I see there is already a privacy guides blog on secure data erasure but i think it should be added to Knoweldge base or under tools recommendation as its important tool and could be made more accessible and visible to the users. I have added some other inputs here apart from things already mentioned in the blog.
ShredOS could be added as a tool recommendation for securely erasing entire disks - HDD and SSD
Its is usually used before reinstalling an OS or before selling your device. Shredos contains nwipe for performing erase functions
ShredOS is a USB bootable (BIOS or UEFI) small linux distribution with the sole purpose of securely erasing the entire contents of your disks using the program nwipe. If you are familiar with dwipe from DBAN then you will feel right at home with ShredOS and nwipe. What are the advantages of nwipe over dwipe/DBAN? Well as everybody probably knows, DBAN development stopped in 2015 which means it has not received any further bug fixes or support for new hardware since that date. Nwipe originally was a fork of dwipe but has continued to have improvements and bug fixes and is now available in many Linux distros. ShredOS hopefully will always provide the latest nwipe on a up to date Linux kernel so it will support modern hardware.
Advantage of using eraser software from a bootable USB stick is that no partition on the Disk is skipped.
nwipe presents users with the following options , and using any of the first 2 can be secure enough for most people. Also it may take hours for this process to take place depending upon your HDD and computer speeds.
- Fill With Zeros - Fills the device with zeros (0x00), one round only.
- Fill With Ones - Fills the device with ones (0xFF), one round only.
- RCMP TSSIT OPS-II - Royal Candian Mounted Police Technical Security Standard, OPS-II
- DoD Short - The American Department of Defense 5220.22-M short 3 pass wipe (passes 1, 2 & 7).
- DoD 5220.22M - The American Department of Defense 5220.22-M full 7 pass wipe.
For SSD’s things are much more simpler and faster , and you might not need to even write 0’s or 1’s to the ssd. Neither its recommended to overwrite the SSD multiple times as it may effect its lifespan.
You can either use specific secure erase software’s provided by SSD manufacturers like Western Digital dashboard , Samsung SSD magician , Kingston SSD manager, Crucial SSD Storage Executive
If you don’t have a manufacturer software or don’t turst it then you can use programs like nvme-cli which most SSD supports and use sanitize command for secure erase. nvme -cli can be used right from ShredOS CLI itself.
$ nvme sanitize -a 2 /dev/nvme0n1
or
$ nvme format /dev/nvme0 -s 2 -n 1
or if nvme-cli is not supported
$ sudo blkdiscard /dev/nvme0n1
Any option among crypto erase , block erase or secure erase should be sufficient and safe.
please add to this thread , your inputs or any corrections