Since SSD has write amplification, I want to reset the SSD to the initial out-of-box performance. Most tutorials are for SATA SSD (hdparm --secure-erase), I want to know how to erase a partition of NVMe SSD (maybe use nvme command?).
One more question: does dd if=/dev/zero of=/dev/nvme0n1 help? Or does fio --filename=/dev/nvme1n1 --direct=1 --buffered=0 --rw=trim --bs=4k --size=100G --numjobs=16 --iodepth=32 --group_reporting --name=trim help?
Thanks!
To totally erase a NVMe drive.
This will erase entire drive.
You may need to first install nvme - the NVMe storage command line interface utility (nvme-cli). Then review commands and list all nvme devices. List wil also show firmware revision & you should check that you have latest firmware.
sudo apt install nvme-cli
nvme help
nvme --help
nvme --help format
sudo nvme list
sudo nvme format -s1 <device>
fred@z170-focal-k:/mnt/data$ sudo nvme list
[sudo] password for fred:
Node SN Model Namespace Usage Format FW Rev
/dev/nvme0n1 S4P2NF0M514514L Samsung SSD 970 EVO Plus 500GB 1 164.30 GB / 500.11 GB 512 B + 0 B 2B2QEXM7
See comment below y rootkea, if using more than one namespace.
Use -n 0xffffffff to format all the namespaces.
see also
man nvme
For resetting to Out Of Box performance you DO NOT want to use the "write zeroes" technique of dd/fio. There is a BIG semantic difference saying "this area must contain and maintain zeroes" (fio/dd technique) and saying "this area is must be empty" (secure erase). For example the Solid State Storage (SSS) Performance Test Specification (PTS) specifies techniques it considers reasonable for preconditioning.
As OldFred's post states, you need to use an actual secure erase utility, such as the nvme-cli package.
The reason this will run so quickly is because the drive's contents are already transparently encrypted. That is, if you were to read the flash chips directly, you would not find any of the content you see on your drive when accessing it normally. The onboard controller handles this process completely transparently, storing the encryption key in a secure enclave within the controller.
This is useful both from a security and longevity standpoint. Encrypting data helps soften repetitive pattern writes from being so repetitive, which in turn helps to decrease the wear and tear on flash cells.
When you run a secure erase on an SSD, no data is actually being erased -- instead, the controller is generating a new encryption key and writing it into the secure enclave, overwriting the old key in the process and permanently rendering all binary data on the flash cells unrecoverable.
Install the nvme-cli package1, then:
sudo nvme format -s<mode> <device>
-s1 mode performs Block Erase, it actually erases all NAND blocks. It's fast because it erases all blocks at once.-s2 mode is the Crypto Erase, it changes the media encrypiton key.Newer SSDs support the sanitize command, which not only erases LBA blocks but also all metadata, log pages, cache and status, essentially performing a "factory reset". For example:
sudo nvme sanitize -a2 /dev/nvme0n1
-a2 corresponds to Block Erase here (for reference, -a4 is Secure Erase).
1 Note that nvme-cli requires the NVMe to be connected via a PCIe bus. NVMe-to-USB adapters add a translation layer, making the NVMe appear as e.g. a SCSI device and nvme-cli may not work.
