Software Tools for Secure Data Deletion
Secure Data Deletion Commands for HDD and SSD
The Secure Data Deletion Command Matrix shows all Seagate Secure Data Deletion Commands.
|Interfaces||Security Erase||Format Unit||Simple Overwrite||Sanitize
|Revert & RevertSP (PSID)||Write Same|
|SATA SED SED & FIPS|
|SAS SED SED & FIPS|
|NVME SED & FIPS|
Overwrite Commands (Comply with Lot 9):
Take 1 hour per Terabyte (USBs up to 5 hours per TB) to complete. Overwrite commands go from end to end of the device, overwriting existing data with zeroes.
They provide thorough validation of data erase. Overwrite commands allow reallocation of defective sectors.
Note: Simple Overwrite does not erase data in blocks that were deallocated. Accessing data in deallocated sectors would reasonably be infeasible for a given level of effort.
Fast Erase Commands (Comply with ISO 27040 and NIST 800-88):
Take 2 to 30 seconds.
Revert (PSID) command performs a Crypto Erase. All data is sanitized and the security subsystem returns to Factory default.
Revert, RevertSP (PSID), Sanitize Crypto, and the Security Erase (for SATA SED), destroys the AES 256 data encryption key by overwriting it with a new value and sanitze all data written by the previous key to a cryptographic certainty per FIPS 140 and Common Criteria standards.
The ATA Security Erase Unit on Self Encrypting Drives (SED) has an option for Crypto Erase Only OR Crypto Erase + Overwrite. Customers must be clear which commands they are using on encrypting SATA drives. This is a Fast Erase command.
Commands that cannot be easily aborted before completion.
Deletion Command Notes
- The Secure Data Deletion process must be allowed to complete to be effective and to avoid inadvertent data or drive issues.
- All commands comply with ISO 27040 and NIST 800-88 Standards.
- Not all commands provide data overwriting.
- Overwrite commands comply with the Lot 9 data deletion regulation providing "the effective erasure of all traces of existing data from a data storage device, overwriting the data completely in such a way that access to the original data, or parts of them, becomes infeasible for a given level of effort." Command duration:
- Overwrite commands take longer to implement.
- Sanitize Cypto, Revert, and RevertSP (PSID) take at most 2 minutes. All other erase commands take 1TB/hr.
- NVMe SSDs take 1 hour per terabyte per pass. Number of passes is drive selectable. The NVMe specified default is 16 passes.
- Seagate is not responsible for lost user data or data remaining on the drive after erase. If you are not the original owner of this drive, and that owner has no claim to it, you might still be responsible for the drive data.
Secure Data Deletion for a RAID System (RBOD)
To perform secure erase for a RAID system, follow the instructions below
- Log into the RAID system CLI.
- Run clear events
- Run restore defaults factory
These commands remove all configuration and returns the drive to factory default. This is not recoverable.
- Take the RAID controllers out of the system.
- Install an IOM (IO module, a JBOD controller) into the system making it a JBOD.
- Connect the system and run SeaChest Utilities commands through the SAS port on the JBOD.