2

I read that secure deleting a file on any kind of SSD was dangerous because it could hurt the reliability and longevity of the SSD. Therefore, if I removed files using the -P flag, would hurt my SSD because according to https://ss64.com/, the -P flag instructs the command to do the following:

-P Overwrite regular files before deleting them. Files are overwritten three times, first with the byte pattern 0xff, then 0x00, and then 0xff again, before they are deleted.

Therefore, is using this command safe on Macs with an SSD, or can this cause damage since it is technically overwriting data on the SSD which causes wear leveling?

Allan
  • 101,432
Hasnain Ali
  • 121

1 Answers1

1

...is using this command [rm -P] safe on Macs with an SSD, or can this cause damage since it is technically overwriting data on the SSD which causes wear leveling

It’s perfectly safe. You couldn’t really write enough data for it to matter. It’s also completely unnecessary as whatever you’ve deleted is instantaneously “gone.” The block isn’t really overwritten, it’s just that depending on the SSD, the drive will only return zeros or random garbage when a read command is made. It’s also marked as “unused” rather than “deleted” so it will likely be overwritten with legitimate data quickly.

Additional reading:

Allan
  • 101,432
  • So, what would be the difference between that and a file shredder like CleanMyMac or Permanent Eraser because secure delete is bad for the SSD? – Hasnain Ali Jun 20 '20 at 04:58
  • Those programs are irrelevant as is rm -P. SSDs make the data in deleted blocks inaccessible the moment the rm command is issued. Is secure erase bad? You could make an academic argument that it is, but in actuality it’s not practical to do so. The -P flag is still included to accommodate legacy drives. – Allan Jun 20 '20 at 05:18
  • TRIM support needs to be enabled and it needs to be of the Deterministic Read Zero after TRIM (RZAT) type for the drive to return only zeros. I bought a new SSD and TRIM support was disabled, so I needed to run trimforce enable. – Case39 Jun 21 '20 at 06:48
  • i'm sure you are correct but I thought in secure environments just deleting data from an SSD was not considered as a safe delete. That you still had to overwritre the data some way. Nothing like with an SSD but more than a simple delete. Maybe i'm wrong on this. – Natsfan Jun 21 '20 at 15:32
  • The (modern) SSDs, when the get a delete command, don’t delete the data, the block is marked “unused” so it will be overwritten by new data relatively quickly. However, if it gets a read command for that block, it will return zeros or garbage. The problem comes in where “enterprise grade” hardware like caching controllers hold data. It could technically remain accessible which is why using encryption is highly encouraged. Thing is, the controller isn’t holding the whole SSD in cache (why would you need a drive, then?) But data could technically be accessed. – Allan Jun 21 '20 at 18:49
  • This is all good discussion, but that’s not the question. It’s “is the command harmful to the SSD,” which it really isn’t but it’s also irrelevant. If we really needed a secure erase to utilize those apps mentioned above, Apple wouldn’t have removed it from the GUI of DU. They would have reworked it to accommodate modern drives. – Allan Jun 21 '20 at 18:55