1

I have an external SSD I would like to delete with ATA Secure Erase. I don't want to overwrite it with 0s or random bits. Can I do this with macOS (13.0.1) on my MacBook Air M1 or more generally on macOS overall?

hdparm does not seem to exist for macOS, nor does Homebrew have it. A VM is not an option. The last time this question was asked and answered (How to securely erase an arbitrary SATA drive, utilizing the drive firmware to do so?) is from 2015. Are there any options since then?

Allan
  • 101,432
TheBlob
  • 11
  • See also https://apple.stackexchange.com/questions/146733/why-is-a-secure-erase-not-necessary-for-ssds – Tetsujin Dec 04 '22 at 13:57
  • @Tetsujin That link points to information about a completely different type of secure erase that is not relevant to this question. – jksoegaard Dec 04 '22 at 14:30
  • 2
    Of course, the best practice is to turn on FileVault from the start. Then you won't need to secure erase when you pass the SSD to someone else - just delete the keys. – benwiggy Dec 04 '22 at 14:49
  • @benwiggy Yes I know, however I have an external SSD from another computer I want to sell. – TheBlob Dec 04 '22 at 16:21

2 Answers2

4

I have an external SSD I would like to delete with ATA Secure Erase, I don't want to overwrite it with 0s or random bits.

There seems to be some confusion as to what a secure erase actually is: it’s a writing of 1s, 0s, and/or random data. So, a secure erase es essentially an overwriting of a drive with “0s or random bits.”

Secure Erase on an SSD is Unnecessary.

Depending on the firmware of the storage controller it will mark the datablock as unused (available for immediate write) and when a read command is issued (if not reallocated for new data) it will return either zeros or garbage. See this post for more details.

Bottom Line…

Just erase the drive and you’ll be fine. The built in firmware will handle the “secureness” of the erasure. If you still need more piece of mind, you can always use diskutil secure erase function from the command line. The best way to secure an SSD is to encrypt it - with FileVault on macOS or the Linux equivalent

Allan
  • 101,432
0

I know that you write it is not an option, although you do not specify why, but for the benefits of others, I would like to point out that the easiest and simplest way of doing this currently is to use a VM and run hdparm on Linux with its --security-erase option.

If you are a developer, there's nothing inherent about macOS that hinders you from running the ATA Secure Erase command manually. You could port that single feature of hdparm over.

If you are not a developer, and do not want to use a VM, then the best way forward would be to use the software that comes from the manufacturer of your SSD - just like you do on Windows. Unfortunately, many manufacturers of external SSDs only provide software with the secure option for Windows users.

jksoegaard
  • 77,783
  • I'm not so sure it is so easy to port that feature over, how would you connect an external drive to a Mac over a sata capable port? I don't think you can send sata commands over a usb port to an external usb enclosure, so you would need a thunderbolt to sata connector? You would need to pass that trough to your vm? – Jens Timmerman Jul 07 '23 at 09:42
  • Well, you can actually send SATA commands over a USB port to external USB enclosures. This is done via ATA pass-through (part of SAT). Many controllers support this - you really want one that does. This controller requirement is the same on Linux, it is not macOS specific. – jksoegaard Jul 07 '23 at 13:36