Chapter 1 Secure Erase Overview; Secure Erase Defined; Secure Erase For Sata Hdd/Ssd Devices - Supermicro X11 User Manual

Super Secure Erase for the X11/X12/B11/B12 Motherboards User's Guide

1.1 Secure Erase Defined

Secure Erase (Security Erase) implemented in Supermicro's products is, primarily, a firmware-
based process that utilizes an overwrite command in the ATA standard to overwrite existing
data from a media drive, such as a hard disk drive (HDD) or a solid state drive (SSD), and
effectively remove the existing data from your computer by writing over it. This overwrite
command, also known as "Security_Erase_Unit" command in the ATA standard, works
substantially faster than the "rewrite through read and write" command, and its execution is
so thorough that all existing data in a disk is completely written-over and erased from the disk
drive. Due to its efficiency in data removal and cleansing, the overwrite command is commonly
used in secure erase to help achieve the uttermost data sanitization and system security that
will comply with the most stringent privacy laws and meet most rigorous security requirements
in the world as those that are set up by the State of California and the European Union (EU).

1.1.1 Secure Erase for SATA HDD/SSD Devices

Normal Erase Method Used
Since the Overwrite command is very efficient in removing data from disk drives, Supermicro
uses this command for SATA HDD and SSD devices, and out of the two methods of the
Overwrite command: Normal Erase and Enhanced Erase, we use Normal Erase for secure
erase to further enhance our product performance as mentioned below.
•
Normal Erase: This is the primary method that Supermicro uses for secure erase. Uti-
lizing the Normal Erase method in the "Security_Erase_Unit" command, also known as
the Overwrite command, all contents stored in the sector of LBA 0 through the greater
"Read Native Max" or "Read Native Max Ext" will be overwritten and replaced with
"0's" and "1's." This method of data erasing is considered very effective and safe, so
it is commonly used in the industry. Supermicro currently uses "Normal Erase" of the
Overwrite command to securely erase data from a disk device, especially from an SATA
SSD device, by executing the Security_Erase_Unit (Overwrite) command in the "Security
Erase" setting of the UEFI BIOS Setup Utility used for a motherboard.
•
Enhanced Erase: The Enhanced Erase command will overwrite and erase all data that
has previously been written by the user, including the sectors that are no longer in use
as well as the contents that have already been "sanitized" or cleansed" in the HDDs/
SSDs. Often these contents contain data considered "vendor-unique". To preserve the
contents that are uniquely created by Supermicro, we do not use the "Enhanced Erase"
Chapter 1
Secure Erase Overview
6