wipe
are simply not up to the task; and even if they were, they work on assumptions that do not map properly to a solid-state world. Writing random data over and over is going to dramatically reduce the lifespan of a solid-state drive, and it's pointless when all NVMe disks already have built-in tools that can take care of this task quickly and safely.So what do you do when you want to wipe a NVMe drive?
- Download a recent Linux distribution. I would recommend Debian/Ubuntu or one of their smaller derivatives (like Knoppix). Burn it on a cdrom or USB drive and boot the system from it.
- Make sure your package manager is up-to-date (under Debian/Ubuntu,
sudo apt-get update
), then installnvme-cli
(sudo apt-get install nvme-cli
) - If your drive is a Samsung, it now has to be put to sleep (you can do that with
sudo systemctl suspend
) and then woken up. This is a weird bug that Samsung doesn't seem in any hurry to fix. - Now you can securely wipe the disk:
sudo nvme format -s1 /dev/nvme0n1
The latest NVMe specification adds other commands, to scrub every nook and cranny (bus caches etc), but as far as I know they have not been implemented yet.
If your SSD is from Lenovo, it'll be locked out. Even the newest Parted Magic can't factory erase it. Gotta use "ThinkPad Drive Erase Utility for Resetting the Cryptographic Key and Erasing the Solid State Drive - ThinkPad"
ReplyDeleteI revisit this post semi-frequently, so thanks for the help. However, an update:
ReplyDeleteNewer versions of nvme-cli (I'm not sure when it changed) - like the one in Fedora 31/32's repositories - needs a little extra effort:
"nvme format -s1 " throws an "invalid lbaf:255" error, but if you use "nvme format -s1 -lb=0 " it works perfectly after a ten second remorse timer.
Hope this helps someone along the way!
This works
ReplyDeletein Ubuntu 21.10
ReplyDeleteit did not work - nvme --version => 1.14
nvme format -s1 /dev/nvme0n1
there was a 10 secs delay
a message:
Success formatting namespace:1
*however*, nothing was changed and the partition table remained.
Thanks for the info.
"*however*, nothing was changed and the partition table remained."
ReplyDeleterun "partprobe" to detect changes.