Secure data deletion for SAS drives

• The crypto-erase operation for self-encrypting drive (SED) drives does not restore valid T10-PI (protection information) on the erased sectors. Therefore, if your drive is using T10-PI and you wish to re-use the SED drive after erase, you need to either reformat or overwrite the data after the crypto-erase operation with valid T10-PI. You can use the sg_readcap command to display the Protection information. Refer the T10-PI status for SCSI drive(SAS or SATA) and NVMe drives topic for more information on the sg_readcap command.

• If the SED drive does not use protection, or the SED drive might not be used again, the SED drive is reformatted or overwritten before use, to perform the crypto-erase operation, run the following command,:

  sg_sanitize [--quick] --crypto /dev/sdX

You can securely delete data for non-SED SSD drives by performing the following block-erase operation:

sg_sanitize [--quick] --block /dev/sdX

Secure data deletion for the non-SED hard disk drive (HDD) depends on the erasure pattern used. An erasure pattern is basically a string that is used to overwrite the HDD drive.

• Depending on the required erasure pattern, you can run one of the following commands:
  • sg_sanitize [--quick] --overwrite --zero /dev/sdX
  • sg_sanitize [--quick] --overwrite --pattern=<file> /dev/sdX
  • sg_sanitize [--quick] --overwrite --pattern=<file> --ipl=<len> /dev/sdX
• These commands can take a long time to run completely. Progress updates are shown every 60 seconds.
• You can run the following command to check the progress.

  sg_requests /dev/sdX