From: Keith Busch <kbusch@kernel.org>
To: Deane Coleman <deanewcoleman@gmail.com>
Cc: linux-nvme@lists.infradead.org
Subject: Re: help re using nvme-cli to sanitize SSD
Date: Sun, 21 Apr 2024 20:49:57 -0600 [thread overview]
Message-ID: <ZiXQVWiuIpa0FdVx@kbusch-mbp.dhcp.thefacebook.com> (raw)
In-Reply-To: <000001da9459$f353b340$d9fb19c0$@com>
> I have an Acer laptop containing 1 x internal Samsung NVMe PCIe SSD running
> Win11 OS and I wish to completely sanitize the SSD of all user data,
> including over-provisioned / non-allocated space, whilst leaving vendor boot
> capability intact (if possible) and causing least wear on the SSD. Once
> sanitized, I wish to clean install Win 11 OS on the SSD. This is the
> objective.
What do you mean by "vendor boot capability"? The acer laptop? Or the
SSD bootstrapping itself? If there's something on the SSD that acer
needs to boot, sanitize will likely wipe it out.
> My limited use of nvme-cli identifies the SSD has only one controller
> 'nvme0' (with nvme0 containing all SSD data) and one namespace 'nvme0n1',
> however I presume (and please correct me if I'm wrong) the 3 above mentioned
> partitions in Linux = nvme0n1p1 + nvme0n1p2 + nvme0n1p3.
>
> Based on above info (and presuming that info is sufficient), I respectfully
> ask whether the following procedure will 'smoothly' achieve the objective:
>
> 1: backup all user data currently on SSD
> 2: have bootable Win11 ISO file prepped on USB drive via Rufus
> 3: boot laptop using Ubuntu Live USB
> 4: Open command terminal and run command - 'nvme sanitize -a 2 /dev/nvme0n1'
> to start block erase sanitize operation
> 5: when sanitize operation is complete, exchange Ubuntu Live USB for Win11
> USB and reboot laptop
> 6: Follow Win11 install procedures
> 7: Install Acer drivers
> 8: Install target apps
I don't know about step 6 there: why would you want to install that OS?
Kidding aside, assuming your device supports sanitize, step 4 will
definitely make all previous data inaccessible on all parititions,
including the partition table itself, essentially giving providing you a
blank slate storage device. If that's what you want, mission
accomplished.
Some devices don't support the sanitize operation though, in which case
'nvme format' is usually sufficient to permanently remove all previous
user data. You often use sanitize only if you're required to have a
paranoid decomissioning process.
> Additional questions arising from above:
> - If any above element won't achieve objective, please clarify what needs
> amending?
> - I currently understand 'nvme sanitize -a 4 /dev/nvme0n1' (crypto erase)
> causes least SSD wear but because all user data on the SSD is currently
> unencrypted, I presume crypto erase is pointless to achieve objective?
It's going to be vendor specific what that does, if anything. An SSD
might transparently generate and persistently store a random pattern and
XOR all user data with that, so a crypto erase could just forget the old
key.
> - I've tried researching the following sanitize options but am currently
> unable to appreciate their significance or relevance for the objective: 'No
> Deallocate After Sanitize' and 'Sanitize Action...001b - Exit Failure Mode'.
> Would you please help me discern whether I need to include either of these
> options to meet the objective and, if so, the correct syntax placement in
> the sanitize command for it/ them.
Don't bother with "no-deallocate", it probably doesn't mean anything to
this SSD anyway.
The "Exit Failure Mode" is how the host acknowledges a previous sanitize
attempt failed. You shouldn't have to worry about that because we're
expecting everything to work.
Once you start your 'santize' operation, the only other thing you need
to periodically check with nvme-cli is 'nvme sanitize-log /dev/nvme0'
until the operation is done. You probably don't want to reboot the
machine while the santize operation is in progress.
prev parent reply other threads:[~2024-04-22 2:50 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-04-22 2:08 help re using nvme-cli to sanitize SSD Deane Coleman
2024-04-22 2:49 ` Keith Busch [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ZiXQVWiuIpa0FdVx@kbusch-mbp.dhcp.thefacebook.com \
--to=kbusch@kernel.org \
--cc=deanewcoleman@gmail.com \
--cc=linux-nvme@lists.infradead.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).