Wednesday, February 6, 2019

Secure Erase and Mojave’s Disk Utility

Howard Oakley:

The snag is that Disk Utility won’t overwrite an SSD’s free space in the way that it does with hard disks. It pretends to offer the same three secure erase options, but in fact none of them does what the dialog says. Indeed, in Sierra they aren’t even available, which is perhaps a little more honest.

In Mojave, all three secure erase options offer is that the original APFS volume is completely deleted, with any Preboot and Recovery directories, and it is then added back as a new volume. This will destroy all APFS data about the original volume, but the file data for that volume will remain on the SSD. Although at present there appear to be no macOS utilities which can reconstruct such a removed volume, that situation will change in the future.

Howard Oakley:

To perform the secure erase which it describes, you have to use the diskutil command in Terminal instead, using a command of the form

diskutil secureErase freespace 2 /Volumes/volumeName

which is an even slower process.

Before using diskutil secureErase, you should read man diskutil, where Apple cautions:

This kind of secure erase is no longer considered safe. Modern devices have wear-leveling, block-sparing, and possibly-persistent cache hardware, which cannot be completely erased by these commands. The modern solution for quickly and securely erasing your data is encryption. Strongly-encrypted data can be instantly “erased” by destroying (or losing) the key (password), because this renders your data irretrievable in practical terms. Consider using APFS encryption (FileVault).


It isn’t possible to encrypt an existing APFS volume non-destructively using Disk Utility, and in some cases when attempting to erase and reformat a volume, Disk Utility returns “an internal state error” and fails to perform the operation.


5 Comments RSS · Twitter

The secure way to erase an SSD would be to pull the chips and stick ’em through a coffee grinder. (Caveat your coffee may taste like shit thereafter.) However, I assume the goal here is to destroy the data while maintaining hardware reusability.

Considering all the dedicated housekeeping capabilities (wear-balancing, TRIM, etc) that already go into SSDs as standard, I’m scratching my head why they don’t provide an ERASE feature too. If anything’d know how to securely erase* an SSD, surely it’s the SSD itself? Anyone, anyone? Bueller?


* Minding, of course, that the purpose of secure-erasing is *not* to “destroy data” (laughably oxymoronic), but merely to remove that data from a particular device (e.g. wiping your old iPhone to sell it on).

The Samsung SSD's I have in my Windows box support secure erase via the "ATA Secure Erase" command which purges the SSD's storage cells.

@csnazell: +1. Wonder what Apple’s excuse is for not already using/recognizing SSDs that support this? Too busy counting their cash today to care about tomorrow.

@has: given Apple's tendency to solder everything in nowadays, they're probably rolling their own SSDs and decided it'd be cheaper to cut corners on fully implementing the standards.

I always use this tool because it's simple and written in Java so can be used on my Linux and Mac machines as well as the Windows workstation at office.

Leave a Comment