How to securely erase an NVMe SSD
It's generally accepted that SSDs cannot be securely wiped by writing patterns to the drive, due to features such as wear leveling and over-provisioning, and that the most secure way to wipe a modern SSD is using the ATA Secure Erase firmware commands.
However, from my understanding this doesn't seem to apply to NVMe drives because they're not ATA-based - instead, they connect to and run via the PCIe bus. Looking at the Parted Magic tool seems to confirm this, which has a secure erase option dedicated to NVMe drives:
This seems to confirm that NVMe drives have their own equivalent to the ATA Secure Erase command for SATA SSDs, but I haven't been able to find an NVMe equivalent for hdparm
.
How exactly can I securely erase an NVMe SSD? I'm running Windows, but also have access to a Unix-like environment using Cygwin.
Yes, it's true that hdparm
will not work for NVMe drives, because they don't use the traditional ATA interface protocol that SATA drives use to send low-level firmware commands to the drive.
Thankfully, there's an open-source tool that allows sending the equivalent commands to NMVe drives - nvme-cli
. The tool has already been made available as a package for many distributions, and can be compiled for many more.
Once you have the tool installed with something like:
apt-get install nvme-cli
You can then list all recognised NVMe devices with:
nvme list
To securely erase a listed NVMe SSD, run:
nvme format -s1 /dev/nvme0n1
...where /dev/nvme0n1
is the block name of the listed device.