Multi-pass, over-writing is an acceptable method for securely erasing data on hard drives. The problem with over-writing data on SSDs is that most tools cannot access all storage areas on an SSD; potentially leaving behind blocks of data in service regions reserved for SSD maintenance (e.g.: bad blocks, wear-leveling, TRIM, etc.). There are only a few acceptable methods of sanitizing data on an SSD. One of those methods is invoking the ATA Secure Erase command.
ATA Secure Erase is part of the ANSI ATA specification and is often included in the SSD's built-in controller firmware. When implemented correctly, Secure Erase wipes the entire contents of a drive at the hardware level. Secure Erase is recognized by the US National Institute for Standards and Technology (NIST), as an effective and secure way of purging data from drives to meet legal requirements for data sanitization up to laboratory level.
The Kanguru HDS-Pro line of duplicators feature two functions that invoke the Secure Erase commands: Secure Erase and Enhanced Secure Erase.
When the Secure Erase command is issued by an SSD that properly supports it, the SSD's built-in controller resets all its storage cells as empty (releasing stored electrons) including the protected storage service regions, restoring the SSD to the factory default configuration.
Enhanced Secure Erase
Enhanced Secure Erase is device-specific, and how it is actually carried out can vary from drive to drive. In some cases, the Enhanced Secure Erase will overwrite all sectors with a predefined pattern of ones and zeroes. In other cases, the drive has an internal encryption key which is simply destroyed and regenerated.
Caution! Unlike Disk Wipe or Disk Erase, the Secure Erase command is carried out by the SSD's built-in controller, not the duplicator. Please keep the following points in mind:
- Although most ATA drive manufacturers include the Secure Erase commands in firmware, not all do. Please check with the drive manufacturer to verify that your drive model supports ATA Secure Erase before attempting.
- Although the duplicator can report whether the function completed, it cannot guarantee that the Secure Erase function was implemented correctly by the device firmware. It is recommended to check with the drive manufacturer for verification that the data was actually wiped.
- If there are kernel of firmware bugs, executing the ATA Enhanced Secure Erase command could render a drive unusable. It is recommended to check with the drive manufacturer before performing this function.