Newer Dell Business Models have the ability to Securely Wipe all Internal Drives via their UEFI BIOS setup. See my UEFI BIOS: Dell Data Wipe for more details.
1. Creating a Magic Parted Bootable USB
After looking around for a utility to securely wipe a SSD I seen that Magic Parted was the most highly recommended.
Magic Parted is essentially a commercial Linux Live Bootable USB. It has a series of tools such as Erase Disk, Virus Scanner, Partition Editor and Disk Cloning. Parted Magic has to be purchased in order to download. You can purchase it once for $9 or a 1 year subscription for $49.
This guide is only interested in the Erase Disk. Unless you are periodically using the anti-virus to scan your system for viruses within the Linux Live USB environment the single time purchase will suffice in most cases. The product will however be continuously developed to support more types of chipsets and types of drives so newer versions may need to be purchased in the future if you change your hardware.
The Latest version Magic Parted can be purchased from here for $11:
Before purchasing using the above affiliate link, make sure that the version is current, at this time of writing it is 2019-05-30. The change log is here.
The 1 Year subscription can be purchased from here for $49:
Note the yearly subscription is only required if you wish to download multiple PartedMagic releases, for example if you are using it for the likes of anti-virus or continually testing newer hardware. Unless PartedMagic decide to release >5 versions in a year.
Note the links above are affiliate links. This means if you purchase Parted Magic through these then they will know you came to the utility via my recommendations (DellWindowsReinstallationGuide).
Once you purchase you will be provided an email with a download link to the .iso:
Once you have Downloaded the Magic Parted .iso, you’ll need to use the utility Rufus to make a Bootable USB:
To launch Rufus, double click the Application (no installation is required):
Accept the User Account Control Prompt:
Once Rufus has launched, select the “select” button:
Select your Parted Magic .iso and select open:
Before creating media, it is advised to check the installation .iso checksums to ensure you have a complete download. To do this select the tick button:
It will check the installation .iso checksums:
They should match those on the page, where you Downloaded Parted Magic from (recheck your email for the link):
If your computer model is from 2012 or newer, it has a UEFI BIOS with Secure Boot. It is advisable to change the Partition Scheme to GPT. The File System should be FAT32. If your computer model is from before 2010 it likely has a Legacy BIOS so you will need to use the MBR Partition Scheme and the File System should be NTFS. If your model is from before 2011 you will need to check whether you have a UEFI Boot or not and amend accordingly:
Then ensure you have a 16 GB USB Flash Drive without any important data on it (it will be formatted):
Then select Start:
Select Write in ISO Mode and select OK:
You will now be warned that you will destroy all data on your USB. Select OK:
Rufus will now make the Parted Magic Bootable USB:
Once it’s done, it will say Ready and you can close Rufus:
2. Booting from the USB
Power down the computer which you wish to wipe and insert the Parted Magic Bootable USB into a port on the computer. Power up your computer and press [F12] to enter the Boot Menu:
For an Alienware/Dell and Lenovo the function key is [F12] for a HP or another OEM another Function Key or Esc may be used instead.
This will take you to the Boot Menu, on this screen it should state the Boot Mode and Secure Boot status. This should be set to UEFI and Secure Boot should be On. Here are five different screens:
- The first is the latest 2017-2018 Dell TouchScreen UEFI BIOS
- The second is a typical 2012-current Dell Business Model
- The third is a typical 2012-current Dell Home Model
- The fourth is a typical 2011 hardware Dell Business Model
- The fifth is a typical Model before 2012
In the first three cases UEFI and Secure Boot should be On. Press the [↓] key until you get your Bootable USB and press [Enter]. In the fourth case, you should explicitly select the Bootable USB shown under UEFI Boot and in the fifth case you will only have a Legacy Boot.
Select Default Settings 64:
Magic Parted will now load:
You will then be asked to select your Time Zone, you can select it if you like or just close the Window:
3. Securely Erasing a SSD/SHHD/HDD and NVMe SSD
To the top left, right click Erase Disk:
Parted Magic Disk Eraser Menu will now open, you will have three options; Secure Erase, Sanitize and NVMe Secure Erase:
Each mode supports different drive types, most users may not be glued up on the hardware of their internal drives so in general:
Secure Erase can be used on all SATA HDD, SATA SSD, mSATA SSD, SATA SHDD, NVMe SSD and m.2 SSD so I would run it first in all cases. SSD Secure Erase only deletes the mapping table meaning the data is still on the drive but is scrambled, cannot readily be interpreted as it cannot be mapped. Sanitize is more through as deletes the mapping table and erases all the blocks that have been written to. As both processes don’t take very long, I would run Secure Erase and then Sanitize. If you have a newer NVMe SSD or m.2 SSD you will also be able to use NVME Secure Erase – NVM Express M.2.
If your SSD/HSSD/HDD doesn’t show when Secure Erase is selected (or show as unsupported) they may be encrypted with Bitlocker. You may need to unlock the PSID in order to proceed (see notes below).
On a Lenovo Yoga 14 (20DM/20DN) with a 16 GB SSD Cache Drive and a 500 GB HDD. The chances are the Drives will be frozen and you will be unable to select them when you first launch Secure Erase. Select Sleep, you will get a black screen for a couple of seconds and when the system wakes up from the Sleep, the Drives should be Not Frozen:
Select your Drives and then select Continue…
You will get a second Confirmation Dialogue:
Check “I Allow this Utility to Erase the Listed Device(s)” and then select Start Erase:
Parted Magic will begin to Securely Erase the selected Drives:
The process will be quick for a SSD as it uses a voltage spike to simultaneous flush data from the SSD and time consuming for a HDD or HSDD because it must manually rewrite each individual block one by one, for more details see here.
Once done you will get the following, you can view the log or select OK:
In my case, I then went ahead and used Santize on the SSD. The layout is very similar, select the SSD and select Continue:
Allow the Utility to Santize the SSD and select Start Erase:
It will begin to Sanitize the SSD:
Once done you will be able to view the log:
Physical Security Identification (PSID) Revert
If the SSD is encrypted e.g. with the likes of Bitlocker:
When selecting Erase Disk:
You may get the error message “This Routine can only run for disks supporting the Security Mode Feature Set”. Select Show All Devices:
At this warning select OK:
Look for your SSD, it should be listed but say Unsupported. TThis is because the SSD is encrypted and this encryption needs to be removed via a Physical Security Identification (PSID) revert:
For this you will need to take the SSD out of your system and look at its label.
On the Label there should be a field PSID, take a picture of your SSD so you can read the PSID and reseat your SSD into your system:
In Parted Magic open up the terminal:
Type in the following lines
This will list your drives. In this case we can see the Crucal SSD is:
We can then query the Drive using the Command:
Where X is the letter of your SSD in my case a:
You will be given information about your SSD, this can be maximised:
In this case we can see the field LockingEnabled=Y meaning the SSD is encrpted with Bitlocker:
To revert the PSID we need to type in the following:
In my case:
The PSID should be successfully reverted:
One can retry Secure Erase or Santize with their SSD once again:
As you can see the SSD is no longer Unsupported and we can perform the Secure Erase or Santize now that the PSID is reverted: