2

I want to back up the contents of my Macbook before encrypting it, but after I'm done, I would like to sanitize the SSD that I have backed up my files to, since it will be unencrypted (no point encrypting your laptop if someone can just steal your backup drive and get your files from there). I think I read on Apple's website that OS X's diskutil secureerase command is not available for SSDs. Or was that just diskutil secureerase freespace that's not available for SSDs? I don't know. I can't seem to find the page. I don't see why secure erasure of an entire volume wouldn't be available for SSDs though. What are some good options that I can use? I don't feel any need to use Gutmann, since that's only necessary for HDDs. A one-pass random bit secure erase should be sufficient.

EDIT: I would delete all files on the SSD before doing the disk sanitation of course, so all blocks would be available for reprogramming.

Zen Hacker
  • 561
  • 1
  • 3
  • 11
  • There is already an answer to this at http://security.stackexchange.com/questions/37662/what-method-of-secure-erase-is-sufficient-for-macbook-pro-ssd-drives (which is itself a partial duplicate of http://security.stackexchange.com/questions/12503/can-wiped-ssd-data-be-recovered ) – Matthew Jan 13 '16 at 17:22
  • @Matthew: So, reading the answers to those questions, it appears the answer is that I shouldn't use an SSD to back up unencrypted files. Is that right? – Zen Hacker Jan 13 '16 at 17:36
  • Essentially, yes. You can't secure erase them without physical destruction, due to the nature of how they work internally. – Matthew Jan 13 '16 at 17:38
  • I will use flash drives then. They're still solid state, but they're easier to physically destroy. – Zen Hacker Jan 13 '16 at 17:47

1 Answers1

0

It's notoriously difficult to erase data from SSD drives, as explained here:

http://arstechnica.com/security/2011/03/ask-ars-how-can-i-safely-erase-the-data-from-my-ssd-drive/

The overwriting procedure that works so well for HDDs doesn't work as well for SSDs for a couple of reasons. One is that many SSDs have extra storage space that's not accessible by users. This is called over-provisioning, and some deletion tools won't give you access to this area (if you can go through the BIOS and uninstall your drive, you can get full access). While the research paper noted above that overwriting did obscure all of the data in some of the SSDs they tested, some still had old readable data on them after twenty overwrites. This can happen because of firmware bugs, and unless you're able to physically confirm that this procedure works on your SSD of choice, it's not reliable enough for a real secure erase.

Likewise, it is almost impossible to securely delete an individual file on an SSD, because the way that SSDs write and delete files is scattered, and a user has no control over what an SSD is doing where.

For this reason, it looks like Apple has disabled its secure erase support for SSD. This source has some more up-to-date information on securely erasing from SSDs:

http://www.zdnet.com/article/how-to-securely-erase-hard-drives-hdds-and-solid-state-drives-ssds/

That source will tell you how to use the manufacturer utilities to securely erase your SSD.

Buffalo5ix
  • 2,646
  • 13
  • 18