Secure erase SSD on Lenovo ThinkPad T520 (can't unfreeze SSD, machine reboots on hotplug)

I was able to do this. It turns out Lenovo makes a utility specifically for secure erasing drives that is compatible with the T520 (and many other models). It looks like this utility is the more modern replacement for the BIOS extension that is available for older models.

So if you have a ThinkPad newer than circa 2011, check the "Storage" subsection under the drivers/downloads area for your model ThinkPad at the Lenovo web site.

For me, with the T520, it was the adorably Engrish Drive Erase Utility for the Resetting the Cryptographic Key and the Erasing the Solid State Drive.

1. Download the above ISO (check the supported model list to make sure it is for your ThinkPad first; search for your model on their web site if it isn't).
2. Burn it to a CD or DVD (or ThumbDrive, use UNetbootin or Rufus - although I have not tried this and have run into issues in the past with Lenovo ISO's that use the Nero Bootloader, dunno about this one though.)
3. Power off laptop, install the drive you want to erase.
4. Boot laptop with CD/DVD in. If it doesn't boot automatically hammer on F12 when the machine turns on to display the boot menu and choose the CD-ROM drive from there.
5. Follow the instructions on the screen for erasing the drive and resetting the key. Takes about 5 minutes tops.
6. Label and save the disc you just burned, it will come in handy if you have to do this again.
7. You're all done. Power off machine and remove the drive, then tell all your friends the story. They'll love it. Great conversation starter at parties as well.

The Lenovo utility accomplishes the unfreeze by generating some sort of key you have to write down, then rebooting the machine (presumably doing some magic to power cycle the SATA device without re-freezing it) and asking you for the key again.

Confirmed working with Crucial M4 and Samsung 840 EVO.

Note that you may wish to ensure that you have the latest BIOS update for your PC installed (as well as the latest firmware for your SSD drives). BIOS updates can also be found on the Lenovo site in the section for your model laptop.

I cannot explain why I am able to hotplug the M4 but not the 840. It does not really matter now but I'd still be interested to know just for academic reasons.

To create a bootable USB drive that can be used to reset the SSD in a T520 (and many other ThinkPad models), follow these instructions:

1. Download the "floppy" version of Lenovo's Drive Erase Utility.
2. Create a bootable "FreeDOS" USB drive, e.g. with Rufus.
3. Extract the contents of the downloaded zip file to the USB drive.
4. Create a \efi\boot\ subdirectory on the USB drive, and move the BootX64.efi from the root of the drive to that subdirectory.
5. Restart, boot from the USB drive (boot menu=F12).
6. Run DrvErase.

With Linux, I created a bootable USB pen drive containing Drive Erase Utility for the Resetting the Cryptographic Key and the Erasing the Solid State Drive - ThinkPad for my Lenovo T440.

This is one of multiple steps taken to prepare for full disk encryption. Download the .zip file containing the utility. This file is a little under 80KB. Prepare USB disk

Run fdisk to format and prepare the USB disk. Make sure the device path to the USB disk is correct. /dev/sdb is the correct one for me, but may not be the same device on your computer.

sudo fdisk /dev/sdb to start the utility. Next steps are keypresses.
<kbd>o</kbd> to create a new DOS disklabel
<kbd>n</kbd> for new partition
<kbd>Enter</kbd> for default (primary partition)
<kbd>Enter</kbd> for default partition number
<kbd>Enter</kbd> for default first sector
<kbd>Enter</kbd> for default last sector
Conditional: If prompted, enter <kbd>Y</kbd> to overwrite existing file system signature
<kbd>t</kbd> to change partition type
<kbd>c</kbd> for W95 FAT32 (LBA)
<kbd>a</kbd> to toggle (enable) bootable flag
<kbd>w</kbd> to write changes to disk and exit fdisk

Create a filesystem on the drive. Now, append a 1 to the original device path to select the first and single partition created in the previous step.

# mkfs.vfat -F 32 /dev/sdb1

Mount the partition

# mount /dev/sdb1 /mnt

Unzip the contents of the utility zip previously downloaded

# cd /mnt
# unzip ~/Downloads/83fd04ww.zip

Create UEFI folder and move the BootX64.efi into that folder

# mkdir -p /mnt/EFI/BOOT
# mv /mnt/BootX64.efi /mnt/EFI/BOOT

Sync pending disk operations, change out of the directory, and unmount the flash drive

# sync
# cd /
# umount /mnt

Run the utility Insert the USB drive into the ThinkPad and hammer F12 (alternatively F1, then F12) after powering on to be able to select "Boot from other device". Select the USB Flash Drive, and the utility should start. Disk utility steps

1. Press 1 for delete
2. Yes to confirm
3. Yes to really confirm
4. Write down the Request Key written on screen
5. Press ENTER to Restart and let the boot process do its thing without interfering
6. Enter the request key previously written down and ENTER to continue
7. Enter to confirm destroying of all data
8. Wait for operation to complete and press any key to restart