How to Secure Erase / Zero Out external hard drive in El Capitan?

Let's get on the same page. I'm running 10.11.1 and Disk Utility v15.0.

Also I've disable the SIP, Security Integrity Protection, on my iMac and maybe that's why I see that option in Disk Utility. I don't know for sure.

Old Toad wrote:

Let's get on the same page. I'm running 10.11.1 and Disk Utility v15.0.

Also I've disable the SIP, Security Integrity Protection, on my iMac and maybe that's why I see that option in Disk Utility. I don't know for sure.

I was running 10.11.0 and SIP was in force. My external disk was a Toshiba USB 2 bus powered 2.5" drive. It had 2 partitions on it. The one I played with did not have anything in it, even with a name like RecoveryPartition. It was safe for me to play with it.

I also have an external Western Digital disk drive and have a couple of questions regarding this thread...

- Does someone have a link to the best instructions on how to do a 7-pass wipe of an external hard drive if we have the new Mac OS using the Terminal?

- Is there a third party disk utility in existence that could do the job of wiping the disk a less complicated way that someone could suggest?

- This is unrelated to my above questions, but can someone recover deleted files off of an SSD drive in the same way one can on a traditional disk drive? (i.e. is there any point to doing a multi-pass wipe of an SSD drive)

I am curious why apple did this. I know there are concerns with people using the utility and wiping things they shouldnt, damaging their machines. But for people selling computers and drives you would think there would be a way for people to securely remove their data. Computers have social security numbers and a lot of personal things you would think Apple would be willing to help protect when their devices are disposed of or sold?

You are right, thank you for clarifying that. If you notice when you plug in an external drive there are what appears to be two levels if that makes sense. So one is WD My Passport with the drive serial, and below that is the formatted drive name. If you click on the top name with the serial, you can erase but security options isn't listed. But when I click on the formatted option below, te secure pass options then show allowing me to do exactly what I wanted to do. So thank you again for pointing that out.

Last question though, was if secure pass is needed on an SSD? Can you recover deleted files on a solid state the same way you can on a traditional disk drive? Would secure pass erasing even be needed?

Thanks.

Others can explain secure delete and SSD drives better than I but it's not needed with SSDs as it doesn't use magnetism to store the data and then have to get rid of residual magnetism via multiple passes. Also it's reported that multiple passes of writing zeros and ones will shorten the drives life.

I've noticed your screen shot shows your external is currently a TimeMachine backup volume. You probably need to temporarily turn off TimeMachine and/or dis-designate that drive as a TimeMachine drive. Then you may see the security option available. And check your read/write permissions in the Get Info panel.

Thanks so much for this - I finally was able to zero out my external drive. Turns of that with an SSD drive the Secure options never show up on Disk Utility. I don't know why Apple has to make things difficult.

RobAle wrote:

Thanks so much for this - I finally was able to zero out my external drive. Turns of that with an SSD drive the Secure options never show up on Disk Utility. I don't know why Apple has to make things difficult.

Piggy backing on Barney-15E, zeroing an SSD, especially multiple passes, shortens the life of the SSD, as an SSD has a finite number of write cycles before it dies. Writing zeros to the entire SSD insures that every cell is 1 more write closer to total failure.

The proper way to make sure an SSD is safe to resale if to use System Preferences -> Security -> FileVault from day one, and then just reformat the SSD when you are going to sell it, which will throw away the decryption key so all that remains is a disk full of undecryptable random bits.

I understand that, but sometimes one attaches a non SSD drive and wants to securely erase it. There is no option to do so in the Disk Utility interface. The command line secureErase works, but it wouldn't' kill them to provide the option in DU.

RobAle wrote:

I understand that, but sometimes one attaches a non SSD drive and wants to securely erase it. There is no option to do so in the Disk Utility interface. The command line secureErase works, but it wouldn't' kill them to provide the option in DU.

But Apple can also not guarantee that it will actually securely erase the HDD. Cached files, bad blocks, and a few other problems mean that securely erasing may not securely erase the data. They could possibly come up with a "might probably securely erase the drive" routine, but it is much more secure to encrypt the entire drive which obviates the need to secure erase.

Imran, I ran into this too. A very subtle part of the UI for this dialog:
Security Options... is available if you select the partition, but not if you select the entire drive.

This is a useability bug: Why not provide this option for the entire drive?

"Zero out all the partitions, then delete the partition map" sounds pretty good to me.

Until then, you can visit each partition and secure-erase it.

Thanks so much for providing the pointer to this command!

I found that for some reason, when I tried to do this after booting from a USB thumb drive with an El Capitan installer on it and going into Terminal, I was told that the internal drive was busy. It gave me this:

Started erase on disk0

Error: -69879: Couldn't open disk

Underlying error: 16: POSIX reports: Resource busy

What fixed it was to switch out of Terminal and into Disk Utility and to eject my internal volume.

[quote]I understand that, but sometimes one attaches a non SSD drive and wants to securely erase it. There is no option to do so in the Disk Utility interface. The command line secureErase works, but it wouldn't' kill them to provide the option in DU.[/quote]

It's there if you are doing everything right. You're probably just a bit confused. Others in this discussion have shown you, including in pictures.

When you buy an external drive and pug it in you have one big honkin' drive. That drive has one partition. So - In Disk Utility you will see the drive its self and the partition linked under it. You can format each - The drive its self and the partition. Now - let's say it's a 4TB drive and you want to partition it into 4 separate partitions...

First you click on the main drive (master or whatever you want to call it) in the list, not the partition. Format it. You will then get an option to Partition the drive. You can, for example, partition it into 4 1TB (or there abouts) partitions. Each partition can be in a different format (such as OS X Journaled and a Windows partition for Bootcamp people, and 2 others). Each partition will show up on your desktop and look like they are separate drives, so 1 drive with 4 partitions will show up on the desktop as 4 "drives", each of which is simply a partition on a single drive. The only way you will actually see the drive as a whole will be in a utility such as Disk Utility. In my case, today I had a 2TB drive that decided to take a dive. I suspected corruption rather than a drive failure, so I ran an application called "Data Rescue" - It saw the drive (which did not show up on the desktop), scanned the drive, found the index and I copied all my files to another drive. That said, it was a 2nd backup drive which was rarely used so to make sure the drive is OK I'm "stress testing" it by using a 3 pass format. NOTE: Over the years I have seen many drives go belly up, including some RAID 5 drives, and Data Rescue has worked *almost* every time. But then - I keep 2 backups of everything since I value my data some of which goes back to 1987. I have seen a few drives that Disk Utility didn't even show that Data Rescue showed and recovered data from.

Others have pointed out the other essentials. My post is only to say you really have to pay attention to details such as whether you have the "main" drive clicked/highlighted vs. a partition on a drive. You will get different options with each.

And - Beware of internet searches. Technology has changed and is changing rapidly. Years ago if you were closing down and had a hard drive online you had to give a command to "park" the drive head. I say this because sometimes the changes are significant. Not too many years ago you had to have a program to scan a HDD completely to force it to map out bad blocks. These days drives map out bad blocks "auto-magically" on the fly. So - When you do searches, check the date of things you read and make sure it's recent and relative to technology today. Some things (e.g.: defragmenting a hard drive in this day and age makes little sense) are just hangovers from "the old days".

NOTE: This is about "spinning rust" hard drives. SSD's are a totally different animal which has been well discussed in this discussion.

DISCLAIMER: I use Data Rescue, and have for years, but have no affiliation with them. I mention it here because it has been very good to me over the years.

My two cents... 🙂

There's none in El Capitan.

For your external HD, do a format.

A fifth option is to encrypt the drive then format it as unencrypted.