How do I completely and securely wipe a FileVault (SSD) drive?

When I follow Apple's instructions for preforming a complete erase and reinstall on a FileVault 2 encrypted SSD machine, and choose a high level of security for the erase, I get an error, and the process (apparently) completes instantly.

Did this securely erase my FileVault machine? If not, what should I have done; and what (if anything) can I do now (that I've "erased" my machine)?


The scenario: I wanted to securely erase a FV-encrypted SSD (to hand of the machine to another user; I will be using the same FV password on a new machine, I have no recovery key), but my attempt seemed to have failed quickly with an error (though the option for secure erase was enabled). Even so, the drive seemed to have been "erased" in some form anyway (there was no OS to boot into; though wifi was still working after the "erasure", so something was left) and I proceeded to reinstall OSX.

I don't know where I am now though. Is this the correct procedure? Have I performed the "official" (secure-as-it-gets) erase procedure for a FV-encrypted SSD after all (error message and nearly instant completion notwithstanding)?


Solution 1:

No - nothing really happened when you asked for the erase and yes - you are basically done when you delete a partition instead of decrypting all of the contents. Even if you used a third-party tool instead of the supplied disk utility to securely overwrite an SSD, it doesn't cover 100 % of the storage space due to how flash memory is over provisioned and the drive controller actually intercepts the read/write commands and decides how to store data amongst the normal and space memory addresses that make up the "drive".


Apple documents the hasty refusal of Disk Utility to actually perform secure wipes of SSD - this is the designed behavior of the tool:

  • http://support.apple.com/kb/HT3680 - OS X: About Disk Utility's erase free space feature

Note: With an SSD drive, Secure Erase and Erasing Free Space are not available in Disk Utility. These options are not needed for an SSD drive because a standard erase makes it difficult to recover data from an SSD. For more security, consider turning on FileVault encryption when you start using your SSD drive.


If you didn't turn on FileVault before introducing sensitive information to the SSD, it's possible that the controller could have marked some of that data as offline / damaged and it theoretically could be recovered - although highly costly and perhaps requiring someone to modify the drive itself / change the firmware to get it to dump all the data and not the data that is making up the "drive" currently.

In reality, writing new data will gradually / eventually over-write any old data. I would either just destroy the FileVault key securely or set up a new FileVault encryption on the drive and never write down / record the passphrase and then repartition the drive. From your words, you might not even need to do anything if the previous FileVault encryption was secure in terms of passphrase and no copies of the recovery key being obtainable.

That encryption is much stronger than most people care to or could decrypt - so once the new encryption pass is complete - you can be quite confident that absent the passcode/recovery key - no one will discover what was on the drive.