Erasing Hard Drive - No More "Secure" Options?

Per Apple, Secure Delete does not work on SSD devices, and accordingly has been removed. The associated details were in a security report
identified as CVE-2015-5901, and this behavior is specifically mentioned in About the security content of OS X El Capitan v10.11 - Apple Support.

SSD doesn't deletem doesn't erase and doesn't overwrite in the same way as hard disks did, so overwrites are — until you flush the entire cache of TRIMmed data within the SSD repeatedly — futile. What you asked to have multiply-overwritten — until the cache of pre-erased "free space" has been repeatedly flushed — hasn't been.

The whole basis for using multiple overwrites — that the exactly read-write head alignments varied slightly on hard disks, and you could potentially access deleted data by offsetting the heads slightly — also does not apply to SSDs.

Simply deleting the SSD data with whole-disk encryption will get most folks where they want to be here.

If you're still working with hard disks, then you can use the srm command.

M5Marco wrote:

popup comes on screen with my only choices being name, format, and then the erase button. I do not see anywhere any options for secure erase. Is there something I am missing here?

I don't know what to tell you other than it works for me. Below is a photo I took of the screen of my iMac booted into the Recovery HD partition with Disk Utility running, the Macintosh HD selected, & the Erase button clicked:

There are quite a few posts here regarding that - you might want to do a search; here is one of them:

Secure Empty Trash missing on El Capitan

Personally, I've only used a 3 pass erase/write if I was going to sell the machine; since no one has access to it, I've never seen the necessity. When my MBP's SSD goes, I will be taking a hammer to it and reinstall the original hard drive.

Disk Utility in El Capitan has the same security options as it did in Yosemite for erasing volumes.

From step 4 of the Disk Utility help topic Disk Utility (El Capitan): Erase a volume:

To prevent the erased files from being recovered, click Security Options, use the slider to choose how many times to write over the erased data, then click OK.

Writing over the data three times meets the U.S. Department of Energy standard for securely erasing magnetic media. Writing over the data seven times meets the U.S. Department of Defense 5220-22-M standard.

If you do not see the Security Options button in the drop down window after clicking Disk Utility's erase button, it means you selected the "parent" disk, not a "child" volume indented underneath it in the list of disks on the left.

M5Marco wrote:

I want to erase my entire hard drive and start fresh as I mentioned in the OP above. I click Macintosh HD, choose erase, and it erases the entire thing in a matter of seconds. I don't see any security options. Am I missing something?

Like I said, in the El Capitan version of Disk Utility you have security options only for erasing volumes, so if you select the hard drive itself you won't see the Security Options button. There is generally no reason to securely erase the entire HD since nothing not contained in its volumes contains any sensitive data -- it is just the same stuff that anyone can download from Apple.

But if for some reason you want to securely delete what is currently on your Macintosh HD volume, you can do that by selecting it so that the Security Options button will appear. Of course, you can't do this while booted up from that volume (because the OS would be erasing itself) so you will need to start up from something else, typically the Recovery System, which is one reason why you can't erase the entire drive (because that would wipe out the Recovery HD partition along with everything else).

Once the Macintosh HD volume has been securely erased by Disk Utility running from the Recovery HD partition (& the single pass option is generally adequate for making anything in it unrecoverable) you can then quit DU & choose the install option.

M5Marco wrote:

So what does one do when selling a Mac with an SSD. Sell it without a hard drive?

Will a simple erase (the only option Apple offers me) suffice for a home use user who wants to "erase and start over" and reinstall OS fresh? All this old data just sitting on the disk from previous OS installs.

Also should I refrain from erasing the SSD as I understand it deteriorates the drive?

Overwrites don't work the same on SSDs as they do on hard disks — hard disks use the same storage area — the same sector — for each rewrite and for overwrites, up until when that sector gets an error and the host then revectors the storage to a spare block. (Downside of revectoring, the old data can still be readable, even if there are errors in it. Use drive encryption.) Unlike hard disks, SSDs keep a pool of erased blocks handy — this pool is managed with the TRIM command and drive firmware — and SSDs then remap the storage address that OS X uses for the location of that erased data — the OS X sector address stays the same, but the mapping to the storage changes — as erasing SSD storage is very slow. This means that — unlike hard disks — the storage location changes on each rewrite of a sector of SSD storage. This then leads the data security erase (srm, secure delete, etc) to be fundamentally problematic on SSD. Hence its removal.

As for your question... In some high-security or highly-sensitive environments, folks will not sell systems with an SSD or with a hard disk, yes. They'll have specific procedures for erasing or for physically destroying the disk or SSD. Most folks aren't in these sorts of environments, but if you are — if you are in a commercial or government environment — then check with your IT organization for the local guidelines and recommendations for data disposal.

Okay, now to the part that matters for most folks... In general, enable FileVault 2. If it's not already enabled. Like backups, you want this. Use a decent password for the encryption. Without knowing this password, the disk is effectively filled with junk. Always. This means that if the SSD or the MacBook Pro is lost or stolen, the data is not accessible. This means that when the device is no longer needed and due for retirement or sale or disposal, the data is not accessible. Even the stuff in the trash is not accessible.

When you're done with the Mac, follow the Apple instructions.

Yes, an SSD overwrite will be enough for most folks. Particularly if you're overwriting a disk that was previously protected with FileVault 2.

Yes, SSDs do have a write limit — a total capacity that needs to be written — but that limit is usually far past what most folks realize. Hard disks also have a useful limit, and — worse — the SMART data is not predictive of many common failures. In short, catastrophic failures are common with motorized rotating-rust storage devices, too; with hard disks.

I don't know the lifetime specs on the Apple SSD drives (nor even if they're published anywhere), but other vendors do report the whole-disk-writes per day, such as for a variety of SSD devices from HPE — DWPD, the drive writes per data; the number of times the whole disk is written each day, for five years. You're probably not writing the whole disk several times a week, which is the very low-end of the cheapest of the SSD devices available from HPE, too.

Again, I don't know what Apple specifies here (nor if they report terabytes or petabytes written; TBW, PBW), but go have a look at the SMART data for a well-used SSD and see what it reports, as has been suggested by some folks. (That link also as a DWPD - TBW conversion.) Samsung publishes a terabytes-written (TBW) specification. With that data, you'll have some idea of how much "wear" actually exists for your particular use.

When you format using Disk Utility it only erases the disk index, it's a very quick operation. The files are still "on the disk" but are not visible or readily available to you without tools specific for "undeleting" them, and it's no gauretee you will be able to restore then in the event you use those applications.

the files will become written over as if they were never there in the first place as you use the drive for your needs.

M5Marco wrote:

http://www.macissues.com/2015/10/03/how-to-securely-delete-files-in-os-x-10-11-e l-capitan/

Seems to say the secure erase function no longer works because Apple said it wasn't gaurentee to work in the past. So the function is no longer available. ****

Unfortunately, that article does not make very clear the distinction between securely erasing an entire volume & securely emptying files in the trash or just the free space on a volume. That has caused a lot of confusion among users.

While it is true that there is no way to guarantee that any secure erase of a SSD will actually erase all vestiges of the data previously on it, securely erasing an entire volume will overwrite every part of it accessible to the OS, which includes file system locations that would not be touched by securely emptying the trash, or are being used for caches & the like that could contain all or part of a file's data which are not marked as free space.

IOW, securely erasing the entire volume ignores where in its file system data might be stored & overwrites all of it, including the part used to store the info about the file system itself. This isn't perfect but it is as good as it gets, short of physically destroying the drive.

When you select the volume and press the erase, in the popup window in

the lower left corner should be a button "Security Options...". Pressing

that should bring up the dialog with a slider for different levels of erase.

Yes, my Macintosh HD volume contains OS X version 10.11.1 & is my normal startup disk. The other volume you see listed there I named "Mountain Lion HD" has OS X 10.8.5 on it but that should not make any difference.

The important things to note are in the information below the popup. The Mount Point should be "/Volumes/Macintosh HD" which indicates it is not the current startup disk, & the Type should be either "Logical Volume" or "Physical Volume," indicating it is a volume & not a drive.

It just occurred to me that the reason you are not seeing the Security Options button is because your internal drive is a SSD. As I mentioned earlier, there is no way to guarantee the secure erase of anything on an SSD (it is a consequence of the way data is stored in their memory cells that cannot be worked around by software), so my guess is Apple has designed Disk Utility not to offer a security erase for SSDs, since that would just wear them out slightly faster without really securely erasing what is on them.

If I'm right about this, you could test with an external mechanical drive if you have one. Just connect it, start up Disk Utility, select one of its volumes, & click the erase button. (You don't have to erase anything, just note if the Security Options button shows up or not.)