Securely Erasing an SSD with hdparm on Linux
The good thing about owning an SSD drive is the speed of IO. The bad thing about owning an SSD is that, due to wear leveling, a simple
dd if=/dev/urandom of=/dev/sdx won't actually wipe all of the data on the drive. Do this from a live USB image so you don't fuck it up.
The first step is to unfreeze the ssd. I don't know what this means but it won't let you nuke the drive.
$ sudo su # dnf install hdparm # hdparm -I /dev/sda | grep frozen frozen
Now, suspend and unsuspended the system. For some reason, this sets the frozen state to unfrozen.
# hdparm -I /dev/sda | grep frozen not frozen
Now, set the password. DO NOT REBOOT AFTER THIS STEP.
# hdparm --user-master u --security-set-pass pass /dev/sda security_password: "pass" /dev/sda: Issuing SECURITY_SET_PASS command, password="pass", user=user, mode=high
To check if the master password is actually set:
# hdparm -I /dev/sda [ lots of nonsense ] Security: Master password revision code = 65534 supported enabled [ more nonsense ]
To check which erase types are supported, do:
# hdparm -I /dev/sda | grep ERASE #
To actually erase the drive, run:
# hdparm --user-master u --security-erase-enhanced pass /dev/sda
To check if the drive was actually erased:
# hdparm -I /dev/sda [ lots of nonsense ] Security: Master password revision code = 65534 supported not enabled [ more nonsense ]
Now, reboot the system and pray. After a reboot, the drive should not contain any useful data.