Securely Erasing an SSD with hdparm on Linux

The good thing about owning an SSD drive is the speed of IO. The bad thing about owning an SSD is that, due to wear leveling, a simple dd if=/dev/urandom of=/dev/sdx won't actually wipe all of the data on the drive. Do this from a live USB image so you don't fuck it up.

The first step is to unfreeze the ssd. I don't know what this means but it won't let you nuke the drive.

$ sudo su
# dnf install hdparm
# hdparm -I /dev/sda | grep frozen
		frozen

Now, suspend and unsuspended the system. For some reason, this sets the frozen state to unfrozen.

# hdparm -I /dev/sda | grep frozen
		not	frozen

Now, set the password. DO NOT REBOOT AFTER THIS STEP.

# hdparm --user-master u --security-set-pass pass /dev/sda
security_password: "pass"

/dev/sda: 
 Issuing SECURITY_SET_PASS command, password="pass", user=user, mode=high

To check if the master password is actually set:

# hdparm -I /dev/sda 
[ lots of nonsense ] 
Security: 
	Master password revision code = 65534
		supported
		enabled
[ more nonsense ] 

To check which erase types are supported, do:

# hdparm -I /dev/sda | grep ERASE
# 

To actually erase the drive, run:

# hdparm --user-master u --security-erase-enhanced pass /dev/sda

To check if the drive was actually erased:

# hdparm -I /dev/sda 
[ lots of nonsense ] 
Security: 
	Master password revision code = 65534
		supported
	not	enabled
[ more nonsense ] 

Now, reboot the system and pray. After a reboot, the drive should not contain any useful data.