Secure wipe / erase for SSDs
The FOG OS has nice options to securely wipe disks, but it is not efficient for SSDs.
SSDs can be wiped with a few commands within seconds, while a shred for a 500 GB HDD takes about 1.5h.
I have opened a Github issue for this:
Is anybody interested in adding this? Otherwise I will have a go at it.
@Tom-Elliott Yes, this might work, but I didn’t want to spend too much time experimenting. If somebody once to follow up on this, that’s fine, but I won’t.
@Sebastian-Roth Don’t worry, I didn’t spend too much time on it. I have a use case where it would have been helpful to have this feature.
I have used secure erase for extra SSDs on Linux, but not the root disk. Most likely the primary disk that holds the OS is locked by the BIOS.
I am happy if you merge the PR, would be interesting to see if it works for some setups.
What about this?
From what I can gather, you can disable the “frozen state” from the BIOS, so sure it’s an extra step, but should still be possible.
The only machine that I see a warning is Lenovo. They have their own proprietary tool to perform erase operations.
@abulhol Too bad this is not working as intended now that you’ve pushed it forward a fair bit. Thanks heaps for your work and we might consider adding it anyways so it will work at least for some SSDs.
What do you think?
I am not an expert on SSDs, but I haven’t used any so far that did not support secure erase.
But we could also add a check if it is supported as described e.g. here:
shredwhen in doubt.
@abulhol Definitely a good point. Though I am not exactly sure how much can go wrong with secure erase on SSDs and if it really works for all models if we try to automate this with FOG. Do you have much experience with this?