How to securely erase data from SSDs: 4 questions answered
What are the areas of an SSD where the data is stored?
SSDs have four main areas where data is stored:
- System Area blocks (firmware, etc.) are generally stored in the first few blocks, but can be located anywhere. No user data is stored in this area.
- Spare blocks can be stored anywhere. Old copies of user data are stored here, until the garbage collection routine erases them during idle time.
- Active data can be stored anywhere. Current user data is stored here.
- Retired blocks (blocks that have been declared to be too damaged to use). Old copies of user data may be stored here.
See the image above for an example.
Which areas are deleted/overwritten/flashed when using secure data erasure software?
When you delete data using an erasure software (i.e. overwriting all LBAs), the software will only overwrite active data. It does not touch any spare blocks, retired blocks and/or system area blocks, which means that data located in these sections will remain intact.
Please note that overwriting multiple times may force the SSD to overwrite all the spare blocks (i.e. spare blocks become active blocks, and vice versa), but that is not 100% guaranteed. As a user, you have no control over which spare blocks are used so there is a risk the data may still be saved in the SSD.
What about using the Secure Erase command? Does that provide a better overall erasure?
When using the Secure Erase command, it should overwrite all the areas, with the exception of the System Area – however bear in mind that the implementation of this command is up to the manufacturer. Most of the newer SSDs would perform this properly; however some older models may miss spare blocks and/or may not touch retired blocks, so potentially parts of your data could remain in the SSD.
What is a freeze lock, in layman’s terms?
The Security Freeze Lock is a command that sets the SSD to Frozen mode. After completion of this command, any other commands that update the device Lock mode (such as Security Erase Unit) are rejected. Frozen mode can only then be disabled by powering-off or by a hardware reset.
When a locked SSD is temporarily unlocked, the Secure Erase Unit command may be unavailable until the SSD is repowered. This is designed to prevent unauthorised changes to the password on the unlocked drive by malicious software (e.g. a virus).
Repowering a drive typically removes the freeze lock, but that can be quite difficult to do, for example when the drive is inside a laptop. Security commands like Freeze Lock are normally sent to the SSD by the computer’s BIOS but these commands can also be sent via software.