Even multi-pass overwrite of SSDs is not a sufficient purge, due to how
writing is distributed / optimized on SSDs. So dd / dc3dd is insufficient.
Only invoking the on-controller ATA Secure Erase / sanitize command (using
'camcontrol security -e' as Eugene said elsewhere in the thread) is the
validated[1] method:
camcontrol security -s anypass -e anypass -y ada[X]
This also happens to be much faster than an overwrite, because it's
implemented as "encrypt the entire medium with a random key, then discard
the key".
1.
https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-88r1.pdf,
p. 36, Table A-8
--
Royce
On Mon, Mar 21, 2022 at 7:19 AM Sam Ricchio <sam.ricc...@gmail.com> wrote:
> On and SSD if you have erased everything ssd “garbage collection” should
> help you if the drive it powered on.
> But if you want to overwrite the drive
> A simple overwrite with a text pattern with dc3dd.
> dc3dd wipe=/dev/sdb tpat=nothingtoseehere
> However if you are still worried that some controller optimization is
> interfering
> with and actual memory location overwrite. Go old school with dd and write
> a file of random to the existing file system until it runs out of space.
> dd if=/dev/urandon of=garbagetxtfile.txt
>
>
>
>
> On Mar 21, 2022, at 7:14 AM, Damian Weber <dwe...@htwsaar.de> wrote:
>
>
> Hi all,
>
> I'd like to have an answer on a secure FreeBSD way to erase
> SSDs before giving these away to someone for reusing it.
>
> Is the following enough to protect confidential data
> previously stored there?
>
> 1) dd : overwriting with random bits (complete capacity)
> 2) gpart create
> 3) gpart add
> 4) newfs
>
> Details for an example with /dev/ada1 see below.
>
> Thanks a lot,
>
> Damian
>
>
> # fdisk ada1
> ******* Working on device /dev/ada1 *******
> parameters extracted from in-core disklabel are:
> cylinders=484521 heads=16 sectors/track=63 (1008 blks/cyl)
>
> Figures below won't work with BIOS for partitions not in cyl 1
> parameters to be used for BIOS calculations are:
> cylinders=484521 heads=16 sectors/track=63 (1008 blks/cyl)
>
> Media sector size is 512
> Warning: BIOS sector numbering starts with sector 1
> Information from DOS bootblock is:
> The data for partition 1 is:
> sysid 238 (0xee),(EFI GPT)
> start 1, size 488397167 (238475 Meg), flag 0
> beg: cyl 0/ head 0/ sector 2;
> end: cyl 1023/ head 255/ sector 63
> The data for partition 2 is:
> <UNUSED>
> The data for partition 3 is:
> <UNUSED>
> The data for partition 4 is:
> <UNUSED>
>
> # gpart show ada1
> => 40 488397088 ada1 GPT (233G)
> 40 1024 1 freebsd-boot (512K)
> 1064 480246784 2 freebsd-ufs [bootme] (229G)
> 480247848 8149280 3 freebsd-swap (3.9G)
>
> # dd if=/dev/random of=/dev/ada1 bs=512 count=488397088
>
> # gpart create -s gpt ada1
>
> # gpart add -t freebsd-ufs ada1
>
> # newfs -U /dev/ada1p1
>
>
>
>
