
ANy such claim, in my opinion, is flawed and would only give a false sense of security.

I would be extremely careful at giving the impression that nwipe can be used on SSD drives. But there's zero guarantee, from the OS's perspective, that it's doing anything at all. You'll notice that those commands return immediately and the controller (hopefully!) does that work in the background. You can try to do a "Secure Erased" command, but that's an entirely different mechanism, where you delegate that work to the SSD controller and hope that it actually does delete that data. My understanding is that wiping an SSD brings close to zero security benefit if you are worried about reliably deleting data, period.

Or perhaps swap the order to do Security Erase Enhanced first then wipe with random data. Then give the SSD controller the Security Erase Enhanced command, which nwipe does NOT currently support, but can be done with HDPARM in the interim. There's extra capacity on there that you will never have access to from nwipe. The problem with that approach is that you don't have access to the entire "device" or, to be more specific, the storage backend. One security method is to write random data to the entire device (low likelihood of repeated data in a block which would allow shared mapping), which nwipe currently supports. That's news to me: I wasn't aware of SSDs doing data replication.Įarlier data from those re-mapped blocks still exists and technically could be forensically read (but not with normal reads).

To summarize the earlier discussion, SSD controllers recognize data patterns, such as all zeros, and map all blocks containing zeros to a single block that really contains zeros.
