Personal computing discussed

Moderators: morphine, Steel

 
Acidicheartburn
Gerbil First Class
Topic Author
Posts: 167
Joined: Thu Jan 01, 2015 4:12 pm

Secure erase an SSD without a manufacturer-provided program

Sat Nov 03, 2018 2:16 pm

I have a PNY CS2211 SSD that I'd like to secure erase, but PNY offers no utility for secure erasing the drive. I've tried using the clean command in diskpart, but I can't tell if that's doing the same thing. I filled the SSD up completely by accident and ever since then it's performance, even after removing 1/3 of the data stored on the drive, has been suffering.

There's a bunch of programs out there that claim to secure erase but they seem to either just want to write a wave of drive writes (like Boot and Nuke would) or require me to buy the program. Google searches for free software turn up a bunch of programs that used to be free for the secure erase function but now cost money. What can I use?
 
just brew it!
Gold subscriber
Administrator
Posts: 51941
Joined: Tue Aug 20, 2002 10:51 pm
Location: Somewhere, having a beer

Re: Secure erase an SSD without a manufacturer-provided program

Sat Nov 03, 2018 2:21 pm

If all you really care about is fixing the performance issues, just making sure TRIM is enabled and freeing up some space (in that order) would likely get you most of the way there.

If the drive supports "ATA Secure Erase" (AFAIK all modern SATA SSDs do), and you're willing to boot a Linux live image, there's a way to do it from the command line: https://ata.wiki.kernel.org/index.php/ATA_Secure_Erase
Nostalgia isn't what it used to be.
 
Acidicheartburn
Gerbil First Class
Topic Author
Posts: 167
Joined: Thu Jan 01, 2015 4:12 pm

Re: Secure erase an SSD without a manufacturer-provided program

Sat Nov 03, 2018 2:32 pm

just brew it! wrote:
If all you really care about is fixing the performance issues, just making sure TRIM is enabled and freeing up some space (in that order) would likely get you most of the way there.

If the drive supports "ATA Secure Erase" (AFAIK all modern SATA SSDs do), and you're willing to boot a Linux live image, there's a way to do it from the command line: https://ata.wiki.kernel.org/index.php/ATA_Secure_Erase

The drive is currently 179GB free of 222 GB after a fresh install of Windows 10 and nothing else. I did the fresh install of Windows after removing the drive, putting it in another computer, and using the diskpart clean command. I'm not sure why TRIM wouldn't be enabled as I was previously running the drive on Win 7 and now 10.

I have an old OCZ Vertex 4 that became slow after a few years of too much stored on it from time to time and used the OCZ Toolbox program to secure erase it which brought it's performance back completely, so a secure erase is something I want to do on this PNY. I'll look into the ATA Secure Erase thing. I hate messing with Linux though because I find it frustrating and confusing, but I think I can manage. I don't understand why it's so difficult to find an easy way to secure erase an SSD without using a program provided by a manufacturer. Thanks, PNY, for not offering one btw. :x
 
just brew it!
Gold subscriber
Administrator
Posts: 51941
Joined: Tue Aug 20, 2002 10:51 pm
Location: Somewhere, having a beer

Re: Secure erase an SSD without a manufacturer-provided program

Sat Nov 03, 2018 2:36 pm

My memory's a little fuzzy, but I don't think Windows 7 enabled TRIM by default (IIRC didn't even support it initially). TRIM needs to be enabled before you do the deletes; enabling it after the fact wont't help unless you fill the drive up and delete again.

So yeah, a secure erase is probably your best bet at this point.
Nostalgia isn't what it used to be.
 
Acidicheartburn
Gerbil First Class
Topic Author
Posts: 167
Joined: Thu Jan 01, 2015 4:12 pm

Re: Secure erase an SSD without a manufacturer-provided program

Sat Nov 03, 2018 2:42 pm

just brew it! wrote:
My memory's a little fuzzy, but I don't think Windows 7 enabled TRIM by default (IIRC didn't even support it initially). TRIM needs to be enabled before you do the deletes; enabling it after the fact wont't help unless you fill the drive up and delete again.

So yeah, a secure erase is probably your best bet at this point.

From what I've read, Win 7 enables TRIM by default.
 
just brew it!
Gold subscriber
Administrator
Posts: 51941
Joined: Tue Aug 20, 2002 10:51 pm
Location: Somewhere, having a beer

Re: Secure erase an SSD without a manufacturer-provided program

Sat Nov 03, 2018 2:45 pm

That may be, but even if true it could only do so if the disk was running in AHCI mode. If it was running in legacy ATA compatibility mode then definitely no.
Nostalgia isn't what it used to be.
 
Captain Ned
Gold subscriber
Global Moderator
Posts: 27408
Joined: Wed Jan 16, 2002 7:00 pm
Location: Vermont, USA

Re: Secure erase an SSD without a manufacturer-provided program

Sat Nov 03, 2018 2:53 pm

Secure erase?

I'd suggest a .270 Winchester with a 130-grain bullet at 3,000 FPS. Lather, rinse, and repeat.

[/sarc]
Humans sleep soundly in their beds because rough cats stand ready in the night to visit violence on those who would do us harm.
 
Acidicheartburn
Gerbil First Class
Topic Author
Posts: 167
Joined: Thu Jan 01, 2015 4:12 pm

Re: Secure erase an SSD without a manufacturer-provided program

Sat Nov 03, 2018 2:57 pm

just brew it! wrote:
That may be, but even if true it could only do so if the disk was running in AHCI mode. If it was running in legacy ATA compatibility mode then definitely no.

It's definitely been running in AHCI mode. My system is running from a Gigabyte GA-Z87X-UD4H and 4770k. AHCI is the default mode for SATA on this motherboard and I've always made sure it stays that way. There's no way this SSD should have ever run without TRIM unless something stopped working properly on it's own within Windows.

I accidentally filled the drive up completely from a very large game downloading to a drive it shouldn't have, and since then the SSD became slow even after freeing up a lot of space. The SSD does seem to be performing better since I ran the clean command in diskpart but I still would prefer it having had a Secure Erase instead, especially because I'm still having an issue with it which I've posted about in the Software section of the forum.
 
Acidicheartburn
Gerbil First Class
Topic Author
Posts: 167
Joined: Thu Jan 01, 2015 4:12 pm

Re: Secure erase an SSD without a manufacturer-provided program

Sat Nov 03, 2018 2:58 pm

Captain Ned wrote:
Secure erase?

I'd suggest a .270 Winchester with a 130-grain bullet at 3,000 FPS. Lather, rinse, and repeat.

[/sarc]

Funny enough, lots of articles from google searches about secure erasing drives talk about physically destroying drives for end-of-service disposal.
 
Captain Ned
Gold subscriber
Global Moderator
Posts: 27408
Joined: Wed Jan 16, 2002 7:00 pm
Location: Vermont, USA

Re: Secure erase an SSD without a manufacturer-provided program

Sat Nov 03, 2018 3:02 pm

Acidicheartburn wrote:
Funny enough, lots of articles from google searches about secure erasing drives talk about physically destroying drives for end-of-service disposal.

In the day job (state-level financial regulator) the recommended default decom action is to shred any and all storage media. I just like the target practice.
Humans sleep soundly in their beds because rough cats stand ready in the night to visit violence on those who would do us harm.
 
just brew it!
Gold subscriber
Administrator
Posts: 51941
Joined: Tue Aug 20, 2002 10:51 pm
Location: Somewhere, having a beer

Re: Secure erase an SSD without a manufacturer-provided program

Sat Nov 03, 2018 4:16 pm

Acidicheartburn wrote:
Funny enough, lots of articles from google searches about secure erasing drives talk about physically destroying drives for end-of-service disposal.

It's the "nuke from orbit, it's the only way to be sure" school of thought. If you deal with sensitive (as in classified) data at all, this is indeed how storage media is ultimately disposed of. Classified facilities are also the "roach motel" of removable media -- you can take it in, but you can't take it out. Once inside, your thumbdrive stays there until physically destroyed.
Nostalgia isn't what it used to be.
 
Acidicheartburn
Gerbil First Class
Topic Author
Posts: 167
Joined: Thu Jan 01, 2015 4:12 pm

Re: Secure erase an SSD without a manufacturer-provided program

Sat Nov 03, 2018 4:37 pm

I'm aware of the concept of physically destroying your storage media to prevent data theft or recovery by advanced methods. I just found it funny/annoying to get a bunch of articles on securely destroying solid states when searching for a Secure Erase method. One article even discussed how it's necessary to open up a solid state before you take a hammer to it to really really make sure you smash all those pesky NAND chips.
 
just brew it!
Gold subscriber
Administrator
Posts: 51941
Joined: Tue Aug 20, 2002 10:51 pm
Location: Somewhere, having a beer

Re: Secure erase an SSD without a manufacturer-provided program

Sat Nov 03, 2018 4:42 pm

Acidicheartburn wrote:
I'm aware of the concept of physically destroying your storage media to prevent data theft or recovery by advanced methods. I just found it funny/annoying to get a bunch of articles on securely destroying solid states when searching for a Secure Erase method. One article even discussed how it's necessary to open up a solid state before you take a hammer to it to really really make sure you smash all those pesky NAND chips.

Well... the drive is effectively erased... securely. Oh, you actually wanted to be able to use the drive again afterwards? :lol:
Nostalgia isn't what it used to be.
 
DPete27
Silver subscriber
Grand Gerbil Poohbah
Posts: 3630
Joined: Wed Jan 26, 2011 12:50 pm
Location: Wisconsin, USA

Re: Secure erase an SSD without a manufacturer-provided program

Sat Nov 03, 2018 5:14 pm

I use Diskpart to secure erase. "clean" just deletes the partition, but "clean all" overwrites the drive with 0s.

OTOH, you could try:
First type "Cleanup" into the search bar at the bottom left corner and select "Disk Cleanup". Then select the SSD, then select "Clean Up System Files" on the bottom left corner of that window. And select all the things you'd like to clean off the drive (this isn't a secure erase).

Next, type "Optimize" into the search bar at the bottom left corner and select "Defragment and Optimize Drives". Then select the SSD and click "Optimize". That will TRIM the drive manually.
Main: i5-3570K, ASRock Z77 Pro4-M, MSI RX480 8G, 500GB Crucial BX100, 2 TB Samsung EcoGreen F4, 16GB 1600MHz G.Skill @1.25V, EVGA 550-G2, Silverstone PS07B
HTPC: A8-5600K, MSI FM2-A75IA-E53, 4TB Seagate SSHD, 8GB 1866MHz G.Skill, Crosley D-25 Case Mod
 
just brew it!
Gold subscriber
Administrator
Posts: 51941
Joined: Tue Aug 20, 2002 10:51 pm
Location: Somewhere, having a beer

Re: Secure erase an SSD without a manufacturer-provided program

Sat Nov 03, 2018 5:44 pm

DPete27 wrote:
I use Diskpart to secure erase. "clean" just deletes the partition, but "clean all" overwrites the drive with 0s.

Not really relevant to this thread, but overwriting with 0s is less secure on SSDs because of over-provisioning and wear leveling. There may still be unerased flash blocks in the drive that contain user data. These aren't normally visible to the user, but someone with the ability to flash custom firmware to the drive could theoretically recover the contents of these blocks.
Nostalgia isn't what it used to be.
 
Acidicheartburn
Gerbil First Class
Topic Author
Posts: 167
Joined: Thu Jan 01, 2015 4:12 pm

Re: Secure erase an SSD without a manufacturer-provided program

Sun Nov 04, 2018 2:25 am

Well, I tried the ATA Secure erase and it didn't work out. Found a bootable linux ISO that already had hdpart installed on it. I could get it to run, then I had problems with my SSD's being frozen. Found a workaround but then I couldn't get the commands found on part 2a in post #2 from jbi to work. I tried a few other free options and after hours of nothing really working I ended up caving and bought Parted Magic for 11 bucks. I'm really pissed it came to me buying software that used to be free to fix a problem that should have been solvable from the manufacturer, but the program worked without issue. Now to see if this fixes my problems.
 
Klyith
Minister of Gerbil Affairs
Posts: 2392
Joined: Sat Sep 04, 2004 11:27 pm
Location: Albany NY

Re: Secure erase an SSD without a manufacturer-provided program

Sun Nov 04, 2018 4:37 am

Acidicheartburn wrote:
Well, I tried the ATA Secure erase and it didn't work out. Found a bootable linux ISO that already had hdpart installed on it. I could get it to run, then I had problems with my SSD's being frozen. Found a workaround but then I couldn't get the commands found on part 2a in post #2 from jbi to work. I tried a few other free options and after hours of nothing really working I ended up caving and bought Parted Magic for 11 bucks. I'm really pissed it came to me buying software that used to be free to fix a problem that should have been solvable from the manufacturer, but the program worked without issue. Now to see if this fixes my problems.


Probably what happened: modern BIOS/UEFI puts drives into a "security frozen" state during boot, which locks out ATA security features (including erase and drive encryption). They do that to prevent malware from setting your drive to password encrypted and ransoming the key for bitcoins. You have to jump through hoops to get around it, either using a USB enclosure or setting sata to hotswap and not plugging in the drive until after boot. Even the manufacturer supplied drive utilities often have problems with this.

So some of what you paid parted magic for is whatever special sauce they use to unlock the drive and do everything for you.


FYI to anyone else looking for ATA Secure Erase, there's also a DOS tool called HDDErase that can do it. I think you'd still need to make a bootable DOS CD or USB stick, but maybe it would work from an elevated prompt on a non-OS disk. I don't have a scratch SSD around to test that out at the moment. But for anyone that wants a free option and is more comfortable with DOS than linux, it's there.
 
Wirko
Gerbil First Class
Posts: 154
Joined: Fri Jun 15, 2007 4:38 am
Location: Central Europe

Re: Secure erase an SSD without a manufacturer-provided program

Sun Nov 04, 2018 7:38 am

Do what TR did. I'm pretty sure no one would be able to recover initial data from these SSDs.

https://techreport.com/review/27909/the-ssd-endurance-experiment-theyre-all-dead
 
LocalCitizen
Gold subscriber
Gerbil
Posts: 46
Joined: Mon Oct 24, 2011 4:07 pm

Re: Secure erase an SSD without a manufacturer-provided program

Sun Nov 04, 2018 12:15 pm

have you tried ForceTrim ? it creates a few large file entries on the disk to cover most of the free space, then deletes them. it depends on the TRIM feature of the OS to clean up. it seems to work for me, on SSD and flash drives.

449kb file ForceTrim.exe
224kb zipped

it does not fill the data pages. i don't know how much it writes, but don't depend on it for secure erase.
 
Usacomp2k3
Gerbil God
Posts: 22387
Joined: Thu Apr 01, 2004 4:53 pm
Location: Orlando, FL
Contact:

Re: Secure erase an SSD without a manufacturer-provided program

Sun Nov 04, 2018 1:31 pm

Did you try using the OCZ utility?
 
Acidicheartburn
Gerbil First Class
Topic Author
Posts: 167
Joined: Thu Jan 01, 2015 4:12 pm

Re: Secure erase an SSD without a manufacturer-provided program

Sun Nov 04, 2018 2:56 pm

Seems that the secure erase I performed using Parted Magic worked and my PNY SSD is running like normal again. I was able to use the Crucial provided software to secure erase my BX100 and that fixed the performance on that one as well.

In response to Klyith, I'm aware of the reasoning behind the drive freezing. I did manage to unfreeze the drives using the hotplug thing you mentioned when I attempted to use hdparm program in the linux bootable I downloaded. However, when I attempted step 2a from this tutorial page linked by jbi https://ata.wiki.kernel.org/index.php/ATA_Secure_Erase I simply couldn't get the command to be recognized. It gave me two errors: "invalid number 'ser-master'" and "invalid option -- -". I simply couldn't find a workaround for this (I have a feeling the linux bootable I was using - http://www.giannone.ch/rescue/current/ - was the issue) so I gave up. I could have tried another linux distro but that would have involved me learning from scratch how to install hdparm to it and making it a bootable image so I could run it from a USB drive. I then tried HDDErase but that program is quite old and I couldn't find a way to write it to a USB drive and have it work. I tried a number of programs to make it a bootable USB and they all failed to provide me with a working bootable USB. Some couldn't recognize the image file, others would try and fail. I got one to "succeed" but it simply wouldn't boot when I tried it, even though I set my BIOS into legacy/compatability mode for IDE. I probably could have gotten it to work if I wanted to spend another 2 hours screwing around with it but at this point I had already sunk at least 5 hours into this horrible adventure.

I went down an absolute rabbit hole of programs and everything either didn't work or was a paid product. It was an extremely frustrating nightmare, especially in hindsight because I know now that the secure erase was indeed the fix I needed yet it was so hard to achieve. In the end I gave up and purchased Parted Magic which really pissed me off because the program (which is actually a linux-based bootable OS) used to be free just a few years ago. I just don't understand why it's so difficult to initiate a secure erase on a drive without jumping through a ton of hoops or spending money.

If anyone wants to know more about the specific issues I was having that are finally fixed, I have another thread here: https://techreport.com/forums/viewtopic.php?f=30&t=121477
 
just brew it!
Gold subscriber
Administrator
Posts: 51941
Joined: Tue Aug 20, 2002 10:51 pm
Location: Somewhere, having a beer

Re: Secure erase an SSD without a manufacturer-provided program

Sun Nov 04, 2018 3:02 pm

There are several people here who are familiar with Linux. Next time you get stuck trying to do something like that, just post a question.

For example... if a Debian (or any of its derivatives like Ubuntu, Mint, etc.) system is missing the hdparm command, installing it is just a matter of opening a shell prompt, elevating to root, and typing "apt-get install hdparm" (assuming the system has an internet connection). If you're running from a live image, packages automatically install to a RAM disk (eliminating the need to write to any of your drives).
Nostalgia isn't what it used to be.
 
Acidicheartburn
Gerbil First Class
Topic Author
Posts: 167
Joined: Thu Jan 01, 2015 4:12 pm

Re: Secure erase an SSD without a manufacturer-provided program

Sun Nov 04, 2018 3:10 pm

just brew it! wrote:
There are several people here who are familiar with Linux. Next time you get stuck trying to do something like that, just post a question.

For example... if a Debian (or any of its derivatives like Ubuntu, Mint, etc.) system is missing the hdparm command, installing it is just a matter of opening a shell prompt, elevating to root, and typing "apt-get install hdparm" (assuming the system has an internet connection). If you're running from a live image, packages automatically install to a RAM disk (eliminating the need to write to any of your drives).

I knew I could have asked here but I really didn't want to wait potentially hours for a solution. It was already midnight and at that point I had been working on this for over 5 hours and was extremely frustrated; I just wanted it to be done. Frankly, the less I have to mess with Linux the better. My experience using a Linux program last night fell right in line with every other time I've had to use Linux. Nothing works straightforward and I always have to jump through hoops.
 
just brew it!
Gold subscriber
Administrator
Posts: 51941
Joined: Tue Aug 20, 2002 10:51 pm
Location: Somewhere, having a beer

Re: Secure erase an SSD without a manufacturer-provided program

Sun Nov 04, 2018 3:15 pm

Acidicheartburn wrote:
I knew I could have asked here but I really didn't want to wait potentially hours for a solution. It was already midnight and at that point I had been working on this for over 5 hours and was extremely frustrated.

Heh... yeah, I can relate. "Enough f**king around, pull out the elephant gun!"

FWIW I'm sometimes online really late (past midnight) or early (~4:00 AM), US Central time. Yeah, my sleep schedule is kind of goofy.
Nostalgia isn't what it used to be.
 
Acidicheartburn
Gerbil First Class
Topic Author
Posts: 167
Joined: Thu Jan 01, 2015 4:12 pm

Re: Secure erase an SSD without a manufacturer-provided program

Sun Nov 04, 2018 3:23 pm

just brew it! wrote:
Acidicheartburn wrote:
I knew I could have asked here but I really didn't want to wait potentially hours for a solution. It was already midnight and at that point I had been working on this for over 5 hours and was extremely frustrated.

Heh... yeah, I can relate. "Enough f**king around, pull out the elephant gun!"

FWIW I'm sometimes online really late (past midnight) or early (~4:00 AM), US Central time. Yeah, my sleep schedule is kind of goofy.

For what it's worth, I appreciate all the quick responses and support. The ATA Secure erase link you first posted was the closest thing to a working solution that anyone has posted and I'm sure if I REALLY wanted to stick it out that I could have gotten it to work.
 
just brew it!
Gold subscriber
Administrator
Posts: 51941
Joined: Tue Aug 20, 2002 10:51 pm
Location: Somewhere, having a beer

Re: Secure erase an SSD without a manufacturer-provided program

Sun Nov 04, 2018 4:10 pm

Acidicheartburn wrote:
For what it's worth, I appreciate all the quick responses and support. The ATA Secure erase link you first posted was the closest thing to a working solution that anyone has posted and I'm sure if I REALLY wanted to stick it out that I could have gotten it to work.

It's from the Linux kernel developer site, so they generally have a clue... my guess is that you got tripped up by the "security freeze" crap mentioned up-thread.
Nostalgia isn't what it used to be.
 
Acidicheartburn
Gerbil First Class
Topic Author
Posts: 167
Joined: Thu Jan 01, 2015 4:12 pm

Re: Secure erase an SSD without a manufacturer-provided program

Sun Nov 04, 2018 4:20 pm

just brew it! wrote:
Acidicheartburn wrote:
For what it's worth, I appreciate all the quick responses and support. The ATA Secure erase link you first posted was the closest thing to a working solution that anyone has posted and I'm sure if I REALLY wanted to stick it out that I could have gotten it to work.

It's from the Linux kernel developer site, so they generally have a clue... my guess is that you got tripped up by the "security freeze" crap mentioned up-thread.

Nope, I followed the in instructions letter for letter. My drives were frozen but I was able to unfreeze them by hotplugging them in after I booted Linux. My issue came afterwards where it couldn't recognize the set password command in step 2a.
 
MOSFET
Gold subscriber
Gerbil Team Leader
Posts: 298
Joined: Fri Aug 08, 2014 12:42 am

Re: Secure erase an SSD without a manufacturer-provided program

Fri Nov 16, 2018 8:26 pm

FWIW (while we're on that one) the security freeze can usually be unlocked by sleeping the system, and letting it wake up 5 seconds later. PartedMagic makes it super simple. If you've disabled a bunch of power management in the UEFI, this may not work, but it's BY FAR the easiest way to secure erase SSDs for me. Not every SSD understands Secure Erase, IMO.

Glad you got it sorted.
Be careful on inserting this (or any G34 chip) into the socket. Once you pull that restraining lever, it is either a good install or a piece of silicon jewelry.

Who is online

Users browsing this forum: No registered users and 14 guests