Question Is secure erasure necessary on SSDs?

digitalgriffin

Distinguished
Jan 29, 2008
878
172
19,190
15
I have a serious question:

"Is secure erasure necessary on SSDs?"

Once a trim completes, aren't all the unused blocks in garbage collection re-zeroed any way? And if the NAND block is damaged, then that data wouldn't be reliable any way because the write failed. That's how you know it's damaged.

It might be possible the file tree may contain references to said erased data. But the data file would be empty.

So what am I missing?
 
Reactions: TJ Hooker

Lutfij

Titan
Moderator
If you've got sensitive data that might be useful to individuals out there, then yes Secure Erase is a good thing to do before you part ways with the SSD. If you're the sole owner and user of the SSD until it's death, you're not needing to do anything other than format the SSD when you want to reinstall the OS.

Also, this might be worth a read.
 

USAFRet

Titan
Moderator
Mar 16, 2013
111,915
1,614
154,440
18,455
I have a serious question:

"Is secure erasure necessary on SSDs?"

Once a trim completes, aren't all the unused blocks in garbage collection re-zeroed any way? And if the NAND block is damaged, then that data wouldn't be reliable any way because the write failed. That's how you know it's damaged.

It might be possible the file tree may contain references to said erased data. But the data file would be empty.

So what am I missing?
Depends on your threat level and future use for the drive.

If keeping it for your use, no secure erase needed.
If selling it, I'd do the secure erase anyway.
If you're a target of the NSA...into the shredder it goes.


Secure Erase can also be used to maybe bring a troubled drive back to original performance.

From Kingston: https://www.kingston.com/us/community/articledetail?ArticleId=10
"When an ATA Secure Erase (SE) command is issued against a SSD's built-in controller That properly supports it, the SSD controller resets all its storage cells as empty (releasing stored electrons) - just THUS restoring the SSD to factory default settings and write performance. "
 

digitalgriffin

Distinguished
Jan 29, 2008
878
172
19,190
15
If you've got sensitive data that might be useful to individuals out there, then yes Secure Erase is a good thing to do before you part ways with the SSD. If you're the sole owner and user of the SSD until it's death, you're not needing to do anything other than format the SSD when you want to reinstall the OS.

Also, this might be worth a read.
His article does not contradict a thing I said. TRIM will zero level your blocks automatically. It just may take 30 or so minutes to execute. (Even if said blocks are in the reserve buffer)
 

popatim

Titan
Moderator
Trim only zero's empty blocks.
Secure Erase Zero's the whole drive, including the Fat tables and the internal fat translation tables (which tells the SSD controller where in the drive the data really is) !! When an SSD moves data around internally, it does not update the Fat; it only updates it's internal translation tables. So 'Secure Erase' pretty much does what it's name implies.
 

digitalgriffin

Distinguished
Jan 29, 2008
878
172
19,190
15
Trim only zero's empty blocks.
Secure Erase Zero's the whole drive, including the Fat tables and the internal fat translation tables (which tells the SSD controller where in the drive the data really is) !! When an SSD moves data around internally, it does not update the Fat; it only updates it's internal translation tables. So 'Secure Erase' pretty much does what it's name implies.
Once the data has been zero'd it doesn't matter if the file table points to a block that had a filename that says, "EvenPoliticalSatireIsNotAllowedOnTheseForums.zip" That said a simple random data write to the file in question will reset the FAT/NTFS table. Then do a file rename. Then TRIM.

{edited by Mod for Grapes violation. Sorry}
 
Last edited by a moderator:

popatim

Titan
Moderator
Ummm... If FAT says there is a file there then TRIM ain't gonna do squat to the blocks it thinks are being used... You actually need to delete the file for Trim to do anything about zero'ing those cells.

Just to be clear,
TRIM Zero's Cells that the OS & FAT says have been deleted and is OK to zero. Ie- blocked marked as empty in the FAT.
Secure Erase Zero's the whole drive, as long as it's not in use as the boot drive. Many Bios's include a Secure Erase feature these days.
 

ASK THE COMMUNITY

TRENDING THREADS