The short answer is:

Perhaps you can’t. Well, you can, but that means that you need to use a hammer.

The long answer:

You could use the build in ATA Secure Erase command (if your drive supports that), or you can overwrite the SSD multiple times, but…

There are studies out there showing that the data could be recovered even after overwriting multiple times.

Note that a data recovery will most likely only be possible by pulling out the flash and accessing it directly. Someone would need to put some effort into this to (maybe) get to (some of) your data.

The ATA Secure Erase command is a feature implemented by the manufacturer of a Solid State Drive.

It pretends to securely erase a SSD in just a few minutes (or less). I say ‘pretend’ as this is not always working like expected. Various scientific papers proofed that this feature is not always implemented the right way and sometimes the data is not even erased.

So you need to trust the vendor in this case, which is a bad idea in general.

Let’s say we trust those guys and use this feature to erase our SSD.

ATA Secure Erase

The drive must be connected via SATA or ESATA, USB won’t work. First we’ll check if ATA Secure Erase is supported by the drive:

hdparm -I /dev/sdx Security: Master password revision code = 65534 supported not enabled not locked not frozen not expired: security count supported: enhanced erase 2min for SECURITY ERASE UNIT. 2min for ENHANCED SECURITY ERASE UNIT.

The output should look similar. We see that our drive supports 2 modes:

Secure Erase and Enhanced Secure Ersae. So what is the difference?

And again, it’s the manufacturer who would need to tell us. I asked Kingston and they answered as follows:

Secure erase overwrites all user data areas with binary zeroes. Enhanced secure erase writes predetermined data patterns (set by the manufacturer) to all user data areas.

I guess Secure Erase will do the job.

We also see that our disk in not frozen, which is good. What do we do if it’s frozen?

There is a simple solution which worked for my SSD’s. We send our system to sleep and wake it up again. This will remove the frozen status from the disk.

echo -n mem > /sys/power/state

Now we use hdparm again to check if the drive is unfrozen:

hdparm -I /dev/sdx

Once the drive is not frozen, we can start the Secure Erase procedure.

Activating security (we can replace PASS with whatever we like):

hdparm --user-master u --security-set-pass PASS /dev/sdx

hdparm --user-master u --security-erase PASS /dev/sdx

The output will look like this and we have to wait a while:

security_password="PASS" /dev/sdx: Issuing SECURITY_ERASE command, password="PASS", user=user

That was quick, what? Our drive should be erased. You don’t trust the vendor? Nor do I.

Overwriting the drive

Multiple overwriting would be another option if we want to keep the drive.

Let’s check if there is any HPA (Host Protected Area).

This is a protected area which will not be erased if we overwrite the whole disk.

Checking for HPA:

hdparm -N /dev/sdx

We will see something like the following if HPA is disabled:

/dev/sda: max sectors = 1565152896/1565152896, HPA is disabled

On the right side we have the real hardware sector limit of the disk, on the left side we see the value set for the HPA. Here, the numbers are the same which indicates that HPA is disabled.

So what do we do if its enabled?

We change the value to the real maximum sector count. hdparm will do that for us.

hdparm –N 1565152896 /dev/sdx

Note that this is not permanent and will be restored after boot. Use hdparm –N p1565152896 if you want to make that permanent.

Now we could run a dd if=/dev/zero of=/dev/sdx to write zeros to the entire drive.

Conclusion

Don’t store important data unencrypted on a SSD. Disable the HPA and encrypt the whole drive from the beginning. If a data recovery would be successful, it would at least only show the encrypted data.

If you stored data unencrypted, you might go for the hammer.