Secure data deletion for SAS drives
You can use the Linux commands to securely delete data from SAS drives.
Secure data deletion for SED drives (HDD or SSD)
-
The
crypto-erase
operation for self-encrypting drive (SED) drives does not restore valid T10-PI (protection information) on the erased sectors. Therefore, if your drive is using T10-PI and you wish to re-use the SED drive after erase, you need to either reformat or overwrite the data after thecrypto-erase
operation with valid T10-PI. You can use thesg_readcap
command to display theProtection
information. Refer the T10-PI status for SCSI drive(SAS or SATA) and NVMe drives topic for more information on thesg_readcap
command. - If the SED drive does not use protection, or the SED drive might not be used again, the SED
drive is reformatted or overwritten before use, to perform the
crypto-erase
operation, run the following command,:sg_sanitize [--quick] --crypto /dev/sdX
Secure data deletion for non-SED SSD drive
You can securely delete data for non-SED SSD drives by performing the following
block-erase
operation:sg_sanitize [--quick] --block /dev/sdX
Secure data deletion for non-SED HDD drive
Secure data deletion for the non-SED hard disk drive (HDD) depends on the erasure pattern used.
An erasure pattern is basically a string that is used to overwrite the HDD drive.
- Depending on the required erasure pattern, you can run one of the following commands:
sg_sanitize [--quick] --overwrite --zero /dev/sdX
sg_sanitize [--quick] --overwrite --pattern=<file> /dev/sdX
sg_sanitize [--quick] --overwrite --pattern=<file> --ipl=<len> /dev/sdX
- These commands can take a long time to run completely. Progress updates are shown every 60 seconds.
- You can run the following command to check the
progress.
sg_requests /dev/sdX