Immediately beforehand, the drives had completed ATA SECURE ERASE in ≈13.5 hours without incident. WARNING: This command destroyed two good 8TB HGST HUH728080ALE600 hard drives (each in a different computer) after running for ≈15 hours and only progressing to ≈5% complete. Last Sanitize Operation Completed Without Error 7. You may use `-sanitize-status` to check progress Section 7.x.3.2 of T13's Sanitize Device Command Proposal, Revision 67 # hdparm -yes-i-know-what-i-am-doing -sanitize-crypto-scramble /dev/sdx The SANITIZE OPERATION START EXT - CRYPTOGRAPHIC SCRAMBLE shall only be processed if:Ī) the SANITIZE DEVICE feature set is supported ī) the CRYPTOGRAPHIC SCRAMBLE method is supported and The SANITIZE OPERATION START EXT- CRYPTOGRAPHIC SCRAMBLE shall only be reported as supported if all user data is affected by changing internal encryption keys.Īfter a successful cryptographic scramble, the contents of the user data area may be indeterminate. The SANITIZE CRYPTOGRAPHIC SCRAMBLE operation shall also remove user data held in caches and pin setting attributes (see 4.16). SANITIZE CRYPTOGRAPHIC SCRAMBLE The SANITIZE OPERATION START EXT - CRYPTOGRAPHIC SCRAMBLE command shall start a sanitize operation which shall change the internal encryption keys that are used for user data. Last Sanitize Operation Completed Without Error 5. Check status hdparm -sanitize-status /dev/sdx
You may use `-sanitize-status` to check progress 4. Section 7.x.4.2 of T13's Sanitize Device Command Proposal, Revision 67 hdparm -yes-i-know-what-i-am-doing -sanitize-block-erase /dev/sdx The SANITIZE OPERATION START EXT - BLOCK ERASE shall only be processed if:Ī) the Sanitize Device feature set is supported ī) the BLOCK ERASE method is supported andĬ) the device is in the Sanitize Idle state, the Sanitize Operation Failed state, or the Sanitize Operation Succeeded state. NAND FLASH, see ).Īfter a successful SANITIZE BLOCK ERASE operation, the contents of the user data area are indeterminate. The SANITIZE OPERATION START EXT- BLOCK ERASE shall only be reported as supported if the internal media supports Block Erase operations (e.g. The SANITIZE BLOCK ERASE operation shall also remove user data held in caches and pin setting attributes (see 4.16). SANITIZE BLOCK ERASE The SANITIZE OPERATION START EXT - BLOCK ERASE command shall start a sanitize operation which shall cause Block Erase operations on all user data. While this drive supports SANITIZE CRYPTOGRAPHIC SCRAMBLE and SANITIZE OVERWRITE: hdparm -I /dev/sdx. This drive supports SANITIZE BLOCK ERASE: hdparm -I /dev/sdx. Last Sanitize Operation Completed Without ErrorĪn unsupported drive: hdparm -sanitize-status /dev/sdx Check for SANITIZE supportĪ supported drive: hdparm -sanitize-status /dev/sdx After you erase the drive using Secure Erase or Sanitize, all user data will be permanently destroyed on the selected drive.
Therefore, Secure Erase is faster to complete than Sanitize.
Sanitize will delete the mapping table and will erase all blocks that have been written to. This is preferred over the SECURITY ERASE UNIT command since SANITIZE is supported in both the T10 standard (SCSI) and the T13 standard (ATA), and for all derived busses.įinally, SanDisk states: Secure Erase is different from Sanitize because it only deletes the mapping table but will not erase all blocks that have been written to. Microsoft concurs: For new applications, it is recommended to use the CRYPTO SCRAMBLE EXT command from the SANITIZE feature set. IntroductionĪccording to NIST, The ATA Sanitize Device feature set commands are preferred over the ATA Security feature set SECURITY ERASE UNIT command when supported by the ATA device. These procedures will irretrievably destroy data (and potentially media as well - see section 7). See also NVMe Secure Erase and NVMe Sanitize in this series.) 0. (Note: This is a follow-up to ATA Secure Erase (SE) and hdparm, which includes suggestions for working around frozen drives and more. ATA Sanitize and hdparm / docs / ATA Sanitize and hdparm