SSD secure erase - sometimes failing, why?

Hi experts!

I'd like to clarify what "secure erase" I am talking about, it's the function built into some ssd drives' firmware that allows you to erase the whole drive in seconds.
I have used the OCZ tool on 4 of their drives, 3 succeeded, one (identical model) failed ("drive is security locked"). I used the intel ssd tool on 1 intel ssd drive and it erased alright. I used the Samsung tool on one of their drives, it failed ("secure erase could not be completed").

I wonder what makes some of them fail. I really would like to have that function working because it's so much quicker than a normal wipe. [Actually, it's even the only method there is to securely erase an SSD, at least our government says that.]

I read that power cycling the drives would help but that changed nothing: unplugged, waited a minute, replugged, same result. So I resorted to normal wipe and after a full wipe of the OCZ, I was able to do the secure erase, too. Left me puzzled but I tried the same on the Samsung one: no, this time no luck, same error. Tried different buses: SATA3, SATA2, USB.

Anyone experienced here?
Environment: 64 Bit Vista, as well as win8 x64. SSDs: intel 520 series 180 GB, Samsung 840 non-pro 120 GB, OCZ Vertex2 120 GB. Latest versions of their tools.
LVL 59
McKnifeAsked:
Who is Participating?
 
McKnifeConnect With a Mentor Author Commented:
Ok, I will close this as non-solved, if you don't mind.
[I was keen to get an answer to why these online tools (and sometimes the offline ones as well) work so unreliable, and if we can do something about it]

That there are ways to be relatively sure that the data remnants are next to zero and that you can combine those methods is accepted, yes, but was not part of the question.

Thanks for your comments.
0
 
insidetechCommented:
SSD drives - which you probably know have no moving parts. The conventional "security" erase algorithms apply multiple re-writes because on conventional magnetic media it is possible to detect a faint remanence of the original magnetic state. In SSD there is no such retention.
In fact... likely you are damaging or at least shortening the drives life by doing this. FYI for same reason, SSD drives should not be defragmented.
Why it does not work on some drives? From my experience because the drive you are experiencing this issue with already have "exhausted" memory cells in certain areas.
I found that about the only tool to talk to these drives are the factory firware flashing utilities, and if you are realy concerned about whiping the drives clean, re-flashing the drive will do the trick.
0
 
McKnifeAuthor Commented:
I know about this, yes.
The drives were fairly new, the Samsung for example was brand new.
Reflashing often does not even harm the data - I did a lot of firmware updates on SSDs.
0
Increase Security & Decrease Risk with NSPM Tools

Analyst firm, Enterprise Management Associates (EMA) reveals significant benefits to enterprises when using Network Security Policy Management (NSPM) solutions, while organizations without, experienced issues including non standard security policies and failed cloud migrations

 
tyson-edwardsCommented:
For newer drives, secure erase can simply mean changing the encryption key for the drive, at which point the cryptographic keys to encrypt and decrypt the data is no longer valid, so all of  the data becomes instantly unreadable.

Firmware updates are typically designed not to modify the encryption keys, if they even exist at all, and as a byproduct will retain data.

Manufacturers who offer encryption supporting SSDs will have a utility available to rekey the drive.

Another noteworthy thing to consider is that unlike a conventional spinning hard disk, recovering data from Flash is quite difficult in non-encrypted scenarios. Wear leveling makes this process a little easier as you can't technically address all of the data at any one point in time due to over provisioning, making it possible to recover data that one would believe would be overwritten. Utilizing TRIM on a drive makes data recovery even more difficult as it will simultaneously zero out data and transition data from cell to cell via wear leveling as well as increasing cell utilization as any read or write must re-write the entire 256KB cell, hence the reason why you would always make sure that your cluster sizes for a SSD is 256KB and that your drive is aligned appropriately.
0
 
McKnifeAuthor Commented:
Fine. But what about the question? ;)
0
 
noxchoGlobal Support CoordinatorCommented:
Could be the drive itself has problems. Try to erase it with Parted Magic as shown here: http://howto.cnet.com/8301-11310_39-20115106-285/how-to-securely-erase-an-ssd-drive/
0
 
McKnifeAuthor Commented:
Sorry, missed to report that I did that already: failed as well.
Today I tried the DOS version of Samsung's tool: it ran alright.
0
 
noxchoGlobal Support CoordinatorCommented:
Yes from any dos version it would run ok. Seems the problem s in drive detection in linux and Windows. Dos Has better detection.
0
 
McKnifeAuthor Commented:
Hi noxcho.

"DOS has better detection" - the problem is not, that it does not get detected, but that it either starts erase but does not finish or that it thinks the drive is security locked. Ok, maybe you mean these issues are because of maldetection of what state the drive is in. Anyway, I will stop to rely on the online-tools and use offline-tools.

Ok, this will lead to another question: is there a tool apart from parted magic that will allow different/all brands of SSDs to be erased using their "secure erase" function?
0
 
noxchoGlobal Support CoordinatorCommented:
As far as I know - no such tool was sent to the market. The SSD market seems t be still young and thus the software development is not in rush for it.
0
 
btanExec ConsultantCommented:
saw this paper and like what you did using the vendor tool to erase, most probably using some sort of ATA Secure command. That may not be foolproof as shared in the paper.  Most of the failed case, maybe the buggy tool. Thought the other possible approach is to use full disk encryption: make sure the entire filesystem on the drive is encrypted from the start (e.g., Bitlocker, Truecrypt). When you want to sanitize the drive, forget all the crypto keys and securely erase them, and then erase the drive as best as possible. Maybe  combine it with ATA Secure Erase for (higher) confidence. Few cents worth

http://static.usenix.org/events/fast11/tech/full_papers/Wei.pdf

Excerpt:

Our results lead to three conclusions:
First, built-in commands are effective, but manufacturers sometimes implement them incorrectly. Second, overwriting the entire visible address space of an SSD twice is usually, but not always, suf¿cient to sanitize the drive. Third, none of the existing hard drive-oriented techniques for individual ¿le sanitization are effective on SSDs.
0
 
McKnifeAuthor Commented:
See comment.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.