OT - Securely erasing Mac SSD's

kstrick
Contributor III

OK--
So, we are not supposed to zero out SSD's as they may become damaged or suffer slow performance.
The general consensus as I understand it (on any OS platform) is that you want to have a ATA secure erase command sent to the drive as it will erase securely the drive using an internal mechanism and the drive performance will not be effected.
There are linux distros and/or utilities that will do this correctly, I haven't seen any that are Mac OS native utilities so far.

Apple's kbase seems to indicate that booting to the recovery partition and just performing an erase is sufficiently secure, but i'm skeptical because, as usual, Apple doesn't list any specifics (example: does it send an ATA secure erase automatically when it's an ssd? is it really treating an ssd differently?).

I've heard it said that encryping that disk and then erasing works, and it makes sense that it would be a secure method, but it would take a lot longer than running the ATA Secure Erase which is almost instant.

The question (sorry about the detailed buildup) I have is--

What are people doing and does anyone know of a Mac native method to have the ATA Secure Erase command sent to the SSD?

3 REPLIES 3

GaToRAiD
Contributor II

Ok, so I'm going to try and answer you with some short and sweet. SSD drives are essentially RAM, and are treated as such. If you wipe the information on the SSD, it cannot be rebuilt just as it is with RAM. Thus just sending the disktutil erase command is sufficient and secure with wiping data.

Kaltsas
Contributor III

Using diskutil will be acceptable (and will write most of the PBAs on the disk, though not guaranteed to be all if it has over provisioning). ATA Secure Erase is the desired way to wipe an SSD as it is quicker because the drive controller wipes the PBAs rather than having OS commands for the LBAs and then the LBAs translated to PBAs by the controller (though the drive should see approximately the same amount of wear as if you formatted from an OS). I have not seen any macintosh native tools that will issue these commands however the GParted Live disk should boot a mac fine and let you issue the secure erase command.

http://web.archive.org/web/20120107194502/http://www.ocztechnology.com/blog/?p=367

kstrick
Contributor III

Fair enough---
@GaToRAiD 's explanation makes sense (and is probably dead on) that SSD's with the standard erase is fine, I just want to 'cover my ass' since we are dealing with corporate data....

I may end up going the Gparted route or something along those lines , I just wanted to see if anyone had come up with something native to the Mac OS...
I'm suprised Prosoft or Alsoft don't sell something :)

Thanks for the feedback