Deleting stray NVMe namespaces of an NVMe drive

Edit online

Detaching or deleting namespaces of an Non-Volatile Memory Express (NVMe) drive does not delete its encryption key.

You can run the secure data deletion for NVMe drive without performing additional procedure, when following conditions are met:
  • Namespaces are never deleted.
  • Namespaces are erased before deletion.
  • No orphaned namespaces exist.
If there were additional namespaces on the device and those have been deleted, perform the following alternate procedure to ensure that all the data is erased:
  1. To obtain the NVMe controller ID and the maximum amount of supported namespaces information for the NVMe drive that you want to erase, run the following command: 
    # nvme id-ctrl /dev/nvmeX

    An output similar to the following example is displayed.

    
NVME Identify Controller:
...
cntlid    : 0x21
...
nn        : 32
...
#

    As indicated in this example output, the controller ID is 0x21 (value of the cntlid variable) and the maximum number of supported namespaces is 32 (value of the nn variable).

  2. Some namespaces that are detached from the NVMe controller are not deleted. These namespaces are called stray namespaces. To delete stray namespaces, for each namespace Y (1 through nn), run the following command:
    nvme delete-ns /dev/nvmeX -n Y
  3. Create all namespaces (1 through nn), each of minimal size. For each possible namespace Y (1 through nn), run the following command:
    nvme create-ns -s 1000000 -c 1000000 -f 0 -d 0 -m 0 /dev/nvmeX
    Note: The NVMe controller assigns the namespace number automatically and sequentially. After you run the commands, the namespaces numbered 1 through nn are created.
  4. To associate namespaces to the NVMe controller, for each namespace Y (1 through nn), run the following command:
    nvme attach-ns /dev/nvmeX -c Z -n Y

    Where Z is the NVMe controller ID that you obtained from the cntlid variable, as shown in step 1.

  5. After all the namespaces are associated to the NVMe controller, to erase the namespaces, run the following command:
    nvme format /dev/nvmeX -n 0xffffffff -l 0 -s 2 -i 0 -p 0 -m 0
    The encryption keys for all namespaces are now deleted, and the old data of NVMe drive is not accessible. The NVMe drive is now safely erased. However, there are many, small namespaces in the NVMe drive and a large part of the drive storage space is not allocated. Hence, the existing configuration of the NVMe drive is not of practical use. To make the drive usable, delete all the remaining namespaces, and create one or more namespaces depending on your requirement.
    Note: An NVMe drive with no namespace cannot be used. You must create one or more namespaces and associate these namespaces to the NVMe controller.