needed for an SSD drive because a standard erase makes it difficult to recover data from an SSD. For more security, consider turning on FileVault encryption when you start using your SSD drive.
I also advise against using srm
because it issues more and unnecessary write operations to the SSD, thus shortening it's lifespan. From the man page:
srm removes each specified file by overwriting, renaming, and truncating it before unlinking
1 TRIM comes enabled by default if you your Mac came with an SSD preinstalled. if you added an SSD after the fact, then you must enable TRIM by issuing the command
sudo trimforce enable
in Terminal.
rm has a -P switch that will overwrite the file three times before deleting. Better than nothing, I suppose.
To securely delete a file/folder on MacOS Sierra without external utilities use rm
with the -P
switch:
## delete a single file
rm -Pv wikileak1.txt
## delete a folder recursively
rm -Pvrf ~/.wikileaks
From the man page:
-P Overwrite regular files before deleting them. Files are overwritten three times, first with the byte pattern 0xff, then 0x00, and then 0xff again, before they are deleted. -v increase verbosity
NOTE: In case you installed GNU coreutils from homebrew with the default names, e.g.
brew install coreutils --default-names
, then, depending on how you configured your PATH, the GNU version ofrm
could shadow the Mac version at/bin/rm
and it won't accept the-P
option. Usewhich -a rm
to double-check.