Reply to: Wiping an SSD for resale

SSDs generally have more physical than logical addresses in order to implement wear levelling algorithms and achieve reasonable sustained write throughput. You only access logical addresses via the SATA interface, you cannot directly access every physical address or control which physical address a logical address is mapped to, so you cannot access every physical page of flash (i.e. the "whole disk"). This is why you have the SECURE ERASE command.

From an attackers perspective the problem is much simpler as it's relatively easy to open the disk and interface directly with the flash chips, bypassing the drive firmware and logical - physical mapping. The chips have a standard interface and devices designed to interface with them are cheap and widely available as they are exactly the same embedded devices used in gazillions of consumer electronics products.

What happens if you simply format the drive and then run a simple tool that generates a file taking up the whole disk?

Doesn't the difficulty in accessing a specific physical address also work against those wanting to recover old data as well though?

Niche alert

I have emailed the developers and this tool does not currently provide support for wiping SSDs.

Although it will be considered for future releases.

Tools that erase disks by simply overwriting data multiple times will not work on SSDs.

An SSD doesn't have a 1:1 correspondence between logical block addresses and the physical place that the data is stored in the way that a magnetic disk does. When "overwriting" a particular logical block address on an SSD what actually happens is that the new data is written to a different physical location, the physical - logical block mapping is updated and the original physical copy of data is simply left where it is until such time as the SSD decides to erase that entire flash block and reuse it. Even overwriting the whole disk dozens of times will not guarantee that every physical block is overwritten, and there is in general no way to overwrite a specific physical address other than using the SECURE ERASE command. How well this works depends on the manufacturers implementation of SECURE ERASE.

UltraSentry

You need a utility that can trigger a SECURE ERASE command. Google tells me "parted magic" is a good place to start.

If it's one of the ones with built in AES encryption a "SECURE ERASE" simply generates a new AES key and forgets the old one and the data is effectively scrambled. If it's not it will write zeros to the flash, so there is probably a slim chance that the CIA could open the chips up in a clean room and read out some residual information from the individual cells but unless you're Osama Bin Laden's boss they are unlikely to bother.

Wiping an SSD for resale

Just let my missus near it, all data will be irretrievably lost. She does this by a concept called 'It did it itself'.