77

I've just received my new SSD since the old one died. This Intel 320 SSD supports TRIM. For testing purposes, my dealer put Windows on it, but I want to get rid of this and install Kubuntu on it.

It does not have to be a "secure wipe", I just need the empty the disk in the most healthy way. I believe that dd if=/dev/zero of=/dev/sda just fills the blocks with zeroes and thereby taking another write (correct me if I'm wrong).

I've seen the answer How to enable TRIM, but it looks like it's suited for clearing empty blocks, not wiping the disk.

hdparm seems to be the program to do it, but I'm not sure if it clears the disk OR cleans empty blocks. From its manual page:

  --trim-sector-ranges
          For  Solid State Drives (SSDs).  EXCEPTIONALLY DANGEROUS. DO NOT
          USE THIS OPTION!!  Tells the drive firmware to discard  unneeded
          data  sectors,  destroying  any  data that may have been present
          within them.  This makes those sectors available  for  immediate
          use  by  the firmware's garbage collection mechanism, to improve
          scheduling for wear-leveling of the flash  media.   This  option
          expects  one  or  more  sector range pairs immediately after the
          option: an LBA starting address, a colon, and  a  sector  count,
          with no intervening spaces.  EXCEPTIONALLY DANGEROUS. DO NOT USE
          THIS OPTION!!

          E.g.  hdparm --trim-sector-ranges 1000:4 7894:16 /dev/sdz

How can I make all blocks appear as empty using TRIM?

Community
  • 1
Lekensteyn
  • 178,446

7 Answers7

72

ATA Secure Erase

You should use the drive's security erase feature.

  1. Make sure the drive Security is not frozen. If it is, it may help to suspend and resume the computer.

    $ sudo hdparm -I /dev/sdX | grep frozen
       not     frozen

    The (filtered) command output means that this drive is ”not frozen” and you can continue.

  2. Set a User Password (this password is cleared too, the exact choice does not matter).

    sudo hdparm --user-master u --security-set-pass Eins /dev/sdX

  3. Issue the ATA Secure Erase command

    sudo hdparm --user-master u --security-erase Eins /dev/sdX

Note:

  • /dev/sdX is the SSD as a block device that you want to erase.
  • Eins is the password chosen in this example.

See the ATA Secure Erase article in the Linux kernel wiki for complete instructions including troubleshooting.

David Foerster
  • 36,890
  • 56
  • 97
  • 151
psusi
  • 38,031
43

util-linux 2.23 offers blkdiscard which discards data without secure-wiping them. I tested: works over SATA and mmcblk but not USB.

An excerpt from the manual page of blkdiscard(8):

NAME

blkdiscard - discard sectors on a device

SYNOPSIS

blkdiscard [-o offset] [-l length] [-s] [-v] device

DESCRIPTION

blkdiscard is used to discard device sectors. This is useful for solid-state drivers (SSDs) and thinly-provisioned storage. Unlike fstrim(8) this command is used directly on the block device.

By default, blkdiscard will discard all blocks on the device. Options may be used to modify this behavior based on range or size, as explained below.

The device argument is the pathname of the block device.

WARNING: All data in the discarded region on the device will be lost!

The command is there since Ubuntu 15.04 and OpenSUSE 13.1 (yes OpenSUSE has it 2 years ahead of Ubuntu).

Tankman六四
  • 1,731
7

If you don't need a secure wipe, why don't you just install kubuntu using the options to 'use entire disk' and the equivalent of 'quick format' (can't remember the exact terminology right now)

That way you ditch the file allocation table and the drive is effectively emptied for overwriting. You don't actually need to empty it.

Rory Alsop
  • 2,779
3

If the drive has a Linux filestem on it, you can use fstrim. By default recent Ubuntu runs fstrim on drives from the following vendors: 

    if [ -z "$NO_MODEL_CHECK" ]; then
        if ! contains "$HDPARM" "Intel" && \
           ! contains "$HDPARM" "INTEL" && \
           ! contains "$HDPARM" "Samsung" && \
           ! contains "$HDPARM" "SAMSUNG" && \
           ! contains "$HDPARM" "OCZ" && \
           ! contains "$HDPARM" "SanDisk" && \
           ! contains "$HDPARM" "Patriot"; then
            #echo "device $DEV is not a drive that is known-safe for trimming"
            continue

Once a week.

So one answer to your question is boot up the system and wait a week!

Bryce
  • 2,007
1

Check to see if the BIOS on the computer supports this. On a laptop I just checked, there's an option to do a secure erase of all attached media on the next boot. This is probably a widely used option in corporate environments, so many vendors probably include it now. (I was checking on a Dell Precision 5510 laptop from 2017.)

Though if you just want to wipe the drive to install Linux (as per the question), you don't need to do a full wipe. The only concern is that the drive should know that the space used previously by Windows is now free, to optimize SSD use.

There are many options for this, including those mentioned already. I note that mke2fs has the -E discard option that should trim the partition when creating the file system, which is enabled by default. (Note that this is the best effort option, so it will silently ignore it if the hardware doesn't support it.) So in most cases you can simply ignore the problem, install Linux, and the installation process will do all the cleanup you need.

MarianD
  • 1,026
Preston Crow
  • 11
0

Just to note,hard drives that use SMR have to do a read a 256MB strip (drive-specific but this is apparently a typical size), modify, and rewrite to write out some sectors; to speed this up (avoid the read/modify if it doesn't need to), these disks support TRIM. On the 5TB one I just took a look at, it lists 818 minutes for security erase but 2 minutes for enhanced security erase (and it really took about 2 seconds.) Clearly the enhanced security erase it is just running a full-disk TRIM.

So, in some cases, you can "wipe" a hard disk in much less time than it takes to write it full of zeroes too.

hwertz
  • 376
-6

Just remove the partition, you do not have to clear the whole disk, old data will be overwritten when the storage is needed for something else.

To enable TRIM:

gksudo gedit /etc/fstab

Change "ext4 errors=remount-ro 0" into "ext4 discard,errors=remount-ro 0". (Add discard)

Save and reboot, TRIM should now be enabled.

Check if TRIM is enabled:

sudo -i
dd if=/dev/urandom of=tempfile count=100 bs=512k oflag=direct
hdparm --fibmap tempfile

Use the first begin_LBA address.

hdparm --read-sector [begin_LBA] /dev/sda

Now it should return numbers and characters. Remove the file and sync.

rm tempfile
sync

Now, run the following command again. If it returns zeros TRIM is enabled.

hdparm --read-sector [begin_LBA] /dev/sda
Alex
  • 217