You can make a difference in the Apple Support Community!

When you sign up with your Apple Account, you can provide valuable feedback to other community members by upvoting helpful replies and User Tips.

Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

Erasing Hard Drive - No More "Secure" Options?

I had 10.11.1 installed and decided to wipe the hard drive clean and reinstall the OS fresh. So I went about doing just that. I noticed Apple revamped Disk Utility. When attempting to erase the hard drive I did not see any options to securely erase it. Back on Yosemite I had the option to wipe the drive according to different industry security standards (7 rewrite passes of the drive being most secure option).


EL Capitan only provided me with a simple "erase" function that wiped the entire drive within seconds and that was that. So i am wondering if I might have simply missed where the erase security options are, or if Apple removed them entirely?


Thanks in advance for responses.

Posted on Nov 1, 2015 10:45 PM

Reply
Question marked as Top-ranking reply

Posted on Nov 2, 2015 2:36 PM

Per Apple, Secure Delete does not work on SSD devices, and accordingly has been removed. The associated details were in a security report
identified as CVE-2015-5901, and this behavior is specifically mentioned in
About the security content of OS X El Capitan v10.11 - Apple Support.


SSD doesn't deletem doesn't erase and doesn't overwrite in the same way as hard disks did, so overwrites are — until you flush the entire cache of TRIMmed data within the SSD repeatedly — futile. What you asked to have multiply-overwritten — until the cache of pre-erased "free space" has been repeatedly flushed — hasn't been.


The whole basis for using multiple overwrites — that the exactly read-write head alignments varied slightly on hard disks, and you could potentially access deleted data by offsetting the heads slightly — also does not apply to SSDs.


Simply deleting the SSD data with whole-disk encryption will get most folks where they want to be here.


If you're still working with hard disks, then you can use the srm command.

32 replies

Nov 2, 2015 12:55 PM in response to R C-R

I can confirm that it is indeed /volumes/macintosh HD and is a logical volume. I have a solid state drive, only thing I can think is maybe there is a correlation between the erase options and the type of drive it is. I once heard a long time ago that solid state drives deteriorate rather quickly with wipes and reinstalls. But I also heard that only applied to SSD when they first hit the market. Also, with previous OS I was able to secure erase the same drive no problem.


At this point I don't know what else to say other than thank you for all your help. No secure erase option for me.


For home use, would a simple erase suffice with clearing the drive and reinstalling OS fresh?

Nov 2, 2015 2:09 PM in response to M5Marco

I have an SSD in my MBP and have NO secure option in Disk Utility; as I installed it, I have decided to take a hammer to it and reinstall the original hard drive if it dies or I'm going to sell the MBP. I do not trust any of the available options as none are really secure or safe, especially after reading that secure erase never really was secure.

Nov 2, 2015 2:15 PM in response to babowa

You raise an interesting point. As it stands I believe that SSD can not be safely wiped unless you send it through a shredder or introduce to an angry hammer. SSD are great but securing data reliably is a drawback.


If I am ever to sell my MacBook I would have to sell it without the hard drive. Which of course will affect the sale.


For my purposes right now, would a simple " erase" do the trick of wanting to start over and reinstall OS fresh?

Nov 2, 2015 2:23 PM in response to babowa

I am confused. You say erase will do the trick ok (if not selling), but data on an SSD won't be written over naturally like it is on the older spinning disks. So SSD carry with them old data. Potential eventually for an SSD to start acting up and going corrupt if this old data starts tripping it up for one reason or another?

Nov 2, 2015 2:49 PM in response to MrHoffman

So what does one do when selling a Mac with an SSD. Sell it without a hard drive?


Will a simple erase (the only option Apple offers me) suffice for a home use user who wants to "erase and start over" and reinstall OS fresh? All this old data just sitting on the disk from previous OS installs.


Also should I refrain from erasing the SSD as I understand it deteriorates the drive?

Nov 2, 2015 4:41 PM in response to M5Marco

M5Marco wrote:

Potential eventually for an SSD to start acting up and going corrupt if this old data starts tripping it up for one reason or another?

As far as the file system is concerned, the old data doesn't exist so in that respect it doesn't matter if the drive (SSD or spinning) is erased normally or securely. In fact, most of the secure erase algorithms that have been used for decades on spinning disks write random data patterns to them, which can no more trip up the drive than the old data pattern could.


The only benefit of a secure erase -- no matter what data pattern it uses -- is to make the data unrecoverable. That's why it is called a security erase & not a magic-keep-the-drive-from-acting-up one.

Nov 2, 2015 4:53 PM in response to R C-R

The referenced Apple tech paper says:

Available for: Mac OS X v10.6.8 and later

Impact: The "Secure Empty Trash" feature may not securely delete files placed in the Trash

Description: An issue existed in guaranteeing secure deletion of Trash files on some systems, such as those with flash storage. This issue was addressed by removing the "Secure Empty Trash" option.

Note that this seems to indicated flash storage, not disks. But, whatever. I have learned in this thread that it is impossible to run out of room on a hard-drive, because you can never write over all the data. Thus there must be blocks always available, right? If you start at block A and step through every byte, until you reach block Z, you indeed will write over all the data. The disks will probably skip bad bytes and blocks, which means they are bad and not-recoverable, anyway. Or we can do it the hard way and randomly write data, here and there, and hope we erase what we are worried about.

Nov 2, 2015 5:43 PM in response to MrHoffman

Wow thanks for that write-up. I never knew FileVault was so powerful and useful. Surprised Apple doesn't tout its use more often and publicly.


FileVault can be turned on at any time and still be as effective at protecting data as if it were turned on day 1?


Also the password required for FileVault, does it work in conjunction with a normal user account password for a Mac, or does it replace it? Basically do you still turn on the Mac, type in password and go about your business? Or do you have to type in account user password and then another password (FileVault) to use the Mac?


And final question. You mention FileVault 2, is this the same FileVault that comes with every Mac and OS install, or is FileVault 2 on the App Store or something? I ask because when I install OS it asks about FileVault on one of the OS install screens, but I don't see FileVault 2 specifically written anywhere.

Nov 2, 2015 5:39 PM in response to Skippy Stone

Skippy Stone wrote:


Note that this seems to indicated flash storage, not disks. But, whatever. I have learned in this thread that it is impossible to run out of room on a hard-drive, because you can never write over all the data. Thus there must be blocks always available, right? If you start at block A and step through every byte, until you reach block Z, you indeed will write over all the data. The disks will probably skip bad bytes and blocks, which means they are bad and not-recoverable, anyway. Or we can do it the hard way and randomly write data, here and there, and hope we erase what we are worried about.


For hard disks — and ignoring revectored (bad) blocks — yes.


For SSDs, the overwrite involves the entire disk plus the capacity of the pool of spare blocks.


It's the secure delete that does not work the same with SSDs as it did with hard disks.


The deleted data in an SSD eventually gets erased and released into the free pool and ready for use later.


As mentioned in my earlier reply, sectors don't have fixed mapping on SSDs. This for various reasons not the least of which is that the erasure process is slow, and because it's beneficial to level the wear across all of the available storage rather than wearing out one or two specific sectors.


A request for a multiple-overwrite does nothing useful with an SSD, as it's not actually overwriting the same physical storage each time. It's just churning through the free pool, uselessly writing to various parts of the SSD. If you blow through the free pool, then the data will get erased — but it's erased secondary to the erasure process that the SSD does with each sector before it can be reallocated and reused, and not due to the erasure request.


Not until the deleted data goes through the erasure process — or the whole drive gets a security erase — is the data from the original deletion actually deleted.


Not that getting at the data that's still in the storage that's pending an erasure is at all easy, either.


Typical end-user of a Mac that's preparing for sale or disposal? Wipe the disk and reload OS X, and you're very likely fine. Use FileVault 2 for best results here, too.


If you're operating in an environment with specific disposal requirements or extremely sensitive information, then please check with the folks in your organization that deal with these questions directly, or chat directly with somebody that specializes in the area of data and hardware disposal.

Nov 2, 2015 8:44 PM in response to MrHoffman

MrHoffman wrote:

Overwrites don't work the same on SSDs as they do on hard disks — hard disks use the same storage area — the same sector — for each rewrite and for overwrites, up until when that sector gets an error and the host then revectors the storage to a spare block. (Downside of revectoring, the old data can still be readable, even if there are errors in it.

For completeness, it should be mentioned that while a mechanical drive may use the same sector for rewrites or overwrites, the file system & the OS often does not. For instance, OS X uses techniques like delayed writes & hot file clustering to improve performance & reduce file fragmentation, which effectively copies data from some sectors to others without overwriting the old ones. Fusion drives dynamically move files between solid state & mechanical storage depending on the frequency of their access & do not necessarily place items moved into sold state memory back into the same sectors on the mechanical drive. The virtual memory system (VM) further complicates things because it pages data out of memory into storage & may not always use the same sectors for this. Likewise, some processes create temporary files for a variety of reasons & they too may contain user data that isn't overwritten immediately.


This is why the secure empty trash & any other secure erase function short of a secure erase of the entire volume are not reliable -- it is basically an all or nothing thing, even for mechanical drives.

Erasing Hard Drive - No More "Secure" Options?

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.