TaxiFish

Q: Is  secure erase supported in Sierra

After downloading Sierra I can no access secure erase via finder?  How are files securely erased using Sierra 10.12? 

Posted on Oct 6, 2016 7:16 PM

Close

Q: Is  secure erase supported in Sierra

  • All replies
  • Helpful answers

  • by etresoft,

    etresoft etresoft Oct 6, 2016 7:20 PM in response to TaxiFish
    Level 7 (29,345 points)
    Mac OS X
    Oct 6, 2016 7:20 PM in response to TaxiFish

    Hello TaxiFish,

    You need to encrypt the drive with FileVault first. Then just delete. Apple now uses SSD drives in most of their machines and those drives do not support secure erase.

  • by NicoRobin00,

    NicoRobin00 NicoRobin00 Oct 6, 2016 7:30 PM in response to etresoft
    Level 1 (16 points)
    Mac OS X
    Oct 6, 2016 7:30 PM in response to etresoft

    Let me see if I understood,

    1-Encrypt the drive with FileVault

    2.-Restart Mac and Command +R after

    3-Open Disk Utility

    4-Erase Macintosh HD

    5-Reinstall macOS Sierra

     

    Its that correct? and two more questions

    This is the same as erase the drive with secure options ?,

    If I erase without Filevault I can erase  malware(trojan horse)?

     

    Thanks

  • by TaxiFish,

    TaxiFish TaxiFish Oct 6, 2016 8:07 PM in response to etresoft
    Level 1 (8 points)
    Mac OS X
    Oct 6, 2016 8:07 PM in response to etresoft

    Thanks.  Should have provided additional info.

    Am using 2014 MacBook Pro.  Drive is SSD and is currently encrypted.  It was also encrypted when previously using OS X.  Under OS X the secure erase option was available. This could be done on 'demand' or system wide.  It appeared to be doing something as it added significant time when compared to the standard empty trash function.  Apparently I now have 2 questions. 1. Did/does secure erase do ANYTHING useful under OS X?  2. If yes how do I do the same or better using Sierra? 

     

    Thanks

  • by BobHarris,

    BobHarris BobHarris Oct 6, 2016 8:13 PM in response to NicoRobin00
    Level 6 (19,633 points)
    Mac OS X
    Oct 6, 2016 8:13 PM in response to NicoRobin00

    You should use FileVault from the first day you purchase your Mac.  Then all your data is encrypted, including any bad blocks, or on SSD's the blocks that have not been pre-cleaned.

     

    Then when you reformat your storage, the encryption key will be thrown away, and all the encrypted data is just a bunch of random bits.

     

    Encrypting after the fact, means that any bad blocks will have readable data with the right tools, any SSD's with block that have not been pre-cleaned will be readable with the correct tools.

     

    Basically if you have a SSD and did not keep the SSD always encrypted, then you will expose some portion of your personal data to anyone with the correct tools when you sell your Mac.

     

    As for the old Secure Erase of individual files, that is no-longer a Finder option as of El Capitan, and no longer an 'srm' command via Terminal in Sierra.  Using Secure Erase on an SSD never deletes the data you want, and shortens the life of your SSD.  On a rotating disk drive, as long as none of the blocks became a bad block, secure erase would wipe the file.

     

    If you have a rotating hard disk, you can use a package manager, such as Home Brew, MacPorts, or Fink to install an open source 'srm' package, or you can search for an App that claims to do secure erase.  But keep in mind it is a waste of effort doing this on an SSD, and not 100% reliable on an rotating hard disk.

     

    As EtreSoft says, Apple has been shipping most of their Macs using SSDs, and going forward, it appears they will be moving towards all Macs shipping with SSD, so a secure erase is not useful for these Macs.  Apple's new APFS file system which is being previewed on Sierra includes the ability for each file encrypted with its own dynamically created encryption key, so that deleting that file will throw away that key so there is no way to get that data back.  No individual file secure erase needed.

  • by etresoft,

    etresoft etresoft Oct 6, 2016 8:23 PM in response to TaxiFish
    Level 7 (29,345 points)
    Mac OS X
    Oct 6, 2016 8:23 PM in response to TaxiFish

    Hello again TaxiFish,

    On your previous OS version, it was doing something. It was securely erasing maybe 95% of what you requested. But that isn't considered good enough.

  • by trevoz,

    trevoz trevoz Oct 6, 2016 9:26 PM in response to BobHarris
    Level 4 (1,409 points)
    Mac OS X
    Oct 6, 2016 9:26 PM in response to BobHarris

    > If you have a rotating hard disk, you can use a package manager, such as Home Brew, MacPorts, or Fink to install an

    > open source 'srm' package, or you can search for an App that claims to do secure erase.  But keep in mind it is a

    > waste of effort doing this on an SSD, and not 100% reliable on an rotating hard disk.

     

    Or you could just use Sierra's diskutil command line program which supports secureErase subject to the note on its man page that "This kind of secure erase is no longer considered safe because modern devices have wear-leveling, block-sparing, and possibly-persistent cache hardware. The modern solution for quickly and securely erasing your data is strong encryption, with which mere destruction of the key more or less instantly renders your data irretrievable in practical terms."

  • by TaxiFish,

    TaxiFish TaxiFish Oct 7, 2016 2:08 PM in response to etresoft
    Level 1 (8 points)
    Mac OS X
    Oct 7, 2016 2:08 PM in response to etresoft

    Thanks all...

     

    If I understand this correctly,  in concept:

     

    1.  the new APFS file system - when used in conjunction with an encrypted SSD via filevault - uses a random, dynamically created and of course, fiercely strong and unique encryption key for each file.  When said file is deleted it remains encrypted but its unique encryption key is eliminated so the file is unrecoverable.  'File' is then 'released' to free space and available for reuse?

     

    2. Previously the secure erase/secure empty trash function would overwrite files but was not entirely effective due to the inherent limitations of an overwrite strategy when using an SSD?

     

    Thus an SSD's free space encrypted and running Sierra is more secure (once trash is emptied) than the same encrypted system under 10.11 using secure empty trash/erase or other overwriting technique?  With the added advantage of being faster and easier on the SSD?

     

    Am assuming that the Sierra upgrade procedure processes all existing data to allow these capabilities for existing files?

     

    Interestingly I plugged in a thumb drive (SanDisk 128gb/ usb 3.0) i had created and encrypted using OS X containing back up files and was able to access secure erase.  Did this, which took over an hr, reformatting and re-encrypting.  The secure erase function was then no longer available.  Am assuming that the flash drive is now using APFS and has the same pretty good security characteristics as the SSD?

     

    BTW this stuff important to me as I travel with the Mac book (my only system) and want to avoid (as much as possible) any issues associated with theft/loss or some strange customs guy...

     

    Again thanks to all...

  • by etresoft,

    etresoft etresoft Oct 7, 2016 2:41 PM in response to TaxiFish
    Level 7 (29,345 points)
    Mac OS X
    Oct 7, 2016 2:41 PM in response to TaxiFish

    Hello again TaxiFish,

    APFS does not really exist yet. It is still experimental right now. I don't think it supports encryption at all. You would have to jump through a lot of hoops to create any kind of APFS disk right now.

     

    Otherwise:

    Previously the secure erase/secure empty trash function would overwrite files but was not entirely effective due to the inherent limitations of an overwrite strategy when using an SSD?

    Yes

    Thus an SSD's free space encrypted and running Sierra is more secure (once trash is emptied) than the same encrypted system under 10.11 using secure empty trash/erase or other overwriting technique?  With the added advantage of being faster and easier on the SSD?

    No. If your disk was encrypted under 10.11, then none of any of this would have made any difference. You would have to use an unencrypted SSD on 10.11 and secure erase a file. In that case, there would be a slight possibility that some of the original file would be left over somewhere.

  • by BobHarris,

    BobHarris BobHarris Oct 7, 2016 5:39 PM in response to TaxiFish
    Level 6 (19,633 points)
    Mac OS X
    Oct 7, 2016 5:39 PM in response to TaxiFish

    Am assuming that the Sierra upgrade procedure processes all existing data to allow these capabilities for existing files?

    APFS, while available to try in Sierra, really should not be used for anything except experiments to see what it is all about.  It is NOT used by default.

     

    Sierra uses your existing HFS+ file system, and you should continue to use your existing HFS+ file system, because a "New" file system is going to have all kinds of issues and problems with it (my day job is as a file system developer for Unix operating system (never for Apple), and I know very well how difficult it is to get everything working perfectly on the first release).

     

    This is the APFS encryption summary

    <https://developer.apple.com/library/content/documentation/FileManagement/Concept ual/APFS_Guide/Features/Features.html#//apple_ref/doc/uid/TP40016999-CH5-DontLin kElementID_7>

     

    Here are some additional links about APFS

    <https://www.backblaze.com/blog/apfs-apple-file-system/>

    <https://en.wikipedia.org/wiki/Apple_File_System>

    <http://www.cultofmac.com/435718/apfs-new-apple-file-system/>

     

    Google can find you more by search for APFS

     

    BTW this stuff important to me as I travel with the Mac book (my only system) and want to avoid (as much as possible) any issues associated with theft/loss or some strange customs guy...

    They if you do not have FileVault enabled, you should consider doing that "Real Soon Now"

  • by TaxiFish,

    TaxiFish TaxiFish Oct 10, 2016 7:31 PM in response to BobHarris
    Level 1 (8 points)
    Mac OS X
    Oct 10, 2016 7:31 PM in response to BobHarris

    Thanks again to all..and hope all had a good wk end....

     

    Acquired a brand spanking new macbook pro (MBP) in Nov. of 2014 and encrypted its SSD in Dec. of 2014. My first apple.

     

    The MBP replaced both my home based windows LAN and a windows laptop used for travel.  

     

    Data security is important.   I travel and now take the MBP.  This is analogous to taking my old LAN with me on the road. 

     

    So before leaving, i back up  what i consider to be sensitive files to an encrypted flash drive. 

     

    I then delete all those files  from the encrypted MBP using secure empty trash.

     

    So when i am sitting at an outdoor cafe with my MBP reviewing my upcoming agenda and someone runs by and snatches my encrypted but logged on MBP, I’m not too happy, but it is not a disaster. 

     

    All my self identified sensitive files are somewhat mangled by secure empty trash. I should have time to deal with things before anyone is able to breakthrough.

     

    Sierra apparently eliminates that particular approach.  Based on comments received  i thought this might all be due to a file system change occasioned by the upgrade to sierra and was replaced by a more secure approach.  This does not seem to be the case. 

  • by etresoft,

    etresoft etresoft Oct 10, 2016 7:44 PM in response to TaxiFish
    Level 7 (29,345 points)
    Mac OS X
    Oct 10, 2016 7:44 PM in response to TaxiFish

    Hello again TaxiFish,

    Sierra only eliminates the secure erase. That was meaningless to begin with since this hypothetical machine was already encrypted.

     

    But if your hypothetical thieves were really that fast, even secure erase wouldn't help you. If you are logged on, then they would be able to copy all of your files. Since this is a MacBook Pro, it likely has Time Machine local snapshots enabled. If I assume these thieves are as clever as they are fast, they will make sure to recover any recently deleted files from your snapshots.

     

    I'm not sure what you are getting at. I think we've been through this several times by now. Due to the nature of an SSD, secure erase is simply not possible. FileVault is better and has always been better. The idea of thieves snatching your MacBook Pro and running down the street with it, careful moving the mouse pointer every 45 seconds to ensure it doesn't go to sleep or lock the screen, and then raiding your carelessly deleted files, is just silly. A MacBook Pro is not a device the CIA issues to secret agents. People use it to watch movies, do term papers, and post on Facebook. It has really good security - far, far better than you will ever need. Just don't worry about it.

  • by TaxiFish,

    TaxiFish TaxiFish Oct 10, 2016 9:06 PM in response to etresoft
    Level 1 (8 points)
    Mac OS X
    Oct 10, 2016 9:06 PM in response to etresoft

    thanks

     

    As i thought i made pretty clear i have been using file vault since i acquired the MBP.  One hopes that alone will handle every situation. I don't use time machine.  I appreciate and take your point, but the MBP is primarily used for business and financial purposes and security is paramount. 

     

    This was probably not the place or forum to open up these issues but i certainly learned that my 'duct tape' approach is  not sufficient. 

     

    btw..The reason i use this example is that I saw it happen. No one ran down the street.  He got into the back of a waiting car and was gone.

     

    Thanks again

  • by BobHarris,

    BobHarris BobHarris Oct 11, 2016 5:48 AM in response to TaxiFish
    Level 6 (19,633 points)
    Mac OS X
    Oct 11, 2016 5:48 AM in response to TaxiFish

    If your Macbook Pro has an SSD, then today FileVault with

    System Preferences -> Security -> General -> Require password after sleep or screen saver begins

    and a moderately short Screen Saver "Start after" interval (not too short, as it can make it difficult to get any work done), is the current Best Practice approach.

     

    If your Macbook Pro has a rotating hard disk, then go to the Applications -> App Store and search for "Secure Erase", and you will find several utilities that do the same LESS THAN 100% secure erase as you had before, but it might be good enough for what you want.  DO NOT use these on an SSD, as it does nothing except shorten the life of the SSD.

     

    Again for a rotating hard disk, you could get the open source 'srm' command line utility via something like <http://brew.sh>, <http://macports.com>, <http://finkproject.org>, then create an Automator drag and drop app that will use the 'srm' command via "run shell script" to use the same LESS THAN 100% secure erase.

     

    If you wish to experiment with APFS, then it is available on Sierra.  You could create a partition for APFS and keep those sensitive files on the experimental APFS partition.

     

    In a few years, when APFS has proven itself, then you can use it full time for everything.

     

    NOTE:  I think you have the right attitude towards data safety.  EtreSoft are I are just trying to educate you as to the realities of Secure Erase with today's industry standard storage systems (rotating and solid state disks).  And know that Apple is working on improving your security with every release, including removing utilities and features that give a false sense of security, or worse shorten the life of your storage.