Skip to main content

Securely wiping a hard disk in Linux

We're getting ready for some changes at home, and I thought I'd go through the old hard disk drives I have laying around. Once I'd managed to get them all together there are a staggering 25 to be wiped :(

Usually I use the excellent Darik's Boot and Nuke (DBAN) which is awesome and very simple to use. In this instance, however, I'm also doing a fairly large data sort, archive etc and I need to have a functional machine to browse the disks prior to their destruction and reissue. Given my well know love for Linux Mint I executed an extensive (20 second) search of Google and came up with the following interesting information:-

ATA, SATA and SSD's now have an internal way of securely wiping themselves! From a command prompt (elevate it to root for ease of use and make a note of your disk drives - if you wipe your system disk or data disk then it's game over! Maybe use a LiveCD?)

Go and check out https://ata.wiki.kernel.org/index.php/ATA_Secure_Erase

The quick version is:

# hdparm -I /dev/sdx (where sdx is your disk) and check that "not frozen" is there. If that's OK proceed:

Set a password on the disk (otherwise the secure wipe won't work):

# hdparm --user-master u --security-set-pass ryv1 /dev/sdx (where ryv1 is the password, and the username is u)

Check it worked:

# hdparm -I /dev/sdx
Security:
       Master password revision code = 65534
               supported
               enabled
       not     locked
       not     frozen
       not     expired: security count
               supported: enhanced erase
       Security level high
       440min for SECURITY ERASE UNIT. 440min for ENHANCED SECURITY ERASE UNIT.


Note the 440min is for a 2TB Western Digital Green drive. 440min is over 6 hours!

Now it's time to unleash the full power of this fully operational command!

# time hdparm --user-master u --security-erase ryv1 /dev/sdg security_password="ryv1"
/dev/sdg:
 Issuing SECURITY_ERASE command, password="ryv1", user=user

It's potentially valuable to note that when I ran the command above on my Linux box I stupidly pressed CTRL-C to copy the above text - which is also the command for cancelling a running program. NOTHING HAPPENED! It's a runaway freight train so be *very* careful to select the right disk or it could be a sad day for you.

The good thing about this command though, the load on your computer is negligible - the disk itself is doing all the work. I can see it's I/O is through the roof, but otherwise normal system actions are not compromised.

The upshot of all of this is as follows - although it's a cool way to do it, I'm going to simply find the data I need off all these disks, then take them and hook them up to another machine with multiple SATA ports and DBAN the lot - much faster in the long run!

Comments

Popular posts from this blog

Windows 10 Enterprise Eval - gotchas

After an annoying turn of events where my Windows 10 Enterprise USB drive failed, attempts to install Win10 onto a computer failed miserably. I turned to the net and managed to get my hands on Microsoft's Windows 10 Enterprise Evaluation. I have an enterprise key so I thought - cool! Here's the opportunity to get it going and to then upgrade the license later. Full install, patched etc and all is swell. Except when I try to upgrade. I straight up tried changing the licence key only to get a variety of errors, most of which are pertaining to the activation system being unavailable. The I try this: https://winaero.com/blog/upgrade-windows-10-evaluation-to-full-version-easily/ but it doesn't work either. Next I'll try this: h ttp://www.edugeek.net/forums/windows-10/174594-upgrading-windows-10-enterprise-90-evaluation-full.html And if all else fails, in goes the bootable USB I've now created. If only I'd had this in the first instance I would not be writing t

Fixing a black screen after doing a Kali Linux update

Kali Linux is a rolling Linux distribution designed for security and penetration work. You can find details on it here: www.kali.org . We run this excellent product for a range of different security work and it's been great. I built the image in VMplayer, then shared it to the team and we've all been at it since. A recent update broke it though - black screen, no network and completely unresponsive. There are lots of posts about similar things - mostly to do with graphics adaptors, however, we found that executing the following at a root prompt fixed it. But how to get to the root prompt from a blank screen? Linux has a number of terminals available to the user - most of us use the graphical one to do our day to day, but you can access a command line prompt without much trouble. Simply hold CTRL-ALT and then F2 or F3 down at the same time and it drops you to a command line login. BOOM. Time to fix it up. For me, and for the other fellas in the team, all it too was to

Plone - the open source Content Management System - a review

One of my clients, a non-profit, has a lot of files on it's clients. They need a way to digitally store these files, securely and with availability for certain people. They also need these files to expire and be deleted after a given length of time - usually about 7 years. These were the parameters I was given to search for a Document Management System (DMS) or more commonly a Content Management System (CMS). There are quite a lot of them, but most are designed for front facing information delivery - that is, to write something, put it up for review, have it reviewed and then published. We do not want this data published ever - and some CMS's make that a bit tricky to manage. So at the end of the day, I looked into several CMS systems that looked like they could be useful. The first one to be reviewed was OpenKM ( www.openkm.com ). It looked OK, was open source which is preferable and seemed to have solid security and publishing options. Backing up the database and upgradin