Linux Commands

How to Securely Delete Files from My SSD?

You wouldn’t just throw an old credit card or bank statement in the trash without shredding or otherwise destroying it first, and you definitely shouldn’t get rid of an old SSD without first securely deleting its content.

The problem is that simply formatting the SSD isn’t enough to make your files impossible to recover. And because SSDs store data differently than traditional methods, many commonly recommended secure delete methods don’t work well.

Why Is It Difficult to Securely Delete Files Stored on an SSD?

SSDs, just like all other flash-based storage devices, maintain a layer of indirection between how data is actually physically stored on them and how your computer sees the data. This layer of indirection helps improve performance, reliability, and compatibility because it hides the idiosyncratic nature of flash memory.

That’s all well and good until you decide to delete a bunch of files in a way that makes their recovery impossible. The same erasure techniques that work well for traditional spinning hard drives deliver limited results with SSDs, often resulting only in what’s called logical sanitization (the deleted data is impossible to retrieve but still physically present on the storage device).

Here are additional reasons why traditional erasure techniques don’t work well with SSDs:

  • Because SSD’s use a technique called wear leveling to increase their lifespan, you can never be sure where your files physically reside.
  • When overwriting, SSDs leave the original data untouched and write new data to another location.
  • Most manufacturers overprovision their SSDs to compensate for dying storage cells, so a 256 GB SSD may actually have, for example, 270 GB of usable storage space.

Because of these factors, tools like the shred command or GUI applications like BleachBit don’t produce the same results as they do with traditional hard drives.

Instead, you need to use SSD-specific methods and approaches to ensure true digital sanitization, making it impossible for the deleted data to be recovered.

3 Ways to Securely Deleted Files from an SSD Using Linux

Let’s take a closer look at three tried-and-tested ways to securely delete files from an SSD drive. The methods described below should work on any major Linux distribution.

Method 1: Perform a Secure Erase

Aware of the challenges associated with the deletion of data from SSD drives, SSD manufacturers commonly support the ATA Secure Erase command. When this command is issued, all storage cells are emptied, which effectively restores the drive to its original state.

First, make sure your SSD actually supports Secure Erase:

$ sudo hdparm -I /dev/sdX | grep -i erase

If you see something like the following output, then you’re good to go:

supported: enhanced erase

2min for SECURITY ERASE UNIT. 2min for ENHANCED SECURITY ERASE UNIT.

Next, enter the following command to make sure your SSD is not frozen:

hdparm -I /dev/sdX | grep frozen

The output should display “not frozen.” If it doesn’t, then you can try suspending your system.

You also need to temporarily set a user password:

hdparm --user-master u --security-set-pass pass /dev/sdX

Don’t worry, the password will be erased after you perform the Secure Erase.

Now, it’s time to issue the actual Secure Erase command:

time hdparm --user-master u --security-erase pass /dev/sdX

The command typically takes minutes to complete. But it may take as much as an hour, so be patient and let it finish.

Method 2: Overwrite All Data Multiple Times

As we’ve explained, overwriting all data stored on an SSD doesn’t completely guarantee that each and every file will be gone for good because most SSDs have some reserve storage capacity to compensate for dying storage cells. This reserve storage capacity is not directly visible, and so you can’t be entirely sure that a single overwriting will successfully delete everything.

That is why it’s a good idea to overwrite your SSD multiple times, and you can do just that by issuing the following command several times in a row:

dd if=/dev/zero of=/dev/sdX status=progress

Method 3: Discard Device Sectors

Because wiping SSDs using dd is very slow, you should also consider using the blkdiscard command instead to discard device sectors, like this:

blkdiscard /dev/sdX

The blkdiscard command will discard all data stored on your SSD by basically sending the TRIM command to the entire device. What happens then depends on the implementation details of that particular SSD’s firmware, which is why you shouldn’t rely on this method for deleting sensitive files. However, the method works really well if logical sanitization is what you’re after.

Bonus: Physical Destruction

Of course, you can always grab a reasonably heavy hammer and turn your SSD into a pile of silicone dust. In fact, this is, by far, the safest method for the secure deletion of highly confidential files, but it’s also the most expensive.

If you decide to go this route, make sure to destroy all flash memory chips inside your SSD and not just the housing because a particularly sophisticated attacker could extract raw data from them using a specialized tool.

Unfortunately, many laptops these days don’t have removable SSDs. Instead, the flash memory chips are soldered onto the motherboard, so physically destroying them would mean destroying the entire motherboard, and that’s far from ideal since it makes reselling and recycling impossible.

Conclusion

Securely deleting files from SSDs is not nearly as straightforward as secure HDD erasure. In this article, we’ve described three methods that are guaranteed to make your data virtually impossible to recover. For extra safety, you can apply multiple methods at the same time or apply the same method more than once.

About the author

David Morelo

David Morelo is a professional content writer in the technology niche, covering everything from consumer products to emerging technologies and their cross-industry application