Secure data deletion for SATA drive
You can use the Linux commands to securely delete data from the Serial Advanced Technology Attachment (SATA) drive.
- To securely delete data for a self-encrypting SATA drive, run the following
command:
hdparm --yes-i-know-what-i-am-doing --sanitize-crypto-scramble /dev/sdX
Notes:- The
--sanitize
command requires 9.54, or later version of the hdparm command. - The
--sanitize
command might display an error message such asSG_IO: bad or missing sense data
if the SATA drive is not compatible with thecrpto-erase
operation. The SATA drive is not erased. Any subsequentOperation started in background
message should be ignored.
To monitor the progress of the sanitize operation, run the following command:hdparm --sanitize-status /dev/sdX
Note: Do not attempt to access the SATA drive during the sanitize operation, the operation might hang. However, the kernel error-handling routines that run eventually handle the hung tasks and hung tasks error-out eventually. - The
- To securely delete data for non self-encrypting solid-state drive (SSD) drives, run the
following
command:
hdparm --yes-i-know-what-i-am-doing --sanitize-block-erase /dev/sdX
Note: Thehdparm
command does not return an obvious error if the drive is not compatible with theblock-erase
operation and the drive is not erased. Such an error is typically indicated by a message such asSG_IO: bad or missing sense data
. The presence of the message indicates that the drive is not erased. - To securely delete data for hard disk drive (HDD) drives, or 9.54 version of the
hdparm
command cannot be used, run the following command sequence:hdparm --user-master u --security-set-pass p /dev/sdX hdparm --user-master u --security-erase p /dev/sdX
Notes:- The hdparm command with the
--security-erase
option does not return until the erase operation is complete. The erase operation can take long time. - If a message prefixed with SG_IO is displayed, the drive is not erased.
After you run the preceding hdparm commands, perform the following procedure to make the HDD drive ready to use again:- To check the security level of the HDD drive, run the following command after you run the
hdparm command with
--security-erase
option:hdparm -I /dev/sdX
In the output, search for one of the following strings to know the security mode:
Where the asterisk indicates that the HDD drive is still secure.* Security Mode feature set
Where theMaster password revision code = NNNNN supported enabled
enabled
line in the output indicates that the HDD drive is still secure. Many lines in the output might contain the stringenabled
. Therefore, only consider the string that is displayed in theSecurity
section.-
Security level high
If this string is present in the output, it indicates that the HDD drive is still secure.
- If the HDD drive is still secure, run the following commands to disable the
password locking
feature so that the HDD drive can be reused:hdparm --user-master u --security-unlock p /dev/sdX hdparm --user-master u --security-disable p /dev/sdXl
- The hdparm command with the