Hey guys,
I want to shred/sanitize my SSDs. If it was a normal harddrive I would stick to ShredOS / nwipe, but since SSD’s seem to be a little more complicated, I need your advice.
When reading through some posts in the internet, many people recommend using the software from the manufacturer for sanitizing. Currently I am using the SSD SN850X from Western digital, but I also have a SSD 990 PRO from Samsung. Both manufacturers don’t seem to have a specialized linux-compatible software to perform this kind of action.
How would be your approach to shred your SSD (without physically destroying it)?
~sp3ctre
for future reference, encrypt your drives from the get-go. even if it’s not a mobile device, you can use on-device keys to unlock it without a pass-phrase.
source: used
shredon a couple of 3.5" 4 TB drives before selling them, took ages…I will take that into consideration. I already encrypted my older laptop (hard drive) with LUKS. Is there something special, when it comes to encrypting SSD’s? Do you experience speed losses of SSD after doing so?
every mobile device I ever owned is encrypted and protected with a reasonably secure pass-phrase so losing it is no big deal. it is conceivable someone could forensic the shit out of my setup but that is highly unlikely; it’s far more likely it’ll get wiped and sold or parted out.
I’ve done no benchmarks but I haven’t experienced any issues ever. the oldest linux device I own is a 2011 MBP (i7-2635qm, so quadcore) and I don’t perceive any speed degradation; it’s possible 1st gen Core i5/i7 could have issues as those don’t have AES-NI in hardware or sumsuch plus they’re SATA2 only, but those would be 15+ years old at this point.
with btrfs that has on-the-fly compression, copy-on-write, and deduping, everything works seamlessly, even when I have database-spanking applications in local development.
so the only thing I’ve changed recently is encrypting every device I have, not just the mobile ones. the standalone devices get unlocked with a key-file from the local filesystem so they boot without the prompt. selling/giving away any of those drives, mechanical or SSD, is now a non-issue.