Secure erase is not removed from the CLI version of Disk Utility (see below).
diskutil secureErase -help
Usage: diskutil secureErase [freespace] level MountPoint|DiskIdentifier|DeviceNode
Securely erases either a whole disk or a volume's freespace.
Level should be one of the following:
0 - Single-pass zeros.
1 - Single-pass random numbers.
2 - US DoD 7-pass secure erase.
3 - Gutmann algorithm 35-pass secure erase.
4 - US DoE 3-pass secure erase.
Ownership of the affected disk is required.
Note: Level 2, 3, or 4 secure erases can take an extremely long time.
ex: diskutil secureErase 4 disk5
Retired Engineer, do you have any references? What I have read says otherwise.
Drive Wear & Tear
What is your estimation of wear and tear on the flash by writing to 0's. What percentage of the drives total usage has been "wasted"? I thought even consumer drives where capable of 1000 - 10000 rewrites per cell, whereas enterprise SSDs are capable of over 100,000: http://www.computerworld.com/s/article/9112065/Solid_state_disk_lackluster_for_l aptops_PCs?taxonomyId=19&pageNumber=1&taxonomyName=Storage.
"For one thing, it matters whether the SSD drive uses SLC or MLC memory. SLC generally endures up to 100,000 write cycles or writes per cell, while MLC can endure anywhere from 1,000 to 10,000 writes before it begins to fail, according to Fujitsu's Hagberg. For its part, Western Digital's laptop hard-disk drive boasts up to 600,000 write cycles."
That's an old artcile too. Slightly newer, in late 2008 Micron/Sun achieved SLC NAND chips capable of over 1,000,000 write cycles: http://investors.micron.com/releasedetail.cfm?ReleaseID=440650 . I imagine things have gotten slightly better in the last 4 years.
This paper (http://static.usenix.org/events/fast11/tech/full_papers/Wei.pdf) states, "In most cases, overwriting the entire disk twice was sufﬁcient to sanitize the disk, regardless of the previous state of the drive."
Going on however, "Overall, the results for overwriting are poor: while overwriting appears to be effective in some cases across a wide range of drives, it is clearly not universally reliable. It seems unlikely that an individual or organization expending the effort to sanitize a device would be satisﬁed with this level of performance."
The best method I have found for wiping an SSD on a Mac is the (SAFE) Scramble and Finally Erase process as described in this UC San Diego research paper: http://cseweb.ucsd.edu/users/swanson/papers/TR-cs2011-0963-Safe.pdf.
According to their paper, the effectiveness of the procedure is equiavlent to degaussing a magentic drive. Another tidbit, the SAFE technique is replicated by Sandforce controller when someone reformats the drive (as mentioned by Linc Davis above, however, I believe this is specific only to Sandforce controllers).
Does anyone have confirmation of Linc's original answer (that a basic reformat is sufficient for secure erasure because it erases the internal random key that the controller uses to write to the memory)? I need to wipe some data from my old MBP before I pass it on to somebody, and every suggestion that I've seen for sanitising the drive seems horribly complex -- except for Linc's.
One suggestion (made elsewhere) that made sense was to turn on Filevault to encrypt the drive's data, THEN reformat -- anything retrievable after the reformat would then be encrypted and useless. But for some reason my MBP won't let me turn on Filevault (claiming something about the drive having the wrong formatting system or something and suggesting that I reformat the drive in order to use filevault. That seems pointless to me since I'm only turning on Filevault so that I can reformat the drive *afterward*).
So if somebody have confirm or verify Linc's assertion that reformatting the drive will make data effectively unrecoverable, then that's the route for me. I've done some googling but haven't been able to turn up anything to confirm the statement.
I should add that this is a retro-fitted third party (Samsung) SSD, not one supplied by Apple.
Can anyone confirm Linc's claim?
Linc's answer is partially true, however it is presented as if it applies to all SSDs ever made, which it does not. A good discussion on wiping SSDs is over here on ServerFault http://serverfault.com/questions/282555/zeroing-ssd-drives
An entry in the Apple knowledge base reads:
Note: With an SSD drive, Secure Erase and Erasing Free Space are not available in Disk Utility. These options are not needed for an SSD drive because a standard erase makes it difficult to recover data from an SSD. For more security, consider turning on FileVault encryption when you start using your SSD drive.
When I contacted Apple (both through the genius bar and by calling technical support), they also assured me that a simple erase was sufficient with SSD's. However, most of the literature on SSD's suggests that this isn't really the case, since SSD's can leave behind many copies of blocks, and since there are free space areas of the SSD that are inaccessible to anything above the SSD controller.
Your answer (that Macs always encrypt the drive with a random key and then simply throw the key out on an erase) seems to reconcile these two views of SSD security. However, the SSD I want to clear is very old (it came with my 2010 MacBook Pro), so I would like to find out more about whether this has always been the case. Do you have any more details about whether this applies only to particular drives? Is there a name for this feature that I could google for more information?