How to Securely Erase a Mac SSD

By | May 31st, 2016

How to erase an SSD

If you’re prepping your Mac for sale, trade-in or handing it down to a friend or relative, you should erase the hard drive first – that way your data won’t fall into the wrong hands. If your Mac is newer and has an SSD, you need to take additional steps.

Securely erasing your Mac’s hard drive

We’ve already covered how to prep your Mac’s hard drive to make sure that what’s on the drive is securely deleted. Using a process called “zeroing out,” you overwrite the entire contents of the disk with binary zeroes.

Users with a need for even more security can use a 7-pass erase feature that writes data over free disk space seven times. Short of hitting the hard drive with really expensive forensics gear, this guarantees you your data is gone for good.

There’s a hitch, though: Those instructions only apply to older Macs with conventional hard disk drives. They do not help if you have an SSD.

Securely erasing SSDs, and why not to

Most new Macs ship with solid state drives (SSDs). Only the iMac and Mac mini ship with regular hard drives anymore, and even those are available in pure SSD variants if you want.

If your Mac comes equipped with an SSD, Apple’s Disk Utility software won’t actually let you zero the hard drive.

Wait, what?

In a tech note posted to Apple’s own online knowledgebase, Apple explains that you don’t need to securely erase your Mac’s SSD:

With an SSD drive, Secure Erase and Erasing Free Space are not available in Disk Utility. These options are not needed for an SSD drive because a standard erase makes it difficult to recover data from an SSD.

In fact, some folks will tell you not to zero out the data on an SSD, since it can cause wear and tear on the memory cells that, over time, can affect its reliability. I don’t think that’s nearly as big an issue as it used to be – SSD reliability and longevity has improved.

If “Standard Erase” doesn’t quite make you feel comfortable that your data can’t be recovered, there are a couple of options.

FileVault keeps your data safe

One way to make sure that your SSD’s data remains secure is to use FileVault. FileVault is whole-disk encryption for the Mac. With FileVault engaged, you need a password to access the information on your hard drive. Without it, that data is encrypted.

There’s one potential downside of FileVault – if you lose your password or the encryption key, you’re screwed: You’re not getting your data back any time soon. Based on my experience working at a Mac repair shop, losing a FileVault key happens more frequently than it should.

When you first set up a new Mac, you’re given the option of turning FileVault on. If you don’t do it then, you can turn on FileVault at any time by clicking on your Mac’s System Preferences, clicking on Security & Privacy, and clicking on the FileVault tab. Be warned, however, that the initial encryption process can take hours, as will decryption if you ever need to turn FileVault off.

With FileVault turned on, you can restart your Mac into its Recovery System (by restarting the Mac while holding down the command and R keys) and erase the hard drive using Disk Utility, once you’ve unlocked it (by selecting the disk, clicking the File menu, and clicking Unlock). That deletes the FileVault key, which means any data on the drive is useless.

FileVault doesn’t impact the performance of most modern Macs, though I’d suggest only using it if your Mac has an SSD, not a conventional hard disk drive.

Securely erasing free space on your SSD

If you don’t want to take Apple’s word for it, if you’re not using FileVault, or if you just want to, there is a way to securely erase free space on your SSD. It’s a little more involved but it works.

Before we get into the nitty-gritty, let me state for the record that this really isn’t necessary to do, which is why Apple’s made it so hard to do. But if you’re set on it, you’ll need to use Apple’s Terminal app. Terminal provides you with command line interface access to the OS X operating system. Terminal lives in the Utilities folder, but you can access Terminal from the Mac’s Recovery System, as well. Once your Mac has booted into the Recovery partition, click the Utilities menu and select Terminal to launch it.

From a Terminal command line, type:

    diskutil secureErase freespace VALUE /Volumes/DRIVE

That tells your Mac to securely erase the free space on your SSD. You’ll need to change VALUE to a number between 0 and 4. 0 is a single-pass run of zeroes; 1 is a single-pass run of random numbers; 2 is a 7-pass erase; 3 is a 35-pass erase; and 4 is a 3-pass erase. DRIVE should be changed to the name of your hard drive. To run a 7-pass erase of your SSD drive in “Peters-Macbook”, you would enter the following:

    diskutil secureErase freespace 2 /Volumes/Peters-Macbook

And remember, if you used a space in the name of your Mac’s hard drive, you need to insert a leading backslash before the space. For example, to run a 35-pass erase on a hard drive called “Macintosh HD” you enter the following:

    diskutil secureErase freespace 3 /Volumes/Macintosh\ HD

Something to remember is that the more extensive the erase procedure, the longer it will take.

Your type of drive

One final thing, and maybe this should have been first, before you can securely erase your files on your Mac, you need to know if you have a standard hard drive or an SSD. To find out, or at least to make sure, you click on the Apple menu and select “About this Mac”. Once there select the “Storage” tab to see which drive is in your system.

Mac Storage

Peter Cohen
Peter will never give you up, never let you down, never run around or desert you. He also manages the Backblaze blog.

Follow Peter on:
His web site: peter-cohen.com | Twitter: @flargh | LinkedIn: Peter Cohen | Google+: Peter Cohen
Category: Backing Up · Mac Love