[SOLVED] Should I limit my choice to ASUS Secure Erase List only?

Jan 14, 2020
61
4
45
3
I'm thinking of adding WD Black SN750 NVMe SSD to my ASUS Z270F motherboard but this SSD is not listed on ASUS Secure Erase List (Qualified Vendor List).

What does that list mean? Does it mean that for any other SSDs (which are not included in the list) I have to install the vendor's software to benefit from secure erase?
 
Most modern SSD are always encrypted. You may not be prompted for a boot password. But the data itself is encrypted. So, everything stored on the SSD from the first time it is used is encrypted.

WD provide two types of Secure Erase commands for SSD. Instant Secure Erase (ISE) which destroys the encryption key and creates a new one. Which effectively makes all data irretrievable, virtually instantly. The second is Secure Erase (SE) which rezeroes all NAND blocks by increasing voltage. Except for firmware copies, SMART data and retired NAND block mapping tables. Retired NAND cells may also not be effectively wiped by secure erase. But most are and any intelligible data retrieval is highly unlikely and requires specialized equipment.

Crypto Scramble is the preferred method as it is faster, doesn't add wear to the NAND. If one's concerned enough that someone may still be able to access the data. They could perform both commands. That way even with the few uneraseable retired cells and stray electrons left from the SE command. There is no remaining encryption key from the ISE command to retrieve said stray data.

Third party utilities. Including that by ASUS are supposed to be able to activate the secure erase commands of an SSD. Not all SSD manufacturers properly implement the standards. So, ASUS is only going to list those which it has tested.

I would note that many hard drives also support ISE. Which works like the ISE on an SSD. The encryption key is destroyed. The data remaining on the drive is considered secured because the key no longer exists. Which is much faster than a full disk wipe. Disk wipes on HDD take an impossibly long time on multi-TB HDD.
 
Reactions: mkaafy
Most modern SSD are always encrypted. You may not be prompted for a boot password. But the data itself is encrypted. So, everything stored on the SSD from the first time it is used is encrypted.

WD provide two types of Secure Erase commands for SSD. Instant Secure Erase (ISE) which destroys the encryption key and creates a new one. Which effectively makes all data irretrievable, virtually instantly. The second is Secure Erase (SE) which rezeroes all NAND blocks by increasing voltage. Except for firmware copies, SMART data and retired NAND block mapping tables. Retired NAND cells may also not be effectively wiped by secure erase. But most are and any intelligible data retrieval is highly unlikely and requires specialized equipment.

Crypto Scramble is the preferred method as it is faster, doesn't add wear to the NAND. If one's concerned enough that someone may still be able to access the data. They could perform both commands. That way even with the few uneraseable retired cells and stray electrons left from the SE command. There is no remaining encryption key from the ISE command to retrieve said stray data.

Third party utilities. Including that by ASUS are supposed to be able to activate the secure erase commands of an SSD. Not all SSD manufacturers properly implement the standards. So, ASUS is only going to list those which it has tested.

I would note that many hard drives also support ISE. Which works like the ISE on an SSD. The encryption key is destroyed. The data remaining on the drive is considered secured because the key no longer exists. Which is much faster than a full disk wipe. Disk wipes on HDD take an impossibly long time on multi-TB HDD.
 
Reactions: mkaafy

ASK THE COMMUNITY

TRENDING THREADS