• Please use real names.

    Greetings to all who have registered to OPF and those guests taking a look around. Please use real names. Registrations with fictitious names will not be processed. REAL NAMES ONLY will be processed

    Firstname Lastname

    Register

    We are a courteous and supportive community. No need to hide behind an alia. If you have a genuine need for privacy/secrecy then let me know!
  • Welcome to the new site. Here's a thread about the update where you can post your feedback, ask questions or spot those nasty bugs!

How to securely erase a Mac internal SSD?

Asher Kelman

OPF Owner/Editor-in-Chief
I'm returning to Apple a MacBook Pro 2.9GHZ as it is slower than my 2013 Mac Pro Cylinder, albeit with 6 core 3.5GHz. I had been assured that the new MacBooks would ace the older cylinder!

So I transferred by data and proceeded to delete everything. I check with Disk Utility and some PDFs and all my key chain info were still there with numerous other files for about 1.1 GB total.

I did a complete erase writing over with random ASCII using Techtool Pro 9.6.2 and the files were still there!

Now I am doing a 00110011 write over x3 to see if I can get to the sectors hiding the password that I want to erase! Perhaps that will work!

Meanwhile, ideas how to reach protected areas of the SSD? I tried "secure erase" with the disk Utility but after several hours, there was no sign of activity.

Asher
 

nicolas claris

OPF Co-founder/Administrator
Tell us how did you try to erase your SSD, if this is the boot disk did you boot and perform from another disk (external) ?
 

Asher Kelman

OPF Owner/Editor-in-Chief
Tell us how did you try to erase your SSD, if this is the boot disk did you boot and perform from another disk (external) ?

Thanks Nicolas!

I put the MacBook Pro in FireWire mode by starting with “T” pressed down, until I had the black screen with the white FireWire symbol stepping over the screen.

Then I connected this to my Mac Pro Cylinder running High Sierra.

I have done complete volume write-over:

First with random ASKII characters and then with 00110011 sequence and the latter done x3

Still the few PDF files and keychain were preserved in 1.1 GB of recoverable data.

So it seems that there is, (perhaps unsurprisingly), a section of the SSD which is reserved for basic instructions and firmware and Apple sometimes stores data there!! I can understand putting the keychain there, but why put some PDF documents there too? Perhaps when I reformatted the drive, it accidentally used a sector that previously had stored documents and the reformatted drive made a protected area for the firmware and so there were potentially recoverable files in a protected area where the firmware is stored!

Anyway, now I am secure erasing using the most extreme settings in the disk utility with 7 over-writes and then real data and then erasure!

I think I need a software that will shift the protected sector with firmware so the underlying included “free space” can be erased too!

Asher
 

Jerome Marot

Well-known member
Apple recommends to reset the mac. Enter Recovery Mode: start and hold down Option-Command-R until you see an Apple logo or spinning globe. That will boot from your recovery partition. Then erase the disk and re-install OS X.
 

Asher Kelman

OPF Owner/Editor-in-Chief
Apple recommends to reset the mac. Enter Recovery Mode: start and hold down Option-Command-R until you see an Apple logo or spinning globe. That will boot from your recovery partition. Then erase the disk and re-install OS X.

I did that and the data was kept and could be found again by Disk Drill. I have repeated going into recovery mode and most securely erasing the Mac Pro SSD, (which only took 20 seconds). The Disk Drill app on the Mac Pro still recovered from it the keychain.

I tried closing the Disk Drill app and restart the recovery but it appears to remember the previous results. So I have switched to using the very latest version of Prosoft’s “Data Rescue” and so far there is nothing recovered. So it could indeed be that Disk Drill is showing me the work it has done, even though it hasn’t as yet officially actually recovered that data into the folder designated for that recovery. I think that Disk Drill might be using RAM, (or making a temporary use of disk space somewhere as PS does), to store it’s “positive” findings and only rebuilds these identified files when one selects “recover”!

There should be a way to reset Disk Drill’s caches, but the software seems brilliantly designed for the nearest to “bulletproof” recovery of files even if they get “deleted” in the interval!

So I may well have successfully erased the keychain of the MacBook Pro several times over, but if Disk Drill can store those files somewhere, then they “reappear” but from another drive used for temp storage and not necessarily from the erased drive!
 

Asher Kelman

OPF Owner/Editor-in-Chief
Well, the most secure delete via command R or directly from Disk Utility doesn’t necessary remove all one’s very private data!

I have just recovered PDF’s and the entire Keychain after the most secure “government level” erase.

I can recover either by Disk Drill or by Prosoft’s Data Rescue!

I have deleted the entire volume by both Techtool Pro 9.6 and the latest Mac High Sierra Disk Utility repeatedly and the Keychain is still present!

Asher
 

Asher Kelman

OPF Owner/Editor-in-Chief
Well, one more “most secure” erase with Apple Disk Utility and we have now reduced from 1.2 GB to 840kb the “resistant to deletion” stubborn files!

What is fascinating to me is that the keychain is protected inside this “hard-to-permanently-delete” set of files. Is this because the data is stored where the firmware is kept?

Anyway, shortly I will see what can still be recovered by Prosoft’s Data Rescue Utility.

Asher
 

Asher Kelman

OPF Owner/Editor-in-Chief
Well the Professional Edition of Data Rescue recovered 4.99 GB of data from the multiply securely erased SSD!

Among the files: one email and scores of PDFs, but so far, have not found the most important keychain! I will check with Stellar Phoenix. This asked me which hard drive to look at and added a new option for a "drive that needs to be found" which seems like a brilliant idea! but we do not need it here as I am just scanning the SSD of the MacBook Pro I have to return.

Asher
 

Asher Kelman

OPF Owner/Editor-in-Chief
Stellar Phoenix found 14.91 recoverable files. My license number doesn't work, but so fat can see any keychain and do actual recovery.

Repeated Disk Frill, up came 33.87 GB of recoverable files with a staggering 4.5 MB of (128) Keychain items! That's more than the 35 items after the very first wipe of the SSD with Techtool Pro! So all these so called serious government wipes simply released more hidden files to recover!

Now using "Do your data recovery Professional" and have already 6 keychain items in a few minutes with about 45 minutes to go.

So the Apple disk Utility, in my use, cannot fully wipe a Mac SSD under High Sierra.

Asher
 

Asher Kelman

OPF Owner/Editor-in-Chief
Now I am a lot wiser!

SSDs cannot be readily securely erased because of load leveling and provisioning whereby only certain lots of the available storage sites, (which the chip itself constantly moves around to even out wear-out problems), are used. One cannot access all the areas and actual data storage sites are not written over with random or patterns of 0 or 1 as this wears out the SSD!

There is a “Secure Erase” ATA command which give a reset voltage to the entire SSD apart from factory specified secret locations which are not disclosed generally!

Government security requires grinding up the SSD to less than 1mm dust and there are machines for the purpose. One is advised to include some paper in the grind to protect the knife! Also to protect the knife grind up SSDs as they get available and do not accumulate a bunch as doing a big load damages the grinding machine, LOL !

One lesser solution is to use the “File Vault” to encrypt the HD and then restart with a new install which deletes the encryption password key. What remains is garbage even if recovered.

But software can now recover that key!!

Still it’s a way!

Alternatively don’t use an SSD for really really Private Data! Use a rotating HD as these can be securely erased!

Asher
 
Last edited:

Asher Kelman

OPF Owner/Editor-in-Chief
Very educational and scary, Asher!

We should better use RAIDS of spinning drives as these CAN be securely serased without owning a government certified SSD grinding machine. BTW, destroying medical and other private data is now required by law when there is no solid reason to further keep someone else’s private information. On a server, that is relatively easy where classical “spinning” drives are used. One just has to remember that for example, Amazon Web Services keeps your data in 3 geographical locations and duplicates in each. Perhaps done further in cold storage! If they can’t keep tracm of 2000 immigrant children, how on earth can they keep track of private data and when they must be sanitized in all copies in different parts of the planet??

I received this excellent summary article from Doug Kerr, our resident engineer:

“You probably have already seen this, and it might not be relevant, bit . . .

https://www.kingston.com/us/community/articledetail/articleid/29539”

My advice is to only use SSD drives for operating system and software and non private data storage, but no bank, health or top security records or else folk who buy in bulk used SSD,s from recycled computers can data mine the drives and match them with other stolen records to help complete the puzzle needed for new fake identities and new Bank accounts in your name!

If I have structural and architectural data of a parking lot by a police station and promise to erase it after my permitted use for some design change, then I expect after erasure on my computer it should be gone, sanitized and non-recoverable.

“ATA Secure Erase tools

A DOS shareware tool called HDDErase can be used to execute a Secure Erase. HDDErase is available here.

HDDErase is an easy-to-use tool That runs from a DOS bootable drive. In order to run the system BIOS must be HDDErase Set to "IDE" or "Compatibility" mode in order for the drive to be Recognized by HDDErase. HDDErase can only be run on systems That drives are attached to a SATA or IDE ports Directly and not through a USB bridge or enclosure.”

Unless you can directly attach that SSD by SATA or IDE to a DOS computer, you cannot run the DOS hardware reset command “AT Erase”, the internationally agreed convention for hardware reset, by voltage change of ALL storage locations on the SSD, bypassing any need for writing 0s or 1s!

Kingston is claiming a software command to do the same. Theoretically they can do that as ONLY they understand the dynamic anatomy of what parts of the drive are in use and what parts are in reserve and how to access them. But there solution is only applicable, AFAIK to their own new designated truly erasable SSD drives and so far MACS do not use them anyway!

Asher
 

Asher Kelman

OPF Owner/Editor-in-Chief
The Solution Apple Apparently Ignored!

The Kingston offerings since 2010: firmware encoded capability for complete sanitation claimed:

On a 256GB Kingston SSDNow V + 100, to Secure Erase can be completed in 2 minutes. Some SSDs can take longer, but not nearly as long as mechanical hard drives!

Well I can accross some intriguing information. These Kingston branded SSD drives seem awfully similar to those Apple put in its MacBook Air already as of 2010!!

So “potentially”, we could already have had easy capability of leveraging Kingston’s software command for total sanitization of at least some some Mac SSD drives!

In the past 71/2 years, surely this could have been implemented by Apple instead of simply obfuscating headers or introducing encryption which can be defeated!

Asher
 
Top