I'm on Catalina so I can't follow Monterey instructions. Or erase the volume using a new feature of Monterey, as suggested by Apple. >Otherwise, format the volume and re-install macOS, as suggested by Apple. >If you want to understand a little more… >You have already decided on the answer you want If your data was encrypted, then you have nothing to worry about once the encryption key has been destroyed. I would expect the major SSD manufacturers to be the most trustworthy & reliable in this manner especially if their SSDs have been tested to comply with the hardware secure erase feature. Even using "xxd" to read the raw data from the drive can be misleading as some SSD's are programmed to show zeroes after a secure erase even if the data is not erased. No matter what option you choose, you still must trust that the SSD is doing as it has been told. I have successfully performed this procedure on Apple 2.5" SSDs, and on many Apple blade SSDs from 2013 - 2015, and was only able to do this on a few of the 2016-2017 USB-C Macs. Not all SSD's have this feature built into them. Revive or restore a Mac with Apple silicon using Apple Configurator 2 - Apple SupportĪbout encrypted storage on your new Mac - Apple Supportĭepending on the exact model of the Mac and the SSD used, it may be possible the SSD has a built-in hardware secure erase feature, but this can only accessed from a bootable Linux USB drive and may require several command line commands to execute. Revive or restore an Intel-based Mac using Apple Configurator 2 - Apple Support If you "Restore" the T2 firmware, then I believe it creates a new set of encryption keys which effectively instantly destroys all data on the SSD since without the old encryption keys there is no way to recover any data from the SSD. If you have a 2018+ USB-C Mac, then the SSD is hardware encrypted. You will see some data on the SSD for the partition layout and a few hidden macOS support files, but the majority of the data will show as zeroes and dots. I'm not sure if "xxd" is available while booted from a macOS installer since the installer is quite limited. You can check the contents of the SSD by running the following utility from the Terminal app although you will need to replace "diskX" with the proper drive identifier for the SSD): xxd /dev/diskX I'm not sure what happens when using a third party SSD. With an Apple SSD once you use Disk Utility on macOS to "erase" the SSD (simple erase) the TRIM support on the SSD will automatically clear out the NAND cells. If your data is encrypted as you say, then just destroying the encryption keys are enough to prevent access to the data since there is no way to decrypt the data without the encryption key. Info on keybags and how Apple storage encryption works: Here’s the Monterey feature, with links to other info:Įrase all content and settings on Mac - Apple Support There is no storage-overwrite capability with SSDs, and the multiple-pass-overwrite I/O scheme dates back to external-servo hard disks and floppies from the 1980s when head-tracking was sloppy, at best. This for wear leveling, and for performance. Writes do not overwrite the same storage, the writes re-vector the write elsewhere. If the standard and fundamental behavior of an SSD-the integral erase-on-write behavior required for all flash storage-is insufficient, and/or if your data was somehow unencrypted, then you will want to physically shred the storage. Otherwise, format the volume and re-install macOS, as suggested by Apple. macOS uses your password to access a robust generated encryption password, and the storage-erasure procedure steps on the keybag. If the in-built data encryption is insufficient, shred the Mac. You have already decided on the answer you want, and seem uninterested in technical details. I assume this also works for current MacOS I remember I read somewhere that specialists can recover data when it's overwritten a few times, but it apparently gets very difficult after about 8 passes (all from top of my head).The action will terminate automatically when your drive is filled with random data (with the message "No space left on device") execute this command: cp /dev/random /Volumes/"yourdrive".I would like to hear if this is working as expected I understand the drive is soldered to the main board so this would destroy the whole machine. Physically evaporating/grinding the drive is one step too far for me. Yes it's already encrypted but that's not good enough.Īpple's "sudo diskutil secureErase" on SSD's errors with "makes no sense".
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |