Solid State Drives/Memory cell clearing

From ArchWiki
Jump to: navigation, search

Template:Article summary start Template:Article summary text Template:Article summary heading Template:Article summary wiki Template:Article summary end

Introduction

On occasion, users may wish to completely reset an SSD's cells to the same virgin state they were at the time he/she installed the device thus restoring it to its factory default write performance. Write performance is known to degrade over time even on SSDs with native TRIM support. TRIM only safeguards against file deletes, not replacements such as an incremental save.

Warning: Doing so will erase ALL data on the SSD and rendering it unrecoverable by even data recovery services!

Step 1 - Make sure the drive security is not frozen

Issue the following command: 

# hdparm -I /dev/sdX

If the command output shows "frozen" one cannot continue to the next step. Most BIOSes block (do no allow) the ATA Secure Erase command by issuing a "SECURITY FREEZE" command to "freeze" the drive before booting an operating system.

A possible solution for SATA drives is hot-(re)plug the data cable (which might crash the kernel). If hot-(re)pluging the SATA data cable crashes the kernel try letting the operating system fully boot up, then quickly hot-(re)plug both the SATA power and data cables.

  • It has been reported that hooking up the drive to an eSATA SIIG ExpressCard/54 with an eSATA enclosure will leave the drive security state to "not frozen."
  • Placing the target system into "sleep" (Clevo M865TU notebook) has reported to work as well; this may reset other drives to "not frozen."
Security: 
        Master password revision code = 65534
                supported
        not     enabled
        not     locked
        not     frozen
        not     expired: security count
                supported: enhanced erase
        2min for SECURITY ERASE UNIT. 2min for ENHANCED SECURITY ERASE UNIT.

Step 2 - Enable security by setting a user password

Note: When the user password is set the drive will be locked after next power cycle denying normal access until unlocked with the correct password).

Any password will do, as this should only be temporary. After the secure erase the password will be set back to NULL. In this example, the password is "Eins" as shown: 

# hdparm --user-master u --security-set-pass Eins /dev/sdX
security_password="Eins"
/dev/sdX:
Issuing SECURITY_SET_PASS command, password="Eins", user=user, mode=high

As a sanity check, issue the following command 

# hdparm -I /dev/sdX

The command output should display "enabled": 

 Security: 
        Master password revision code = 65534
                supported
                enabled
        not     locked
        not     frozen
        not     expired: security count
                supported: enhanced erase
        Security level high
        2min for SECURITY ERASE UNIT. 2min for ENHANCED SECURITY ERASE UNIT.

Step 3 - Issue the ATA Secure Erase command

# time hdparm --user-master u --security-erase Eins /dev/sdX

Wait until the command completes. This example output shows it took about 40 seconds for an Intel X25-M 80GB SSD, for a 1TB hard disk it might take 3 hours or more! 

security_password="Eins"
/dev/sdX:
Issuing SECURITY_ERASE command, password="Eins", user=user
0.000u 0.000s 0:39.71 0.0%      0+0k 0+0io 0pf+0w

The drive is now erased. After a successful erasure the drive security should automatically be set to disabled (thus no longer requiring a password for access). Verify this by running the following command: 

# hdparm -I /dev/sdX

The command output should display "not enabled": 

 Security: 
        Master password revision code = 65534
                supported
        not     enabled
        not     locked
        not     frozen
        not     expired: security count
                supported: enhanced erase
        2min for SECURITY ERASE UNIT. 2min for ENHANCED SECURITY ERASE UNIT.
Retrieved from "https://wiki.archlinux.org/index.php?title=Solid_State_Drives/Memory_cell_clearing&oldid=110499"