<div dir="ltr"><div>So, the hdparm --security-erase will work on an HDD, but how it wipes is left up entirely to the hard drive manfuacturer. Most of them will just zero out your drive once and call it good and some forensic specialists will be able to recover data from that (but only the ones that charge, like, $900/hour or are on government payroll). If your drive supports drive-level encryption, then regardless of it being an SSD or HDD, then this is the best way to go, as it'll just wipe the key and none of the data will be recoverable.<br><br></div>After the erase, the password is gone so no worries there. It's a good idea to set the password because a lot of firmwares/bioses will freeze the drive security settings after boot without one (Lenovo, Dell, HP to name a few). If you get an I/O error running hdparm commands, then do hdparm -I and look for the text " frozen" which means your bios is freezing that functionality on the hard drive immediately after boot.<br><br><br></div><div class="gmail_extra"><br><div class="gmail_quote">On Mon, Dec 15, 2014 at 10:12 PM, der.hans <span dir="ltr"><<a href="mailto:PLUGd@lufthans.com" target="_blank">PLUGd@lufthans.com</a>></span> wrote:<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">moin moin,<br>
<br>
the dban threads have a few good pieces of advice, so I thought I'd throw<br>
them together. I'll also add what I can remember from last month's<br>
discussion on electronics donations since we covered drive wipes there as<br>
well.<br>
<br>
@ spinning disks:<br>
<br>
use wipe or shred<br>
<br>
Todd gave the following command line, be sure to specify the correct disk:<br>
<br>
$~ shred -zn10 /dev/sda<br>
<br>
As Stephen found out the hard way, dban wipes all drives it can find<br>
including the boot drive.<br>
<br>
During the discussion at the meetings encryption came up, someone<br>
suggested a couple of rounds of random data, encrypting the entire drive,<br>
filling the entire encrypted filesystem, then running wipe or shred to<br>
erase the drive. Note that this procedure will take a long time.<br>
<br>
@ solid state devices<br>
<br>
Todd pointed out the following commands:<br>
<br>
$~ hdparm --user-master u --security-set-pass PasSWorD /dev/sda #sets<br>
up security on the drive<br>
<br>
$~ hdparm --user-master u --security-erase PasSWorD /dev/sda # the point of no return delete everything on your SSD drive command<br>
<br>
The man page says you can use "the special password NULL to represent<br>
an empty password". After the erase with a password set is the password<br>
still set?<br>
<br>
Do we actually need to do the security-erase for spinning disks as well?<br>
All modern drives lie about their size and hide blocks in order to be able<br>
to replace bad blocks rather than failing if a block here or there goes<br>
bad.<br>
<br>
ciao,<br>
<br>
der.hans<span class="HOEnZb"><font color="#888888"><br>
-- <br>
# <a href="http://www.LuftHans.com/" target="_blank">http://www.LuftHans.com/</a> <a href="http://www.PhxLinux.org/" target="_blank">http://www.PhxLinux.org/</a><br>
# "The only thing that interferes with my learning is my education."<br>
# -- Albert Einstein<br>
------------------------------<u></u>---------------------<br>
PLUG-discuss mailing list - <a href="mailto:PLUG-discuss@lists.phxlinux.org" target="_blank">PLUG-discuss@lists.phxlinux.<u></u>org</a><br>
To subscribe, unsubscribe, or to change your mail settings:<br>
<a href="http://lists.phxlinux.org/mailman/listinfo/plug-discuss" target="_blank">http://lists.phxlinux.org/<u></u>mailman/listinfo/plug-discuss</a><br>
</font></span></blockquote></div><br clear="all"><br>-- <br><div class="gmail_signature">Todd Millecam</div>
</div>