[GreenPepper PRO]Online Manual    

<- prev

[up] Menu

next ->

About Erase Method-> Points to consider about erasing method/Recommended method


While the evolution of memory media such as SSD is remarkable, the standards of AR380-19, DoD5220.22-M, etc. are becoming older.
In addition, since there are many parts that are not sufficiently described in the standard, it is necessary for each company to establish an erasure policy and perform erasure.

Points to consider about erasing method


Consideration of "Reallocated sector"

In a hard disk, when an error occurs frequently at a certain place (sector) due to a defect on the disk surface, the bad sector is detached by allocating an area that the disk has as a spare as a substitute for the bad sector (reallocation). Detached bad sectors will not be accessible in software processing from outside the disk.
Therefore, it is unlikely that it will be a serious problem for normal level erasure, but in cases where strict security is required, "Reallocated sectors" should be considered.
Erasing reallocated sectors requires Enhanced Secure erase/Sanitize processing.


Consideration of "Wear Leveling" in flash drive media such as SSD

Since flash drive has a finite limit on the number of rewrites, SSDs and the like often have a built-in mechanism that averages the writing locations  (Wear Leveling),  so that writing does not concentrate on the same location. (See "About Secure Erase/Sanitize")
Therefore, in normal overwrite processing, the allocation of the memory cell to be erased may be changed and may not be erased.
To avoid Wear Leveling and erase the entire area, Enhanced Secure Erase / Sanitize processing is required.
However, for USB memory that does not process ATA commands, and SSDs that do not support secure erase / sanitize, it is possible to reduce the risk of data remaining by erasing three or more times.

Consideration of unallocated space in flash drive media such as SSD

In addition to the above "Wear Leveling", many flash memories frequently change the memory area allocation in order to shorten the erase processing time. As a result, memory in unallocated space cannot be accessed in the usual way, and data may remain.
Erasing unallocated space requires Enhanced Secure erase/Sanitize processing.


Consideration of RAID drive


Many disks are RAID-configured in the server system. From "Green Pepper PRO", RAID-configured disks are accessed in units of logical disks, and erasing processing is also performed in units of logical disks.
If it is RAID1 (mirror), write the same value to two disks. Strictly speaking, RAID5 / 6 etc. are not cleared by the specified value for all physical disks. There is a physical disk to which the parity value is written. It is practically impossible to restore the original data from that value, but if you request strict value writing, change the setting to 1 logical disk = 1 physical disk and perform erasing processing.
Spare drives should also be considered. Spare drives are not assigned to logical disks and are not erased.

Consideration of HPA, DCO, Recovery area

A recovery area may be provided for desktops / laptops. The mechanism of the recovery area varies depending on the manufacturer, but when erasing the disk, it is necessary to consider how much the user has accessed and written to the area, whether the recovery area can be erased, etc. ..

As one method of configuring the recovery area, HPA (Host Protected Area) in the ATA (PATA, SATA) disk standard may be set. When HPA is set, the part after the set capacity of the disk becomes inaccessible from the software, and the software recognizes it as a disk with a smaller capacity than the actual capacity. Recovery information is stored in an inaccessible area (Protected Area), and recovery is performed with the HPA setting disabled.

Therefore, user data will not be written to that area unless the user changes the settings related to HPA. The normal erase process is limited to areas other than the protected area unless HPA is disabled.
* However, with secure erase/Sanitize, the HPA setting is ignored and the entire disk area is erased.

"Green Pepper PRO" has an option to disable HPA. Specify this option if you want to erase the entire disk area, including the protected area.

There is another setting on the hard disk that makes the disk capacity smaller than it actually is. A method called Device Configuration Overlay (DCO) is used to set the disk size, data transfer speed, and other settings below the original disk performance. DCOs are mainly used by PC manufacturers for limited purposes when the discs are shipped, such as by unifying the specifications of discs with different model numbers. Therefore, even if the disk capacity is set smaller than it should be by the DCO, it is unlikely that any data will be written to and left in an inaccessible area.
* Enhanced Secure Erase/Sanitize erases the entire area including the DCO. Normal secure erase does not erase the DCO settings area.

"Green Pepper PRO" provides a function to display information on whether the disk size is set small by DCO and to cancel the DCO setting. Removing the DCO also disables the HPA.

DCO is a higher level limit than HPA, and HPA is a DCO-limited internal capacity limit mechanism.
Example:
    All capacity   100,0000  DCO-limited capacity 900,000

    In this state, HPA is set to the internal 900,000 or less limited by DCO.
    All capacity   100,0000  DCO-limited capacity 900,000  HPA-limited capacity 800,000

reference:
"Boot from CD/USB flash drive" "gph" boot
"Common options" Disable HPA, erase entire disk

If the recovery area exists in an area that can be accessed normally (such as another partition), the entire disk including that area will be erased even with normal erasing.

Consideration of READ/WRITE error

If there is a disk failure, READ and WRITE errors will occur during erasure and verification.
A WRITE error occurs when the overwrite process results in an error during erasure. The error part (sector) may not be overwritten, and data may remain in that part.
A READ error occurs when reading data during read validation and the data cannot be read. The value of that part cannot be verified, and it cannot be confirmed whether it has been erased.
If the WRITE cache is enabled, writing to a failed sector can be completed without error, but an error can occur when reading. The read verification process is also an important step for its detection.
Also, in the error part, retry processing is performed many times, so the progress of processing becomes very slow.

Depending on the number of errors and the importance of the contents of the disk, it is necessary to consider how to handle the disk with many errors. Since errors are unstable, the number of errors often changes with each process. Therefore, one method is to repeat the process many times for the disk with the error to reduce the possibility of data remaining.
Physical destruction is also an option if possible.
 

Confirmation screen of "Reallocated sector", "HPA", and "Secure erase" in the "Startup Erase Program"

Confirmation screen of "Reallocated sector", "HPA", and "Secure erase" in the "Windows Erase Program"



Consideration of the number of erasures


According to the "NIST SP 800-88" standard, write once is "adequate". But, of course, it's still better to write more times. In addition, when a write error occurs, it is more desirable to write several times because the possibility of completing the write increases.
For error-free disks, a single erase is sufficient. However, if you have time to spare, we recommend that you write at least twice. Especially for the disk where the error occurs, it is necessary to write more times such as 4 times.
* "Green Pepper PRO" has a mechanism to perform detailed retries on a sector-by-sector basis in the event of an error.

Read verification is an important step in each case. The "write process" to the disk is a process that "write command is completed without returning an error" in terms of software, and it does not mean that the physical write is completed. Therefore, even if there is no error when writing, it cannot be said that it is 100% certain that it was written reliably. Read verification allows you to see the actual disk status.

In Secure erase, "Green Pepper PRO" has a menu of 2-times erases (secure erase + 00 normal write) and 3-times erases (secure erase + random + 00 normal write). The write error cannot be grasped by the Secure erase, so added normal write step. In the Enhanced Secure erase, the value to be written is not always zero, so added zero write step to make it easier to verify.
In addition, secure erase / sanitize is implemented by the manufacturer's own method, its substance is unknown, and it is a function that is not usually used often, so there is a possibility that it may be defective.
Read verification is also an important step in Secure erase.

Enhanced Secure Erase also writes to reallocated sectors that have been detached, but the second and subsequent writes do not write to detached sectors. However, detached bad sectors are "bad", it is not possible to know exactly how much they have been "erased" by the Secure erase process. In addition, when HPA (Host Protected Area) is set, HPA is ignored in Secure erase, and the entire disk is processed. But the second and subsequent writes, and verification are performed only in the restricted area, excluding HPA.

* Note) HPA (HostProtected Area)
HPA is a setting that limits the range that can be accessed by software for an disk from the beginning to a certain area.
An HPA-configured disk is perceived by the software as a small disk, only part of the capacity from the beginning, rather than the entire disk.
HPA may be set by the manufacturer as a recovery area. In that case, please note that the recovery area will also be erased by the process of disabling HPA/secure erase.

 

Recommended processing policy for each media


In addition to the method listed in "NIST SP 800-88" standard, we will summarize the recommended method (recommended by us).
* If many Read / Write errors occur, physical destruction may be required depending on the number of errors.


Recommended processing method for each media

Media Type

Method in "Green Pepper PRO"

Comment

Hard Disk Drive
ATA(SATA)/SCSI(SAS)
*When executable
[Secure Erase/Sanitize(1-time)]+Verify
or
[Secure Erase/Sanitize(2-times)]+Verify

*Other
[Erase disks(1-time)]
+Verify
If there is no Reallocated Sectors count,
There is no problem with "[Erase disks(1-time)]" + verify.

"[Secure erase / sanitize (2-times)]" is also an option for detecting write errors.

Verification processing should always be performed to verify error sectors.
SSD
ATA(SATA),NVMe,eMMC
*When executable
[Secure Erase/Sanitize(1-time)]+Verify
or
[Secure Erase/Sanitize(2-times)]+Verify

*Other
[Erase disks(4-times)]
+Verify
In SSD, there are many unallocated areas, and "Secure Erase / Sanitize" is recommended.
"[Secure erase / sanitize (2-times)]" is also an option for detecting write errors.

If it is not feasible, erase as many unallocated areas as possible by increasing the number of erases.

Verification processing should always be performed to verify error sectors.
USB Flash drive,
,etc., Flash memory media
[Erase disks(3-times)]
+Verify
or
[Erase disks(4-times)]
+Verify
erase as many unallocated areas as possible by increasing the number of erases.
Since the capacity is relatively small compared to SSD, it is described to be "[erase disk (3-times)]", but if the capacity is large, use "[erase disk (4-times)]".

Verification processing should always be performed to verify error sectors.



kirara21