This works perfectly even on the earliest Intel Mac, and won't slow the machine down any. Instead of just mentioning the tool, Ive summarised the details from the lengthy page where I found them below, and. This command should also work for most magnetic hard drives too, unless theyre ancient. Your drive will be completely wiped by its own firmware, without using any appreciable amount of USB bandwidth, CPU, nor drive's write endurance (for SSDs). The best way to erase, especially if the drive is a solid state drive, is to use the ATA Secure Erase command which Ive mentioned before. Hdparm -user-master u -security-erase NULL /dev/sda Issue the following commands on sysrescuecd's console: hdparm -user-master u -security-set-pass NULL /dev/sda This storage device will be available as /dev/sda. Attach the drive to the VM.Įnsure that only one USB device is attached to the VM. There are reasons to not use this feature. The VM does not need a hard drive, and needs only 256 MB of RAM.īoot up the VM. The Secure Erase Command in WipeDrive Enterprise is an ATA command to securely erase a drive to meet NIST 800-88 standards and should be used in most circumstances. Set up a new VM and attach systemrescuecd image to the virtual CD drive. I never got it working with USB 3 ports, due to bugs in Linux kernel. I've verified that the NexStar NST-D306S3 dock works great. I'll detail this last solution here.īuy a USB 2 or USB 3 hard drive enclosure.
OS X provides good userland access to any USB device, so if one wished to bundle hdparm with a USB storage driver, it'd be possible to use hdparm on USB-connected devices to perform secure erasure.Īlternatively, you could write a kernel driver to expose this functionality to the userland.įinally, you can use a virtual machine running linux, since both VMware Fusion and VirtualBox expose USB devices to the guest. Unforunately, there's no hdparm for OS X, since OS X doesn't provide any way for userland to send arbitrary SATA commands to the drive :( On Linux, the hdparm utility exposes this functionality to the user - see hdparm -security-help for details. These commands have the drive's firmware perform the erasure of the data. On those drives, and on SSDs, a secure erase should take 1-4 minutes (!).Īll modern drives support ATA Secure Erase commands. For drives with encryption support, it'll be almost instantaneous, as all the drive needs to do is to overwrite the encryption keys and the data becomes useless. The device is then in the unprotected SEC1 state.
The firmware-based secure delete can be much faster than sending zeroes to the drive, even on spinning platter drives. In both cases, not only is the delete process described above carried out, the user password is also cleared (reset to NULL) and Security mode is disabled. It'll also tax your CPU and USB subsystem with sending all those zeroes around.
If you're on an older Mac that has a poorly performing USB 2 ports, it'll take much longer than necesary. It sends the drive's capacity worth of zeroes over the drive's interface. It applies unnecessary wear to SSD drives. The problem with using Disk Utility or dd if=/dev/zero to erase a disk is that: