Table of Contents
Advertisement
SSDs. Often these contents contain data considered "vendor-unique". To preserve the
contents that are uniquely created by Supermicro, we do not use the "Enhanced Erase"
command for secure erase on our products to avoid any accidental removal of firmware
instructions or security keys that are designed to enhance our product performance.
1.1.2 Secure Erase for ATA SED SSD Devices
Trusted Computing Group (TCG) Locking Range Erase Method Used
The chief concern in secure erase is how to avoid damaging the media drive while
performing a secure erase. There are two common techniques that can be used to help
safeguard your devices when a secure erase is performed: TCG and ATA.
•
TCG (Trusted Computing Group): This technique uses an internal encryption key to
encrypt a media drive and then destroys the encryption key by performing a secure
erase to overwrite and to erase the instructions of the encryption key. In other words,
TCG uses an encryption key to encrypt and mask off the data in a drive and then
destroys that particular encryption key by overwriting it via a secure erase. Since this
technique is especially effective in securely erasing data from Self-Encrypting Drives
(SEDs), Supermicro uses the "LockingRangeErase" method under the "TCG Storage
Security Subsystem" to securely remove unwanted data from the ATA SED SSD devices,
especially those devices with vendor passwords pre-installed. These high-end SED SSD
devices are commonly used in our High Performance Computing (HPC) servers and
Enterprise class systems.
ATA Technique Explained
•
ATA: Instead of overwriting/erasing all data from the disk drive, this technique uses a
"reset" command in the ATA Standards to reset an SSD device to a clean memory state
which will further trigger a "flush" command to flush all stored electrons and effectively
cause all stored data in the SSD drive to be "forgotten" and become "unavailable" for use.
Since the "ATA" technique will reset all available disk blocks in a disk drive and remove
all data therein, this technique will also inadvertently destroy the "vendor-specific" firm-
ware settings or software instructions in our computers that are created by Supermicro
or our vendors to maximize system performance and optimize user experience, and
thus we do not use the ATA block erase command or block reset command in order to
avoid unintentional removal of any data or instructions, resulting in unintended degraded
system performance or user experience.
Chapter 1: Secure Erase Overview
7
Advertisement
Table of Contents
