Now ain't that useful. From time to time you have to part with an old disk, but of course, you're rather make sure it is properly erased of all its data before handing it off.
Well, what do you know, since 2001, nearly every HDD under the sun comes with a Secure Erase feature, as it is
part of the ATA standard.
The even better news is that
hdparm
fully supports it (is there anything hdparm can't do?), thus, if you're on Linux and you need to
securely erase all the data from a drive, all you need to do, say, if your disk is /dev/sdb, is:
# hdparm --user-master u --security-set-pass p /dev/sdb
security_password="p"
/dev/sdb:
Issuing SECURITY_SET_PASS command, password="p", user=user, mode=high
# hdparm --user-master u --security-erase p /dev/sdb
security_password="p"
/dev/sdb:
Issuing SECURITY_ERASE command, password="p", user=user
After a while, you should find that your drive has been securely erased. Neat!
VERY IMPORTANT NOTE: If you want to reuse the drive after the secure erase is complete, you
MUST issue the following command to remove the lock.
# hdparm --security-disable p /dev/sdb
security_password="p"
/dev/sdb:
Issuing SECURITY_DISABLE command, password="p", user=user
This is because, if you don't disable security, the drive will be kept
locked, which will produce ATA/SATA interface errors and prevent any write access!
Note that if you want to find out whether the security erase/enhanced erase feature is supported at all, as well as how long that erasing is going to take, you probably want to issue the following beforehand:
~# hdparm -I /dev/sdb
/dev/sdb:
ATA device, with non-removable media
Model Number: SAMSUNG HD322GJ
Serial Number: XXXXXXXXXXXXXX
Firmware Revision: XXXXXXXX
Transport: Serial, ATA8-AST, SATA 1.0a, SATA II Extensions, SATA Rev 2.5, SATA Rev 2.6
(...)
Security:
Master password revision code = 65534
supported
not enabled
not locked
not frozen
not expired: security count
supported: enhanced erase
48min for SECURITY ERASE UNIT. 48min for ENHANCED SECURITY ERASE UNIT.