[GreenPepper PRO]Online Manual    

<- prev

[up] Menu

next ->

About Erase Method-> About Secure Erase/Sanitize


What is "Secure Erase", "Sanitize"?


"GreenPepper PRO"-"Boot up Erase Program", and "Windows Erase Program"(only when runnin on WindowsPE)  have "Secure Erase" and "Sanitize" functions.

"Secure erase" is superior to normal erasure in terms of security and processing speed, but its execution environment is limited and there are uncertainties due to processing outside the control of the software. Please use it after fully understanding the features.

"Sanitize" is a newer standard than "Secure erase", and if it is a compatible hard disk or SSD, there are less restrictions on the execution environment (Some PCs have some restrictions) and it can be executed more easily. In addition, since it is possible to grasp the progress status during execution, it is possible to erase more reliably. However, currently fewer disks support "Sanitize" than "Secure erase".

Supported disks by "GreenPepper PRO"(Boot up Erase Program) ver. 4.6.4 or later
・ ATA(IDE,SATA) disk (include SSD)  ・ ・ ・ SecureErase/Sanitize
・ NVMe drive ・ ・ ・ SecureErase/Sanitize
・ eMMC drive ・ ・ ・ SecureErase/Sanitize
・ Other(SAS, RAID etc.) ・ ・ ・ only normal erase

Supported disks by "GreenPepper PRO"(Windows Erase Program  on WindowsPE) ver. 4.7.1 or later
・ ATA(IDE,SATA) disk (include SSD)  ・ ・ ・ SecureErase/Sanitize
・ NVMe drive ・ ・ ・ SecureErase/Sanitize
・ eMMC drive ・ ・ ・ only normal erase
・ Other(SAS, RAID etc.) ・ ・ ・ only normal erase


Normal erasing process

The normal erasing process that "GreenPepper PRO" also has is realized by performing the process of writing data by specifying the location and value for the entire disk area.

Secure Erase/Sanitize process

Secure erase and sanitize processing are functions provided by ATA (PATA , SATA), NVMe, and eMMC disk itself. By sending a command to perform Secure erase / Sanitize to the corresponding disk, the erase process is executed inside the disk.

When Secure erase / Sanitize is recommended

1.When there are many "Reallocated sectors"
Hard disks are processed in units called sectors (usually 512 or 4096bytes). If an error occurs frequently in a certain place due to a defect on the disk surface, the disk isolates the bad sector by allocating the area that it has as a spare as a substitute for the bad sector.

There may be some data left in the reallocated bad sectors, but the detached bad sectors cannot be erased by normal erasing because they are completely inaccessible to the software.
There are two types of secure erase. Normal "Secure Erase" does not erase reallocated bad sectors, but "Enhanced Secure Erase" erases reallocated bad sectors as well. The "Sanitize" process also erases reallocated bad sectors.

The following points should be considered regarding the necessity of erasing reallocated sectors.
・ Cannot be read by normal software processing
・ Because it is "bad", the possibility of reading is low.
・ Even if secure erasure is performed, it is uncertain whether it can be completely erased because it is defective.

You can check the number of "reallocated sectors" on the "GreenPepper PRO" screen.

* Detailed disk information display screen in "Boot up Erase Program"

2. flash drive media such as SSD (ATA), NVMe, eMMC
Since flash drive has a finite limit on the number of rewrites, SSDs and the like often have a built-in mechanism that averages the writing locations  (Wear Leveling)  so that writing does not concentrate on the same location.
With these mechanisms, the correspondence between the write position (sector) specified by the software and the memory cell where the write is actually performed is dynamically changed. In addition, the memory for allocation is often more than the total capacity available to the user. Therefore, even if the entire disk is written (erased), the entire installed memory may not always be erased.

In addition, in order to avoid time-consuming erasing processing during normal writing, the target memory area may not be erased and area replacement may be performed (dynamic memory mapping).
For SSD (ATA), eMMC, etc. that support secure erase / sanitize, it is possible to avoid "Wear Leveling" and dynamic memory mapping by performing secure erase / sanitize processing , and erase all installed memory cells.

3. When processing speed is required
Since the secure erase / sanitize process is performed inside the disk, it is executed at the highest processing speed of the disk hardware. Therefore, it can be processed faster than normal erasing.
Especially for flash drive (SSD, NVMe, eMMC), secure erase / sanitize processing is considerably faster.
However, if it is a hard disk, the normal erasing process in "Green Pepper PRO" is performed at a very high speed, so it is possible to perform the processing in a time close to secure erasing.

See "Time required to erase disk"


Problems with Secure Erase/Sanitize

Secure Erase / Sanitize has many advantages as mentioned above, but it also has the following problems.
・ The processing environment is limited. (See "Details of Secure Erase / Sanitize" below)
・ Especially for Sanitize, there are not many HDDs and SSDs that support it.
・ Since it is a process outside the control of the software, the status cannot be grasped, the content of the process depends on the manufacturer's implementation and cannot be known, and even if a write error occurs, it may not be known.
Therefore, in "Green Pepper PRO", after Secure Erase and Sanitize, we provide normal writing/reading process to check the contents of the disk.   

Details of Secure Erase/Sanitize


ATA (SATA) Secure Erase processing details

There are two types of secure erase: normal "Secure Erase" and "Enhanced Secure Erase". "Enhanced" is a newer and more reliable erasing method. If the disk supports "enhanced", "Green Pepper PRO" will automatically select "enhanced".

・ Secure Erase
Erase the entire disk with zero. "Reallocated sectors" that have been detached are not erased.

・ Enhanced Secure Erase
Erase the entire disk with zero or a value specified by the manufacturer. "Reallocated sectors" that have been detached are also erased. * The same value may not be written to the entire disk, such as when a random value is written. Therefore, a verification error may occur in the read verification process performed just after secure erase.

The time required for Secure Erase is written in advance on the disk by the manufacturer. "Green Pepper PRO" reads the value and display it on the screen.

ATA(SATA) Sanitize processing details

The sanitize process erases all user areas, including reallocated bad sectors and unallocated areas.
There are three types of ATA standard sanitize process as follows.

・ CRYPTO SCRAMBLE: Delete the encryption key on the encryption-compatible HDD / SSD.
・ BLOCK ERASE: Performs memory block erasure processing, especially on SSDs.
・ OVER WRITE: Erase by overwriting.

In "Pepper PRO", the following processing is performed.
O: supported X: unsupported -: any
CRYPT BLOCK
ERASE
OVER WRITE Content of processing
O O - CRYPT SCRAMBLE + BLOCK ERASE
O X O CRYPT SCRAMBLE + OVER WRITE
O X X CRYPT SCRAMBLE
X O - BLOCK ERASE
X X O OVER WRITE


NVMe Secure Erase/Sanitize processing details

NVMe drives have more memory than the user's available capacity and are configured with constantly changing memory allocations (dynamic memory mapping). NVMe Secure Erase erases the entire device, including unallocated space. Note that if the device is divided into multiple drives (NameSpace), the entire device will be erased, including unselected drives, depending on the model.
The processing content is almost the same as the ATA drive.

eMMC Secure Erase/Sanitize details

eMMC drives have more memory than the user's available capacity and are configured with constantly changing memory allocations (dynamic memory mapping). In the Sanitize process of eMMC flash drive, the entire user's available capacity is erased (Erase) and then the non-allocated area is erased (sanitized). Secure Erase performs memory erase processing only on the user's available capacity.
In "Green Pepper PRO", Sanitize processing is performed when sanitize is supported, and Secure Erase is performed when sanitize is not supported (secure erase is supported).

Settings for secure erase / sanitize processing method on ATA / MVMe / eMMC drives

The processing method in "Secure Erase / Sanitize" can be changed arbitrarily.
See "Utilities"-> "Set Secure Erase Method / Unfreeze".

Disk / Interface support

To perform Secure Erase, the disk itself must comply with the Secure Erase standard. If it is an ATA (PATA, especially SATA) disk that has been on the market in recent years, it seems that the disk is compatible in many cases.
However, it is often the case that disks less than 100G several years ago do not support enhanced processing. There are many disks that do not support Sanitize.

In addition to being supported by the disk, the disk interface you are using (both hardware and software) must pass the ATA command processing for Secure erase. For example, SATA and PATA connected to Intel chipset (ICH7,8,9,10, etc.) can be processed in many cases. But disks connected by USB interfaces may not be processed even if it is the same disk drive.

Whether processing is possible or not

Even if the disk and interface are compatible, processing may not be possible depending on the disk status.


* Detailed disk information display screen in "Windows Erase Program"

Secure Erase "Frozen" state/ATA drive
If a freeze command is sent to the disk and the disk is in a frozen state, secure erase-related operations cannot be performed.
The freeze command is automatically sent from your computer to the disk when you turn on the power.
Normal disk read / write works fine even if the disk is frozen state.

On many PCs, the BIOS sends a freeze command to all disks at boot time.
It is to prevent malicious software such as viruses from setting passwords or erasing the disk. In such a PC, the disk is originally unfrozen when the power is turned on, but immediately after that, BIOS sends a freeze command unconditionally, so if you look at the state of the disk after the PC starts up, It will be frozen.
*Freezing processing for Sanitize(ATA) is not performed on many PCs, but it is frozen on some PCs.

In order to release the frozen state, it is necessary to either prevent the Freeze command from being sent by changing the BIOS settings, or to connect the disk to a PC that does not send such a command. It cannot be canceled by software processing.
It is possible to turn the power of the disk off and on while the PC is running, but there is a risk of damaging the disk and other parts, so please be aware of the danger and do so at your own risk.
* In general, it seems that the SATA power supply is relatively safe even if it is inserted or removed when PC is running. IDE power cable should not remove or insert.

Unfreeze process (ver 4.7.1 or later)
In order to unfreeze the ATA drive, we have implemented a process that suspends the PC and then resumes it. (Only when booting from a CD/USB memory with the "Boot up erase program").
There are two ways to do this: specify the option at startup, or select "Utility"/"Set Secure Erase Method/Unfreeze".
However, in order to perform this process, the video chip of the PC must be compatible. If it is not compatible, it will not be executed even if the process is selected, or the screen will remain black after processing and nothing will be displayed.
* NVMe drives do not have a frozen state due to their specifications, but with some drives, secure erasing will result in an error under normal conditions, and processing may be possible by "unfreezing" processing.

See "Boot from CD/USB flash drive".
See "Utilities"-> "Set Secure Erase Method / Unfreeze".
See "Supported display chips"

Secure Eras "Password Locked" state/ATA drive
One of the standards for secure erasure is the setting of a hard disk password. When the power of the password-set disk is turned on, the disk becomes "locked state" and you cannot access the disk including reading and writing.
To unlock the "locked state", you need to unlock with the set password or delete the password.
Of course, if you don't know your password, you can't unlock / delete it.

・ "Frozen" state
Read / write is possible. Password setting/deleting and unlocking are not possible. Secure erase is NOT possible.
Cannot be canceled by command.

・ "Password Locked"state
Read / write is NOT possible. Secure erase is NOT possible.
The status can be released by the unlock / password delete command. Password required.

Secure Erase / Sanitize processing procedure

"Green Pepper PRO" automatically performs a series of processes internally, so you do not need to be aware of it. However, if you know the process it will be easier for recovery when Secure erase / Sanitize is interrupted.

To perform secure erase on an ATA disk, you must set a hard disk password in advance and specify it during the secure erase process. In "GreenPepper PRO", the word "pass" is set as the disk password (master) and processing is performed.

Problems when Secure Erase is interrupted

If the Secure erase process is interrupted in the middle, the disk erase is not completed.
Please execute the erasing process again.

Problems when ATA disk Sanitize is interrupted


Depending on the supported specifications, the Sanitize process will continue the next time the power is turned on.
In that case, normal reading and writing will NOT be possible.
It must be left power-on until the Sanitize process is complete.


kirara21