The ATA specification also describes SANITIZE OVERWRITE ERASE, which is applicable only to HDDs and this is not covered in this post. In the latest ATA specification, the sanitize command is called out in two ways: SANITIZE BLOCK ERASE and SANITIZE CRYPTO SCRAMBLE, which are separate methods described next. It acknowledges that hard drive methods for sanitizing are inappropriate for SSD, and may often be counterproductive. SP800-88r1 includes new descriptions of data sanitizing processes now in practice due to the new nature of data storage on SSD, in addition to more traditional techniques that continue to be used for hard drives and magnetic media. The document is intended to “assist organizations and system owners in making practical sanitizing decisions based on the categorization of confidentiality of their information.” In particular, the National Institute of Standards and Technology (NIST, USA) describes this function in a document called Special Publication 800-88, “Guidelines for Media Sanitation,” currently at Revision 1 published in 2014, and available at SP800- 88r1. Sanitize is most inclusively described in government specifications. When used in all caps, as in SANITIZE, it refers to the command specified by the ATA Command Set (ACS) which sets in motion the sanitizing of data on an SSD. However, “sanitize” is a term of art where data security is concerned, describing a process by which data is removed from a storage device to a point that exceeds the ability to reconstruct the data by known forensic means. The word “sanitize” has obvious connotations with regard to cleaning up unwanted or unneeded data. Elements of the NAND flash which have already been erased once are now filled with data.Įven worse, when the host computer needs to write new user data, the drive must first ERASE the data pattern which was written, AGAIN! Now, inefficiency compounds because of the attempt to treat an SSD like an HDD.įortunately, Micron’s SSDs provide a fast and efficient means of eliminating all data from the drive, without redundantly erasing, filling and re-erasing the drive. Only after this erase step is complete will the drive proceed to write the desired data pattern to the erased elements. NAND flash is unique in that when data is stored in a particular storage element within the SSD, the data must first undergo a separate ERASE command before a new WRITE command can be performed at that physical location.īecause of this inherent characteristic of NAND flash media, when the host computer instructs an SSD to overwrite data, the drive will have to first issue the ERASE command to each of the targeted storage elements. However, for the NAND flash memory in most SSDs, there is no overwrite command available. This can be very inefficient and expensive. To truly make the data unrecoverable, this could take several passes and many hours of operation time. Historically, the accepted method of permanently removing data from magnetic media, as in HDDs, was to overwrite the data with a pre-determined data pattern, like “all 0’s” or a random data pattern.
#Instant secure erase serial
In this blog post, I will describe Micron’s methodologies for completely erasing, or “sanitizing” SSDs within the Serial Advanced Technology Attachment (SATA) and Trusted Computing Group (TCG) protocols. In fact, SSDs can provide tremendous advantages over HDDs with regard to the speed and security of the full-drive erase functions. Micron’s SSDs provide very effective and efficient means to do so. Because of this, the ability to ensure that user data is securely erased from a data storage device is critical. We are in an era where protecting sensitive information is crucially important, protecting data on storage devices is critical at every step in the life cycle of these devices, including at end-of-life and when devices are redeployed to other purposes.