PSID Revert and Secure Wipe of a Drive (SSD/HDD)

Tutorial Video

Introduction

Windows Installation Media performs a FORMAT of your internal drive(s) during installation which differs from a WIPE.

  • FORMAT → Assigns Old Data to Free Space. Old Data is still present on the Drive and can be read by third party programs.
  • WIPE → Assigns Old Data to Free Space and then overwrites it with Zeros making it unrecoverable by third party programs.
Format vs Wipe3
Example of a Format. Note the “111” assigns old data which was assigned to free space. If this was a malware/virus it would have the potential to reinfect your new Windows Install. If this was sensitive data and you are selling your computer second hand, it could be recovered using third party programs.
WipeStack
Illustrates the difference between a Format and a Wipe. This is an example of the basic algorithm that is used to Wipe a HDD sequentially bit by bit. SATA/mSATA SSDs which use Santize or M.2 NVMe SSDs which use NVMe Secure Erase have a designed mechanism to flush out data from all SSD cells simultaneously greatly reducing the time to wipe a SSD.

In this guide we will use Dell Data Wipe (if included in your UEFI BIOS Setup) or alternatively Parted Magic to perform a Secure Wipe of an internal drive which is recommended if reinstalling Windows due to a malware/virus issue or of course if selling your computer on as a second hand machine.

Parted Magic is a Linux based Bootable USB which has a wide assortment of utilities included although we are only interested in using Secure Erase and Physical Security Identification Revert in this guide. In essence we can Boot to this USB outwith Windows to perform a Secure Wipe of all Internal Drives and then Clean Install Windows.

Determining your Internal Drive Type Using the UEFI BIOS Setup (Dell Business Model)

You can usually determine the type of drives you have in your system using the UEFI BIOS Setup. Power down your Dell. Then power it up and press [F2] to get to the UEFI BIOS Setup.

press the [↓] arrow until you get to System Information and then press [Enter].

Here in Device Information, we can see there is a drive in SATA-0 and in M.2 and we hence know we have a SATA interface and a M.2 interface in this system.

There is also a System Configuration field. This can be be expanded by pressing [Enter].

There is a sub field called Drives. Highlighting this shows that the drive in SATA-0 is a Crucial CT240M500SSD1 and in M.2 is a Samsung MZVPW256HEGL-000L7.

Determining your Internal Drive Type Using the UEFI BIOS Setup (Dell Touchscreen Model)

You can usually determine the type of drives you have in your system using the UEFI BIOS Setup. Power down your Dell. Then power it up and press [F2] to get to the UEFI BIOS Setup.

To the left hand side touch the System Configuration or select it with a mouse.

Then select the Drives tile to the right hand side.

Here you can see that it is a M.2 PCIe SSD and the model is a Toshiba KXG50ZNV512G.

Dell Data Wipe (Dell Business Model)

Newer Dell Business Models also have a maintenance tab which expanded shows a Data Wipe. The Data Wipe within the UEFI BIOS will allow you to carry out a Secure Wipe of your Internal Drives without third party utilities.

Power down your Dell. Then power it up and press [F2] to get to the UEFI BIOS Setup.

If your UEFI BIOS doesn’t look like the above you may have alternative screens if using a Touchscreen Laptop.

press the [↓] arrow until you get to System Information and then press [Enter].

If you have an older system without Dell Data Wipe you’ll need to use Parted Magic to perform a Secure Wipe.

Check Wipe on Next Boot:

Select OK to perform the Data Wipe – this will clear the data from all internal storage devices:

To proceed you will need to select No at the dialogue which asks Do you want to cancel this operation:

Now to the bottom right, select Exit:

The UEFI BIOS splash screen will display:

You’ll be taken to Dell Security Manager. Again it will ask you if you want to cancel, with the default setting set to cancel:

Use the [←] arrow to highlight Continue and press [Enter]

It will warn you one last time, with the default option being set to cancel:

Press the [→] arrow and highlight [Erase] and then press [Enter]:

It will now start to erase the internal drives

When it is done, it will tell you Data Wipe Completed Successfully. Press [OK].

If you get an unsupported error message, your drive may not support Sanitize if it is an old <2013 SSD. However in this case the SSD is supported but Bitlocker has been enabled on this drive and encrypted it. The PSID needs to be unlocked using Parted Magic in order to proceed.

Dell Data Wipe (Dell Touchscreen Model)

Power down your Dell and wait 10 seconds. Then power it up, immediately pressing [F2].

The system will prepare to enter the UEFI BIOS Setup:

The System will Enter the UEFI BIOS Setup. This new UEFI BIOS setup is Touchscreen friendly (as well as Keyboard and Mouse friendly) and has a User Interface Similar to Settings in Windows 10. To the bottom left select Maintenance:

Then select the Data Wipe Tile:

Check Start Data Wipe:

Select Ok at the warning:

It will ask you whether “You want to Cancel this Operation?” Select No to proceed:

After that’s done select Exit BIOS:

You will be asked “Do you want to save the changes?” Select Yes:

Your computer will shut down. When you next power up you will be greeted with the Dell UEFI BIOS splash screen:

Then the Dell Security Manager will Load informing you that you will Wipe all Internal Storage Devices. Select Continue:

Select Erase:

The Wipe will begin:

You will be informed the Wipe is successful:

Purchase and Download Parted Magic

Parted Magic is commercial software and costs quite a lot to develop, keep up to date and obtain a digital certificate from Microsoft to Pass Secure Boot. The installation iso costs ~$11. It can be downloaded using the affiliate link below.

Once purchased you will receive a Download Link to the ISO.

Make a Bootable USB (UEFI and Secure Boot)

To make a Bootable USB, you will need to use Rufus:

Double click the Rufus application:

Accept the User Account Control Prompt:

Your USB Flash Drive should populate at the top.

In the next screen, select “select”:

Select your Parted Magic ISO and then select Open:

Your ISO name will populate at the bottom:

Use the default sensible Volume Label:

Before using the ISO, select the ISO checksums button.

The MD5 should match those provided on your download link:

If it does not you have a corrupt ISO, reattempt the download:

The Partition Scheme, Target System and File System will be setup to work for all computers (Legacy BIOS and UEFI BIOS). There is no need to use GPT as Parted Magic is not going to be installed to Drive but just ran as a Live USB.

Select Start:

In the next screen, select Write in ISO Image Mode and select OK:

You will get a warning that you will format your USB Flash Drive. Select OK.

When Rufus is finished making the Bootable USB, it will say “Ready”. You may now close Rufus.

Booting from the Parted Magic Bootable USB

Insert your Bootable USB into the computer which you wish to securely wipe and ensure that it is powered down. Then power it up and press [F12] to get to the Boot Menu.

If using a computer manufactured after 2012, the Boot Mode should be set to UEFI and Secure Boot should be On (if not these settings can be amended in the UEFI BIOS setup). If using a computer older than 2011 you will just have a Legacy BIOS and the screen will not mention UEFI.

Select the [↓] until you highlight your Bootable USB and press [Enter].

Select Default Settings 64 (Runs from RAM):

You will see some information display as Parted Magic Loads:

Next you will be prompted to select your Time Zone you can either select it and select OK or close this dialogue:

In this guide, we are interested only in Erase Disk.

Double click it to launch it:

Secure Erase / Sanitize / NVMe Secure Erase

Parted Magic has different Secure Erase Routines.

These are:

  • “Secure Erase” generally is used with older mechanical Hard Drives (HDDs) which are either in the 3.5 ” or 2.5 ” format as well as Hybrid Solid State Drives (HSSDs). This routine will manually write zeros to each segment on these drive types and is time consuming.
  • “Sanitize” is the method designed for wiping 2.5 ” Solid State Drives. If using a 2.5 ” SSD such as the Crucial M500, BX or MX series or the Samsung 830, 840, 850 and 860 series or the WD Blue SSD and WD Green SSD, Sanitize should be used in preference to Secure Erase. This routine will remove the mapping routine and zero all data of the SSD.
    • Early generations of SSDs manufactured before 2014 such as the Crucial M4, V4 or Samsung 470 built before Sanitize was created and as a result Sanitize unfortunately cannot be used on them. Secure Erase will remove the mapping scheme of the SSD and all data on the SSD will remain however it will be scrambled and extremely difficult to decipher without the mapping routine.
  • “M.2 Secure Erase” will remove the mapping routine and all data from the SSD. The M.2 interface is newer and all M.2 SSDs support the NVMe Secure Erase.

If unsure of your drive type and the features it supports. See if your drive populates under “M.2 Secure Erase” first and if not check “Sanitize”and if not check “Secure Erase”

M.2 NVMe Secure Erase

If attempting to use the NVMe Secure Erase on a M.2 SSD and you get the error message No NVMe Devices Detected. It may be because your NVMe is setup as a SSD Cache Drive.

To rectify this, power down your system. Then power it up and press [F2] to enter the Dell UEFI BIOS Setup.

Press the [↓] key until you get to System Configuration:

Press [Enter] to expand it:

Press the [↓] key until you get to SATA Operation:

If you want to reinstall Windows using a HDD with a SSD Cache Drive note your original SATA Operation.

Although as mentioned I recommend replacing it with a larger M.2 SSD which you can clean install Windows 10 on directly (if so use AHCI).

Change your SATA Operation to AHCI, so the SSD Cache Drive can be accessed by Parted Magic.

Then accept any dialogue boxes to proceed with the change:

Select Apply:

Then select OK.

Then Exit:

If your SATA Operation is AHCI and you have a NVMe SSD it should display in the NVMe Secure Erase:

Check your NVMe SSD and verify then select Continue:

You will be presented with a confirmation dialogue.

Check, I allow this utility too erase the listed device(s) and then select Start Erase:

Parted Magic will then Secure Erase (zero the data and zero the mapping table) the NVMe SSD:

It will then verify that the operation has been successful:

You can then view the log:

Close the log when finished:

SATA/mSATA SSD Sanitize

If using the SATA/mSATA SSD Sanitize your SSD should display in this menu. If it does not you may need to try a PSID Revert or if it is an early SSD it might not support this wiping routine and you will need to use Secure Erase instead.

Check your SATA/mSATA SSD and verify then select Continue:

You will be presented with a confirmation dialogue.

Check, I allow this utility too erase the listed device(s) and then select Start Erase:

Parted Magic will then Sanitize (zero the data and zero the mapping table) the SATA/mSATA SSD:

It will then verify that the operation has been successful:

You can then view the log:

Close the log when finished:

HDD/HSSD/Early SSD Secure Erase

If using the SATA/mSATA SSD Secure Erase your SSD should display in this menu. If it does not you may need to try a PSID Revert.

If your SATA/mSATA SSD displays as Frozen you will be unable to check it.

In such a case select Sleep.

This will take it out of a Frozen state:

Check your SATA/mSATA SSD or HDD and verify then select Continue:

You will be presented with a confirmation dialogue.

Check, I allow this utility too erase the listed device(s) and then select Start Erase:

Parted Magic will then Secure Erase (zero the mapping table) the SSD or write zeros to a HDD or HSSD.

It will take a few minutes for a SSD but it will take hours on a HDD or HSSD due to the speed of the drive and the wiping routine.

It will then verify that the operation has been successful:

You can then view the log:

Close the log when finished:

Physical Security Identification (PSID) Revert

If your Drive has been encrypted for example if Windows 10 Pro Bitlocker is used. You may be unable to access all data on the drive to wipe it. In order to Wipe it, you will need to unlock the drive using the Physical Security ID. Parted Magic has incorporated suggestions made in these guides to make this as easy as possible on the software side.

However unlocking the PSID unfortunately requires one to look at the label of the Solid State Drive to obtain the PSID and this is far easier to do in some computers than in others.

It is advised to take a picture of your PSID with your phone and read from it:

Type in your PSID without any spaces or – and then select Unlock.

If correct and unlocked it will display green (it wrong it will display in red).

Once the PSID is unlocked, try using the NVMe Secure Erase/Santize/Secure Erase routine again.

Advertisements