You can make a difference in the Apple Support Community!

When you sign up with your Apple Account, you can provide valuable feedback to other community members by upvoting helpful replies and User Tips.

Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

SecureErase (Category 4 - DoE 3 - Pass Secure Erase) Macintosh HD - in Terminal app

iMac -2012 - MacOS Catalina

I want to secure-erase my entire HD, not just the free space. The end goal is to sell my computer


I entered all of the required information into terminal to activate a category 4 secure erase.

After hitting the enter key, a line appears stating: "Ownership of the affected disk is required."


My question: What ownership information is required to activate the category 4 secure erase process?


------------------------------------------------------------------------------------------------------------

Below is a copy of all of the information displayed in the active Terminal window:

------------------------------------------------------------------------------------------------------------


Last login: Wed Oct 19 22:47:31 on ttys000

[—————— @ ———— iMac ~ % diskutil secureErase 4/Volumes/Macintosh\ HD]

Usage: diskutil secureErase [freespace] level

MountPoint | DiskIdentifier | DeviceNode

"Securely" (BUT SEE "man diskutil" FOR MODERN LIMITATIONS) erases either a

whole disk or a volume's freespace. Level should be one of the following:

0 — Single-pass zeros.

1 — Single-pass random numbers.

2 — US DoD 7-pass secure erase.

3 — Gutmann algorithm 35-pass secure erase.

4 — US DoE 3-pass secure erase.

Ownership of the affected disk is required.

Note: Level 2, 3, or 4 secure erases can take an extremely long time.

—————— @ ———— iMac ~ % []

iMac

Posted on Oct 19, 2022 11:41 PM

Reply

Similar questions

43 replies

Oct 21, 2022 6:01 PM in response to SteveHS

It is also possible the hard drive for a 2012 computer is worn out and failing which is why it may be taking longer to complete each pass.


If you just want to perform a secure erase and don't require multiple passes, then how about booting from a Knoppix LInux USB stick and utilizing the hard drive's built-in hardware secure erase feature? For a hard drive, this built-in hardware secure erase feature does nothing more than write zeroes to the entire drive, but it may perform a bit faster than manually writing zeroes to the drive through software. This is also the best way to securely erase an SSD without causing undue wear to the SSD, plus it may fix some SSD issues since an SSD's built-in hardware secure erase feature also resets an SSD to factory defaults.

https://ata.wiki.kernel.org/index.php/ATA_Secure_Erase


Of course @John Galt's suggestion for encrypting the drive first followed by a simple erase is problem the best & easiest option for most people. Keep in mind that Apple is removing features from macOS with the secure erase feature being one of them which was removed from the Disk Utility GUI since it would wear out SSDs, but the feature still remains within the command line version of "diskutil" although I have never used it.

Oct 22, 2022 12:55 AM in response to HWTech

Thanks for your reply and for providing a link to and information about Knoppix, HWTech.


FYI: The hard drive was replaced in 2020.


I appreciate your suggestion, but I'm not comfortable with nor do I have even rudimentary Linux-based knowledge of booting from a Knoppix LInux USB stick without proper supervision.

If something were to happen during the process (possibly making the HD inoperable), that would put me in a far worse position than I'm currently in.


I continue to look for a solution that allows me to use Terminal as it is part of the MacOS.


Up to this point, the overwhelming consensus has been Terminal-avoidance, akin to the third rail of a subway line.

I hope to get a better understanding of why that is and if what I'm seeking can be accomplished successfully.

Oct 22, 2022 12:25 PM in response to John Galt

Thank you again, John.

Performing a level 0 may be adequate for the majority of end-users, but I'm not in that category.


You are correct in pointing out that I eventually intend to sell my iMac, but only after I complete a level 4 Secure Erase procedure on the hard drive.


I want to ensure I've taken the highest level of security available to thwart any attempts to tamper with the hard drive to extract data from it. The odds of that happening are probably highly unlikely, but I'm still going to move forward with the secure erase procedure using Terminal.


And, yes, I could just remove the hard drive and hammer it into oblivion, but that's not what I wish to do.

Oct 22, 2022 3:39 PM in response to SteveHS

I won't dissuade you from using Terminal if you wish. Considering your goal is assured data destruction, you won't be risking anything.


The Shift-Option-Command-R startup key chord will allow you to use the version of Terminal that came with that Mac back in 2012, considering subsequent versions of diskutil have eliminated certain options.


man diskutil and scroll to the end for its (recent) history.


I would be remiss if I did not point out the NOTE in its description of secureErase — not that it applies in your case, since your concern is magnetic media. I point it out only for readers who may run across this Discussion years from now, when hard disk drives are relegated to the ash heap of computing history... where they belong.


And, yes, I could just remove the hard drive and hammer it into oblivion, but that's not what I wish to do.


I prefer a similar technique, performed at a safe distance.

Oct 22, 2022 4:28 PM in response to BobHarris

Thank you for your suggestion, Bob.


I'm going to assume that you've never had an opportunity to remove a hard drive from an iMac. It's a dreaded task even for the most tech-savvy Mac computer technician. I've had many opportunities to watch them do just that, and each time the struggle to open the iMac to access the hard drive was very apparent and eventually accomplished with tremendous difficulty. There was an equal struggle, again with much difficulty, in reassembling the iMac.


So (from my experience) this is definitely not a task for the uninitiated or, for that matter, any average mere mortal.


I have accomplished this same task many times with Windows-based PCs with no problems whatsoever. But getting into one of those systems only involved removing a few screws.

Oct 22, 2022 8:51 PM in response to SteveHS

No, you assume wrong. I’ve replaced the hard drive in my 27” iMac twice, replaced the DVD/CD drive with an SSD, added a custom SATA cable with a temperature sensor, upgraded RAM to 32GB and removed the SSD and disk before retiring my 9 year and 9 month old iMac. 


You could also put the iMac into target disk mode, and if you have the right cables and the other system will accept those cables, you could do all this without taking the drive out of the iMac.

Oct 22, 2022 10:28 PM in response to BobHarris

I stand corrected.

Glad to hear you've had positive and successful experiences with cracking open and accessing the iMac's internal components.


It's still not a task I want to perform.


I will move forward with finding someone who can guide me through a level 4 Secure Erase procedure.

When I find that individual and have accomplished the procedure, I will record the procedure here.


Thanks again, Bob and everyone else who took time out from their day to offer constructive suggestions.

It's always interesting to discover just how many ways any one problem can be solved especially when so many individuals can be reached to offer assistance.

Oct 23, 2022 8:01 AM in response to SteveHS

I will move forward with finding someone who can guide me through a level 4 Secure Erase procedure.


Did you try booting the Internet version of macOS Recovery as I explained?


John Galt wrote:
The Shift-Option-Command-R startup key chord will allow you to use the version of Terminal that came with that Mac back in 2012, considering subsequent versions of diskutil have eliminated certain options.


That version of diskutil might permit the secureErase 4 option you seek to accomplish.


The obvious error in your initial attempt to use that command is that a space character is required after the option 4. That is at least one reason Terminal objected to the command as entered.


In other words,


diskutil secureErase 4 /Volumes/Macintosh\ HD


There may be other reasons for its objection but see if the above gets you any closer to what you want.


I no longer use any Macs that incorporate internal hard disk drives. That limits my ability to help but I might be able to cobble something together if need be.

Oct 23, 2022 4:27 PM in response to John Galt

FYI: When I entered this environment (Recovery Mode), I did not have the option to adjust the security level (akin to being grayed out). I had full control of my mouse, I simply could not adjust the slider control.


The more I progress, the more I seem to be encountering many 'blockades' not customarily seen or experienced by the average end-user or more experienced developers/programmers.

Oct 23, 2022 5:11 PM in response to HWTech

"...never use these options for an SSD as SSDs don't work the same way as hard drives".


In that case, I've come to a dead-end.


Had I known that this particular drive was a critical point to mention from the start, this entire discussion would have ended substantially sooner.


Perhaps that could explain why I got the "Ownership of the affected disk is required." after entering my parameters.


Oct 23, 2022 6:27 PM in response to SteveHS

SteveHS wrote:

Thank you, John.

I tried your suggestion of adding the space after the number 4 : diskutil secureErase 4 /Volumes/Macintosh\ HD

That resulted in the following statement: "Could not find the disk hd".

I think you may have made a mistake typing the command by omitting the backslash after "Macintosh" in the path even though you are showing it in your post. The backslash is critical for the correct path in order to include the space in the path. Instead of using the backslash in the path to "escape" the space, you can include the path within double-quotes instead. Either of the two following commands are equivalent and should work:

diskutil  secureErase  4  /Volumes/Macintosh\ HD

diskutil  secureErase  4  "/Volumes/Macintosh HD"


(Please note - this procedure WAS NOT carried out in RECOVERY MODE)

Was it carried out while booted from a macOS USB installer? Or while the Mac was in Target Disk Mode connected to another Mac? Or an external full macOS boot drive? Otherwise, you cannot erase the drive you are booted from.


Oct 23, 2022 8:08 PM in response to HWTech

"HWTech: I'm a bit curious about why you did not have Filevault enabled on this system if data security is so important now when preparing the computer for sale."


That was a serious misstep on my part.

Fortunately, I managed to get through that ten-year stretch unscathed.


Regarding all of the information you provided - Thank you for your generosity and for sharing your wealth of knowledge.

I'm a big fan of learning by doing despite the outcome. This experience could not have happened without everyone's feedback/assistance.


At this point, I've got a few options that I can try and see where it leads me.

SecureErase (Category 4 - DoE 3 - Pass Secure Erase) Macintosh HD - in Terminal app

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.