Question: It’s generally accepted that SSDs cannot be securely wiped by writing patterns to the drive, due to features such as wear leveling and over-provisioning, and that the most secure way to wipe a modern SSD is using the ATA Secure Erase firmware commands.
However, from my understanding this doesn’t seem to apply to NVMe drives because they’re not ATA-based – instead, they connect to and run via the PCIe bus. Looking at the Parted Magic tool seems to confirm this, which has a secure erase option dedicated to NVMe drives:
This seems to confirm that NVMe drives have their own equivalent to the ATA Secure Erase command for SATA SSDs, but I haven’t been able to find an NVMe equivalent for hdparm.
How exactly can I securely erase an NVMe SSD? I’m running Windows, but also have access to a Unix-like environment using Cygwin.
Answer: Yes, it’s true that hdparm will not work for NVMe drives, because they don’t use the traditional ATA interface protocol that SATA drives use to send low-level firmware commands to the drive.
Thankfully, there’s an open-source tool that allows sending the equivalent commands to NMVe drives – nvme-cli. The tool has already been made available as a package for many distributions, and can be built for many more.
Once you have the tool installed with something like:
apt-get install nvme-cli
You can then list all recognised NVMe devices with:
nvme list
To securely erase a listed NVMe SSD, run:
nvme format -s1 /dev/nvme0n1
…where /dev/nvme0n1 is the block name of the listed device.