SSD support / ATA secure erase

[kvlahromei]

Hi,

as more SSDs are integrated in modern PCs, it's also nessesary to wipe them for privacy. Unfortunately the flash logic makes it impossible to predict a full erase of all cells. Also you try to avoid unnessary write cycles to the chips itself.

This requires calling a special ATA command and unlocking the device, which tend to be an annoying manual task.... So it would be nice, if DBAN could detect SSDs and make use of the described procedure instead of wiping all blocks.

[biergaizi]

make use of the described procedure instead of wiping all blocks.

Don't rely solely "ATA Secure Erase". According to the paper by Michael Wei et al, some SSD implementations of "ATA Secure Erase" is buggy and cannot erase data properly, but if implemented properly, it is effective. Also, it showed normally overwriting the entire disk twice was sufficient to sanitize the disk.

I recommended a hybrid approach for SSD erasure: first it does a 3-pass overwrites to the SSD like any other HDDs, and issues the "ATA Secure Erase" instruction afterwards.

[0] Michael Wei; Laura M. Grupp; Frederick E. Spada; Steven Swanson (February 2011). "Reliably Erasing Data From Flash-Based Solid State Drives"

[Firminator]

nHellFire, PartedMagic creator Patrick Verner has created a GUI for ATA Secure Erase ( https://partedmagic.com/secure-erase ) and NVMe Secure Erase ( https://partedmagic.com/nvme-secure-erase ). I guess he might be able to help out how to implement this from a commandline/scripted perspective in DBAN.

Also regarding Data Sanitation you might want to consider contacting Gordon Hughes from the 'Center for Memory and Recording Research' @ University of California and get his input. He published http://cmrr.ucsd.edu/people/Hughes/documents/DataSanitizationTutorial.pdf

[Firminator]

https://ata.wiki.kernel.org/index.php/ATA_Secure_Erase Detailed instructions for SecureErase (linked from the Arch Wiki entry from OP)