Zeroing SSD drives

hard-drive ssd

Assuming that what you are seeking to prevent is the next customer reading the disk to see the old customer's data, then writing all zeros would actually still work. Writing zeros to sector 'n' means that when sector 'n' is read, it will return all zeros. Now the fact is, the underlying actual data may still be on the flash chips, but since you can't do a normal read to get to it, it's not a problem for your situation.

It IS a problem if someone can physically get hold of the disk and take it apart (because then they could directly read the flash chips), but if the only access they have is the SATA bus, then a write of all zeros to the whole disk will do just fine.


Don't zero-fill an SSD, ever. As a minimum, this will wear out some of the SSD's write lifespan for little or no benefit. In an extreme worst-case scenario, you might put the SSD's controller into a (temporarily) reduced performance state.

From this source:

Repeatedly overwriting the entire disk with multiple repetitions can successfully destroy data, but because of the Firmware Translation Layer (FTL), this is considerably more complicated and time-consuming than on traditional hard disk drives. Based on their results, it is an unattractive option

Your best option, secure erase via full disk encryption:

A few modern SSD's can use full-disk encryption -- examples are Intel's new 320 drives and some Sandforce 2200-series drives. These drives can be securely erased in a simple and fast way, without any drive wear. The drive uses AES encryption for all data written, so a secure erase simply means deleting the old AES key, and replacing it with a new one. This effectively makes all the 'old' data on the drive unrecoverable.

However, Intel's secure erase isn't easy to automate. AFAIK it has to be done from Intel's Windows GUI app, it can only be run on an empty non-boot drive and so forth. See page 21 and onwards in Intels docs.

Your other option, ATA secure erase:

Another option is to issue an ATA Secure Erase command via fx HDPARM on Linux. This will be much easier to automate via scripting.

Provided that the drive implements ATA Secure Erase in a 'good' way, one should expect it to at least delete the "flash translation layer" (FTL). The FTL table holds the mapping between the logical sectors (which the operating system 'sees'), and the physical pages of NVRAM on the drive itself. With this mapping table destroyed it should be very hard -- but probably not impossible -- to recover data from the drive.

However, I'm not aware of any studies that have shown that ATA Secure Erase is consistently and well implemented on all manufacturer's drives, so I'm hesitant to say it will always work -- you should read the manufacturers technical documentation.

For a single partition:

As I read the comments to other answers, it seems OP only wants to securely erase single partitions. One good way to do that would be to only create encrypted volumes, f.x. using L.U.K.S or TrueCrypt. That way you can securely erase the volume by trowing away the encryption key, similar to what the on-drive full disk encryption scheme does.

Conclusion:

If you really, really want to know, then read the paper linked to from Sophos' blog, and read the drive manufacturers tech notes regarding secure erase. However, if you want 'good' secure erase, then an SSD with full disk encryption and a secure wiping & replacement of the encryption keys is probably your best choice. As an alternative, use operating system level encryption, and throw away the key when you want data securely erased.


Wear leveling has nothing whatsoever to do with zeroing out data.

You zero out data to stop other people/applications reading that data. SSDs 'wear-level' their data to ensure that they remain usable for longer due to the 'damage' that writing does to SSDs. Also disks usually do this when they're not busy, in server situations quiet times aren't always available so this work often doesn't get done.

Do you charge your customers for their IO operations? If not what's to stop them basically killing their part of an SSD in hours/days by just constantly writing all the time? SSDs are quite a bit easier to kill than most people would think, especially in write heavy environments.

Related

Reverse DNS in a CIDR world
How can I send visitors to the closest server using DNS?
Does fail2ban do Windows?
Physically Identify the failed hard drive
Amazon EC2 - No SSH After Reboot, Connection Refused
ZFS Data Loss Scenarios
Will disabling hyperthreading improve performance on our SQL Server install
Do I really need MS Active Directory? [closed]
Filesystem large number of files in a single directory
Why is it called DNS "Propagation"?
How do I configure Reverse Group Membership Maintenance on an openldap server? (memberOf)
What needs to be done after a Domain Controller crash?