Securely Erasing NVMe SSD (Any reason not to zero-fill aside from lifespan impact?)

[hihihi8]

Hi guys/gals

 

I'm thinking of upgrading 950 Pro 512 GB NVMe SSD to a larger one (no dual m.2 for me). However, I've read that securely erasing SSD's can be troubling. I want it erased as securely as possible (just short of cutting it with a pair of branch snippers) before I sell it to some random stranger (just assume he is a professional scammer/identity thief) l. I know that one way would be to ground it and let it sit for like a year, which would rot the data away, but that takes way too long. I've found quite a bit of information which is often contradictory to other articles.

 

So far what I've done:

- ran Samsung's secure erase utility via bootable drive once (not sure if it worked, it finished in minutes, which makes it seem a little sketchy.

- Used a bootable windows installer to format the drive (found that the secure erase utility missed the system reserved partition which happened to be on an HDD for some reason (happened a while ago).

- Installed a fresh copy of windows

- Checked that TRIM was enabled

- Filled the drive completely with random unimportant pictures, programs, games, etc. till only 350KB was left

- Used Samsung Magician's performance optimization daily (which I assume simply runs the trim command)

 

Now my question is:

I've heard a lot of people claim that "you shouldn't zero-fill/random-data fill an ssd". According to Samsung Magician, my 950 Pro has only written 9.4TB of data, whereas according to Samsung, the drive is rated up to 400 TB's written. At this rate, I could technically perform dozens of zero-fills as I want without having any real impact on life span. Therefore, is the aforementioned claim exclusively for the sake of maximizing the SSD's life span? or is there some other reason, such as zero-filling being an ineffective measure?

 

Thanks

 

PS: Theres a practical side to this question, but also a curious side to it

[iamdarkyoshi]

I've heard zeroing a solid state drive can actually leave traces behind.

 

As for secure erase, it actually tells the drive's controller to erase everything off the drive, and it does so in a way the manufacturer programs it. It also doesn't have to throw data across the PCIE bus, which is why it is a lot faster.

 

I've secure erased SSDs and hit them with utilities like Easeus data recovery and they always come up empty. Unless the buyer is taking it to a drive recovery place and spending obscene amounts of money, there's basically no chance of recovering anything after secure erase. Not sure there'd even be a chance at a data recovery center either

[Lady Fitzgerald]

Secure Erase is fast because it sends a voltage spike to all the cells simultaneously that sets the cells to an empty state. There is no way even a data recovery center will be able recover data, no matter how much time and money gets thrown at it, once it's been Secure Erased (thus, the name Secure).

 

Writing 0's to an SSD is an unnecessary waste of time and will unnecessarily reduce remaining write life.

[benny_r_t_2]

12 hours ago, Lady Fitzgerald said:

Secure Erase is fast because it sends a voltage spike to all the cells simultaneously that sets the cells to an empty state. There is no way even a data recovery center will be able recover data, no matter how much time and money gets thrown at it, once it's been Secure Erased (thus, the name Secure).

 

Writing 0's to an SSD is an unnecessary waste of time and will unnecessarily reduce remaining write life.

I Google search "how to secure erase ssd" and most tools say they do so with zeros.

 

Is there a specific software program/tool that works with any mfr ssd?  I have an old Intel ssd from 2013 and i want to rejuvinate it.  

 

I Google for tools how to restore an ssd and i get instructions how to "recover data" , which of course is not what I'm looking for.

 

Thanks

[Lady Fitzgerald]

54 minutes ago, benny_r_t_2 said:

I Google search "how to secure erase ssd" and most tools say they do so with zeros...

Where on earth did you find sites that say they secure erase SSDs by writing zeroes? What a load of nonsense.

 

Go to this site and read the entire article.

[benny_r_t_2]

8 hours ago, Lady Fitzgerald said:

Where on earth did you find sites that say they secure erase SSDs by writing zeroes? What a load of nonsense.

 

Go to this site and read the entire article.

"Where on Earth..."

first result returned describes parted magic secure erase and how it works

 

The second result was the article you linked to which describes what you say about the Spike.  It says the command is "ATA secure erase" and references a number of tools i can try.

 

In that article it goes on to say:

"You might also find that your manufacturer hasn’t implemented the “ATA Secure Erase” command into their software, yet. In this case, try the next step...."

 

what follows is this about parted magic which also mentioned the zeros:

 

 

This is why i was confused.  It first describes "ATA secure erase" as a "command" which does the voltage Spike.  But then it says to try parted magic using an option to write the zeros to the drive.  This is in the article you linked.

[Lady Fitzgerald]

That first link you posted is simply full of crap. True Secure Erase does not write zeroes to "wipe" an SSD. You cannot trust everything you read on the internet.

 

I was not aware that Parted Magic had been absorbed by Symantec. I've had nothing but problems with Symantec products in the past so I no longer can recommend Parted Magic, especially since it claims you need to write zeroes to wipe data from the disk.

 

Using Secure Erase in Samsung's Magician was all you needed to do to completely remove all the data from your SSD. The fact that it worked so fast indicates it was working properly. No one will be able to access your data because it was destroyed when Secure Erase reset it to the original empty state.

 

Keep in mind that SSDs, while they perform the same function as HDDs, work completely differently from HDDs so they have to be treated a little differently. 

[benny_r_t_2]

Hi @Lady Fitzgerald,  just to be clear, I'm not the original poster and I've not tried running any tools yet to remove the data from my Intel SDD.  I kindof canibalized this thread with my questions.  Sorry about that OP.

 

I'll try one of these tools to clear my old Intel CD.  I'll probably start with the Intel toolbox as I have an old enterprise Intel SSD.

 

Thanks!

 

Benny

[Lori Hsu]

On 1/17/2019 at 10:51 PM, benny_r_t_2 said:

Hi @Lady Fitzgerald,  just to be clear, I'm not the original poster and I've not tried running any tools yet to remove the data from my Intel SDD.  I kindof canibalized this thread with my questions.  Sorry about that OP.

 

I'll try one of these tools to clear my old Intel CD.  I'll probably start with the Intel toolbox as I have an old enterprise Intel SSD.

 

Thanks!

 

Benny

If you have a newer Asus PC or a ThinkPad, you could use BIOS tools to secure erase a NVMe SSD, let alone a SATA SSD

[Lori Hsu]

[kokosnh]

I will just add here for the clarification.  The secure erase command doesn't write anything to the NAND. It just erase all blocks of NAND, and that's it.
All NAND blocks lose all the charge, that they did hold, when executing secure erase command and it's quite fast, usually couple of seconds.

And empty NAND cells are read as 1, not 0. 
Writing 0 to the SSD is harmful, because it's one of the state in with the NAND cells have a charge.





if you just delete the data, it's not actually deleted, and if you start writing 0 to it, it's like writing lots of data to the SSD, instead of erasing it. Because of the wear leveling algorithm, pSLC bufor, and FTL, it can actually leave some traces of data, and don't write to them...

So you always want to erase the data from an SSD, by secure erase command.

Ps. Yes, nowadays lots of MoBo have the secure erase command build in the UEFi, 3 years ago (as the time of this post), they weren't as popular, but some did have that feature.