brian_c

Q: securely erasing an internal SSD

A friend (really, it WAS a friend!) recently fell for a scam wherein a popup appeared on their screen claiming to be from Apple and advised them call a phone number for assistance with an urgent issue with their Mac   They did, and granted remote access to their system to whatever shady scammer was on the other end of the line.  Eventually they figured out something was up and disconnected from the internet.

 

So now, I'm tasked with fixing this mess.  If it was a spinning HD, I'd be fine... but they have an SSD as their boot drive, and I'm less familiar with security on SSDs.  What's the best approach to securely zeroing everything when an SSD is involved (and how long might it take to perform the operation on a 256GB volume?

MacBook Pro, OS X Yosemite (10.10), Mid-2010 15", i5, 2.4GHz, 8GB RAM

Posted on Aug 14, 2015 5:16 AM

Close

Q: securely erasing an internal SSD

  • All replies
  • Helpful answers

Page 1 Next
  • by fdwlaw,

    fdwlaw fdwlaw Aug 14, 2015 5:49 AM in response to brian_c
    Level 1 (0 points)
    Aug 14, 2015 5:49 AM in response to brian_c

    The easiest way is to connect another Mac to the computer using Thunderbolt.

     

    Connect the TB cable to your computers, restart the computer you want to secure erase and hold down the T during startup.  This puts the computer into target mode, and you will see the computers drive.  Then you can access the computer SSD with Disk Utility and erase or secure erase.

  • by brian_c,

    brian_c brian_c Aug 14, 2015 5:59 AM in response to fdwlaw
    Level 1 (9 points)
    Mac OS X
    Aug 14, 2015 5:59 AM in response to fdwlaw

    From what I've read, Disk Utility disables the "Secure Erase" option for SSD drives as doing so can increase fragmentation (thereby decreasing performance).  This Lifehacker article has a bit to say about it, which led me to ask for opinions/options here.  Take a look: http://lifehacker.com/how-to-securely-erase-a-solid-state-drive-on-mac-os-x-1580 603733

     

    Besides:  who really has a Thunderbolt cable laying around anyhow

  • by Mini-Mac,

    Mini-Mac Mini-Mac Aug 14, 2015 6:12 AM in response to brian_c
    Level 3 (811 points)
    Aug 14, 2015 6:12 AM in response to brian_c

    brian_c wrote:

     

    From what I've read, Disk Utility disables the "Secure Erase" option for SSD drives as doing so can increase fragmentation (thereby decreasing performance).  This Lifehacker article has a bit to say about it, which led me to ask for opinions/options here.  Take a look: http://lifehacker.com/how-to-securely-erase-a-solid-state-drive-on-mac-os-x-1580 603733

     

    Besides:  who really has a Thunderbolt cable laying around anyhow

     

    Using a Thunderbolt cable and another Mac computer is by far the BEST way to secure erase a SSD.....done it several times myself.  If you don't like that then the next BEST solution is to DESTROY the SSD and replace with a new one.  I'd go with the first option if I were you.....it's much cheaper!!!!!!!

  • by brian_c,

    brian_c brian_c Aug 14, 2015 6:19 AM in response to Mini-Mac
    Level 1 (9 points)
    Mac OS X
    Aug 14, 2015 6:19 AM in response to Mini-Mac

    Again, "Secure Erase" is not an option allowed by Disk Utility when dealing with SSDs.  Apple's own support document verifies this (take a look at the note at the bottom):  OS X: About Disk Utility's erase free space feature - Apple Support

     

    Is this because simply erasing is security enough when TRIM is enabled on the drive?

  • by Mini-Mac,

    Mini-Mac Mini-Mac Aug 14, 2015 6:31 AM in response to brian_c
    Level 3 (811 points)
    Aug 14, 2015 6:31 AM in response to brian_c

    brian_c wrote:

     

    Again, "Secure Erase" is not an option allowed by Disk Utility when dealing with SSDs.  Apple's own support document verifies this (take a look at the note at the bottom):  OS X: About Disk Utility's erase free space feature - Apple Support

     

    Is this because simply erasing is security enough when TRIM is enabled on the drive?

     

     

    You wrote    "Again, Secure Erase is not an option in Disk Utility"   THATS RIGHT......And that's why you have to use another Apple computer a Thunderbolt cable and put the computer you want to erase into Target mode.

     

    Look........your being instructed how to erase and secure erase a SSD on a Apple computer.  TRIM has nothing to do with erasing a Apple SSD. 

     

    Do you know how Target mode works????  If not I will give you step-by-step instructions how to use it and erase the SSD.

  • by iW00,

    iW00 iW00 Aug 14, 2015 6:37 AM in response to brian_c
    Level 4 (1,344 points)
    Aug 14, 2015 6:37 AM in response to brian_c

    So question is, why do you want to securely erase this SSD? Simply erasing partition and installing OS IMHO it would be enough.

  • by iW00,

    iW00 iW00 Aug 14, 2015 6:47 AM in response to Mini-Mac
    Level 4 (1,344 points)
    Aug 14, 2015 6:47 AM in response to Mini-Mac

    Mini-Mac wrote:

     

    You wrote    "Again, Secure Erase is not an option in Disk Utility"   THATS RIGHT......And that's why you have to use another Apple computer a Thunderbolt cable and put the computer you want to erase into Target mode.

    No need for it. There are other ways to deal with it without additional Mac and need for Target Mode.

     

    You can use Recovery Disk Assistant and create Recovery USB Disk and boot from it by using Startup Manager:
    OS X: About Recovery Disk Assistant - Apple Support

    How to choose a startup disk on your Mac - Apple Support

     

    You can also boot to Internet Recovery and perform secure erase by using Terminal.

     

    Question is, what's the point if these additional steps are not really necessary? Why you can't simply run Erase of SSD? That should be enough.

  • by Kurt Lang,

    Kurt Lang Kurt Lang Aug 14, 2015 6:51 AM in response to brian_c
    Level 8 (37,696 points)
    Aug 14, 2015 6:51 AM in response to brian_c

    There is absolutely no reason to waste time on a secure erase. A simple erase removes the existing file table and replaces it with a new, blank slate. With no reference to where any of the files are on the drive, though they are still technically there, no OS or any other app can find them in normal use. You'd have to use recovery software to do that.

     

    Just do a simple erase and reinstall the OS. If you have a backup of the drive before it was accessed by these crooks, restore that.

  • by Mini-Mac,

    Mini-Mac Mini-Mac Aug 14, 2015 6:53 AM in response to iW00
    Level 3 (811 points)
    Aug 14, 2015 6:53 AM in response to iW00

    iW00 wrote:

     

    Mini-Mac wrote:

     

    You wrote    "Again, Secure Erase is not an option in Disk Utility"   THATS RIGHT......And that's why you have to use another Apple computer a Thunderbolt cable and put the computer you want to erase into Target mode.

    No need for it. There are other ways to deal with it without additional Mac and need for Target Mode.

     

    You can use Recovery Disk Assistant and create Recovery USB Disk and boot from it by using Startup Manager:
    OS X: About Recovery Disk Assistant - Apple Support

    How to choose a startup disk on your Mac - Apple Support

     

    You can also boot to Internet Recovery and perform secure erase by using Terminal.

     

    Question is, what's the point if these additional steps are not really necessary? Why you can't simply run Erase of SSD? That should be enough.

    Using a Thunderbolt cable and another Apple computer is BY FAR the fastest and easiest.....if you want to or need to secure erase

  • by Linc Davis,Solvedanswer

    Linc Davis Linc Davis Aug 14, 2015 7:25 AM in response to brian_c
    Level 10 (207,926 points)
    Applications
    Aug 14, 2015 7:25 AM in response to brian_c

    "Securely erasing" the SSD, even if you could do it (which you can't), would be pointless. What you actually need to do is restore the system from a backup taken just before the attack, if there is one.

  • by Mini-Mac,

    Mini-Mac Mini-Mac Aug 14, 2015 7:35 AM in response to Linc Davis
    Level 3 (811 points)
    Aug 14, 2015 7:35 AM in response to Linc Davis

    Linc Davis wrote:

     

    "Securely erasing" the SSD, even if you could do it (which you can't), would be pointless. What you actually need to do is restore the system from a backup taken just before the attack, if there is one.

    .....of course you CAN secure erase a SSD

  • by Kurt Lang,Helpful

    Kurt Lang Kurt Lang Aug 14, 2015 8:13 AM in response to Mini-Mac
    Level 8 (37,696 points)
    Aug 14, 2015 8:13 AM in response to Mini-Mac

    No, you can't. At least not in the way you would magnetic media of typical spinning platters. Here's some information repeated by multiple sources why you shouldn't even do such a thing to an SSD drive.

     

    Only Do This If You Have To

     

    Generally speaking, you should never have to perform any maintenance on your solid state drive. Such storage media has been designed with self-sufficiency in mind, using a series of algorithms and failsafes put in place to both maximize drive life and ensure data is properly discarded. The first protection comes in the form of wear leveling, designed to evenly distribute stored data between SSD blocks to ensure even wear.

     

    As a reminder, traditional hard drives store files in physical locations on a magnetic platter, which is then indexed in the file system and accessed using a mechanical arm – a very linear way of doing things. While SSDs also use file systems to communicate data storage locations to the host system, they independently re-shuffle data for wear leveling. Those changes are recorded on a separate map. In other words, SSDs do not use any physically indexable locations, and software cannot specifically target sectors on the disk. Basically, your computer has no way of telling “where” that information was just copied to.

     

    To comply with wear leveling, the SSD must constantly move data around the drive to ensure all blocks are worn at an equal rate. Using a secure “file shredder” to overwrite a specific file or folder many numbers of times is not going to work, because the drive writes all new incoming data to various different blocks, depending on its needs. Only the drive knows where this data is written, so secure deletion tools actually harm SSDs by performing an unnecessary number of additional writes.

     

    Additionally from another article where they are referring to a Windows utility:

     

    Fortunately it is possible to erase most SSDs, though this is closer to a “reset” than a wipe. The “ATA Secure Erase” command instructs the drive to flush all stored electrons, forcing the drive to “forget” all stored data. This command essentially resets all available blocks to the “erase” state, which is what TRIM uses for garbage collection purposes.


    This command does not actually write anything to the drive. Instead it causes the SSD to apply a voltage spike to all available NAND in unison, resetting every available block of space in one operation. By doing this, you will use one whole program-erase cycle for your drive – a small dent in drive life, but still unnecessary unless you’re troubleshooting.

     

    In this case, you aren't doing an actual secure erase, but are resetting each byte on the drive, which is all that is necessary to clear an SSD. And still completely unnecessary for the topic at hand.

  • by brian_c,

    brian_c brian_c Aug 14, 2015 8:22 AM in response to Mini-Mac
    Level 1 (9 points)
    Mac OS X
    Aug 14, 2015 8:22 AM in response to Mini-Mac

    Yes, I *am* being instructed on how to securely erase an SSD on an Apple computer.  But as others have pointed out, securely erasing is actually an unnecessary operation, so I'm going to proceed based on that assumption.

  • by brian_c,

    brian_c brian_c Aug 14, 2015 8:25 AM in response to Linc Davis
    Level 1 (9 points)
    Mac OS X
    Aug 14, 2015 8:25 AM in response to Linc Davis

    In my years of kicking around these forums, I've learned that when Linc Davis weighs in, you can consider the matter closed.  Thanks, Linc!

Page 1 Next