How to Secure Erase / Zero Out external hard drive in El Capitan?

Let's get on the same page. I'm running 10.11.1 and Disk Utility v15.0.

Also I've disable the SIP, Security Integrity Protection, on my iMac and maybe that's why I see that option in Disk Utility. I don't know for sure.

Old Toad wrote:

Let's get on the same page. I'm running 10.11.1 and Disk Utility v15.0.

Also I've disable the SIP, Security Integrity Protection, on my iMac and maybe that's why I see that option in Disk Utility. I don't know for sure.

I was running 10.11.0 and SIP was in force. My external disk was a Toshiba USB 2 bus powered 2.5" drive. It had 2 partitions on it. The one I played with did not have anything in it, even with a name like RecoveryPartition. It was safe for me to play with it.

The only thing that appears to be different is the SIP.

I also have an external Western Digital disk drive and have a couple of questions regarding this thread...

- Does someone have a link to the best instructions on how to do a 7-pass wipe of an external hard drive if we have the new Mac OS using the Terminal?

- Is there a third party disk utility in existence that could do the job of wiping the disk a less complicated way that someone could suggest?

- This is unrelated to my above questions, but can someone recover deleted files off of an SSD drive in the same way one can on a traditional disk drive? (i.e. is there any point to doing a multi-pass wipe of an SSD drive)

I am curious why apple did this. I know there are concerns with people using the utility and wiping things they shouldnt, damaging their machines. But for people selling computers and drives you would think there would be a way for people to securely remove their data. Computers have social security numbers and a lot of personal things you would think Apple would be willing to help protect when their devices are disposed of or sold?

You can use Disk Utility to securely erase an external HD.

1 - launch DU and select the drive.

2 - click on the erase button:

3 - click on the Security Options button:

4 - select the degree of secure erasure you want.

As long as the disk is not an SSD disk this option is available thru Disk Utility.

You are right, thank you for clarifying that. If you notice when you plug in an external drive there are what appears to be two levels if that makes sense. So one is WD My Passport with the drive serial, and below that is the formatted drive name. If you click on the top name with the serial, you can erase but security options isn't listed. But when I click on the formatted option below, te secure pass options then show allowing me to do exactly what I wanted to do. So thank you again for pointing that out.

Last question though, was if secure pass is needed on an SSD? Can you recover deleted files on a solid state the same way you can on a traditional disk drive? Would secure pass erasing even be needed?

Thanks.

Others can explain secure delete and SSD drives better than I but it's not needed with SSDs as it doesn't use magnetism to store the data and then have to get rid of residual magnetism via multiple passes. Also it's reported that multiple passes of writing zeros and ones will shorten the drives life.

- This is unrelated to my above questions, but can someone recover deleted files off of an SSD drive in the same way one can on a traditional disk drive? (i.e. is there any point to doing a multi-pass wipe of an SSD drive)

Yes. It just requires different technology. But there are people with those skills. Although there is a shelf life to the data if the SSD is actively being written to.

And SSD sector can ONLY be written to ONCE, and then it must have a special process applied that resets the sector so it can be written to again. Zeroing is not a reset, it is a totally different process.

For each write the SSD remaps the target sector into the garbage collection pool. It then maps a previously reset sector at the logical offset you wish to write. It then applies your write to the sector. It does this for every write you do. That is to say you NEVER over write your data. It is always moved into the garbage collection pool. If you do a 7 pass erase, it will just keep remapping the target offset into the garbage collection pool. So the garbage collection pool with have your original data, and 7 copies of random data. And of course each sectors with those 7 copies of random data just had their life shortened by 1 write cycle.

SSDs might have a write life of from 1,000 writes to 10,000 writes (they are getting better on the life of the writes, but it is still not a huge number). The SSDs get around this by A) they do wear leveling to avoid writing to the same sector too many times. B) they are over provisioned (a few extra gigabytes of additional sectors) so that as a group of sectors becomes unreliable, they can be retired, and the loss of storage made up for from the over provisioned pool.

The SSD CANNOT reset just 1 sector. It applies the reset to a group of sectors that may be as few as 64K, or maybe 512K, or even larger. When it need to reset a group, if there are any still good sectors in the group, the SSD must copy the good sectors to somewhere outside the reset group, perform the remapping to make the new copy appear that the correct offset, and put the original copy in the garbage collection pool. Then it can reset the group. The reset group gets put into the ready for writing list.

So if say MOST of the reset group contains good data, then it is possible the SSD will avoid choosing that reset group to be reset and whatever data was in the part of the reset group that still has old data on it, will hang around for as long as the SSD avoids resetting that group. Remember, if just 1 out of say 128 sectors is in the garbage collection pool, to reset that pool would require doing 127 copies, shortening the life of some other sectors just to reset that 1 sector in the garbage collection pool. That is a loosing proposition for the SSD, so it is not going to do that. Thus some of your data may hang around for years as long as those other 127 sectors do not changed. I do not know where an SSD would choose to make that trade-off, but if you are talking about a social security number that can live in 1 sector without a problem.

Garbage collection. The SSD will, when not busy reading or writing data, attempt to reset groups in the pool and put them on the ready to write list. That way when you do a large write (think pictures, music, videos, etc...), there lots of available sectors ready to be written, so the SSD can proceed at the fastest possible speed.

If the ready to write list becomes exhausted, then the SSD must start cleaning things from the garbage pool which A) requires the special reset operation, B) may require coping good data out of almost empty reset groups. This slows down your write speed.

NOTE: While you are using sectors from the ready to write list, you are also moving sectors being remapped into the garbage pool. So you will always have sectors to reset, it is just a matter of how much work must be done to get them ready to be written again, and if the SSD is idle so you do not notice it, or if it has to stop accepting your data while it does the resets.

An Apple SSD has TRIM enabled (3rd party SSDs can have TRIM enabled as well, but you have to manually do that). TRIM is a way for the file system to tell the SSD that it just deleted a file, and that all the storage for that file can be put in the garbage collection pool. This gives the SSD more available sectors to find entire reset groups that do not need to have good data copied out of them, which is better for the life of the SSD.

A little more on the short shelf life. Assuming you change over enough data on the SSD, then except for reset groups the SSD decides should be left alone to avoid excessive resets, over time sectors in the garbage collection pool will get reset and the original data will be gone.

NOTE: Any SSD sectors that become unreliable get retired, and those will most likely retain their data for a much longer period of time, just like a mapped out rotating disk sector that becomes unreliable.

Bottom line.

• An SSD has a limited number of writes that the SSD goes through huge efforts to avoid writing to the same physical sector too many times (wear leveling).
• The SSD does not over write your data.
• Your data may sit in the garbage collection pool forever if the SSD decides to avoid shortening the life of the unchanged part of the reset group.

I am curious why apple did this. I know there are concerns with people using the utility and wiping things they shouldnt, damaging their machines.

I would guess that when you say something is secure and it is not, that you open yourself up to all kinds of legal issues.

Also more and more of Apple's products are moving to SSD storage. Writing erase patterns to an SSD, shorten the life of the SSD and do not actually write over what you want.

But for people selling computers and drives you would think there would be a way for people to securely remove their data. Computers have social security numbers and a lot of personal things you would think Apple would be willing to help protect when their devices are disposed of or sold?

Apple did provide something. System Preferences -> Security -> FileValut. If you have been using FileVault all along, then when you want to sell your Mac, you just reformat the storage, which destroys the keys, then install a clean copy of OS X, and you are good to go. Because without the encryption keys, all that data is just a bunch of random bits. And because you have been using FileVault from the beginning, any data sitting in the over provisioning pool, or data that has been mapped out because the sectors have become unreliable, etc... are also just random bits without the encryption keys.

Also with FileVault on, you deleted files are just a bunch of random bits.

Problem solved.

I've noticed your screen shot shows your external is currently a TimeMachine backup volume. You probably need to temporarily turn off TimeMachine and/or dis-designate that drive as a TimeMachine drive. Then you may see the security option available. And check your read/write permissions in the Get Info panel.

Thanks Timothy,

I had the same issue, I have an external HDD (not an SSD) and the "Security Options" button wasn't showing up when I tried to erase the drive. I deleted the drive without any security selected (which took about 15 seconds) and then ran "First Aid" on the drive, which succeeded in about 30 seconds. When I went back to erase the drive again, the "Security Options" button had reappeared. Hope this helps.

Steps:

1. Erase drive non-securely.
2. Run "First Aid"
3. Erase drive again, security options should appear.

Cheers,

Thanks so much for this - I finally was able to zero out my external drive. Turns of that with an SSD drive the Secure options never show up on Disk Utility. I don't know why Apple has to make things difficult.

I don't know why Apple has to make things difficult.

Because the zeroing options don't work with SSD's. The way they work is entirely different than a spinning hard drive..

RobAle wrote:

Thanks so much for this - I finally was able to zero out my external drive. Turns of that with an SSD drive the Secure options never show up on Disk Utility. I don't know why Apple has to make things difficult.

Piggy backing on Barney-15E, zeroing an SSD, especially multiple passes, shortens the life of the SSD, as an SSD has a finite number of write cycles before it dies. Writing zeros to the entire SSD insures that every cell is 1 more write closer to total failure.

The proper way to make sure an SSD is safe to resale if to use System Preferences -> Security -> FileVault from day one, and then just reformat the SSD when you are going to sell it, which will throw away the decryption key so all that remains is a disk full of undecryptable random bits.

I understand that, but sometimes one attaches a non SSD drive and wants to securely erase it. There is no option to do so in the Disk Utility interface. The command line secureErase works, but it wouldn't' kill them to provide the option in DU.