Option 1: ATA Secure erase of disk
If possible use ATA Secure Erase to delete your files securely, that is if you trust your harddisk manufacturer.
The precondition to this is an unfrozen
harddisk.
Many BIOSes will protect your drives if you have a password set (security enabled) by issuing a SECURITY FREEZE command before booting an operating system. If your drive is frozen, and it has a password enabled, try removing the password using the BIOS and powering down the system to see if that disables the freeze. Otherwise you may need to use a different motherboard (with a different BIOS).
$ hdparm -I /dev/sda
/dev/sda:
ATA device, with non-removable media
Model Number: INTEL SSDSC2BW240A4
Serial Number: PHDA419500H02403GN
Firmware Revision: DC32
Transport: Serial, ATA8-AST, SATA 1.0a, SATA II Extensions, SATA Rev 2.5, SATA Rev 2.6, SATA Rev 3.0
...
Security:
Master password revision code = 65534
supported
not enabled
not locked
frozen
not expired: security count
supported: enhanced erase
4min for SECURITY ERASE UNIT. 2min for ENHANCED SECURITY ERASE UNIT.
...
In the above case the harddisk is frozen (Hetzner Root server).
Option 2: Secure erase of disk with userspace tools
Due to the (many) caveats of shred and the rather un-maintained wipe it is recommended to use scrub instead:
$ scrub --force --no-signature --pattern nnsa /dev/sdX
scrub: using NNSA NAP-14.1-C patterns
scrub: please verify that device size below is correct!
scrub: scrubbing /dev/sda 240057409536 bytes (~223GB)
scrub: random |................................................|
scrub: random |................................................|
scrub: 0x00 |................................................|
scrub: verify |................................................|
Parameter explanation for scrub:
write patterns on disk/file
-f, --force
Scrub even if target contains signature indicating it has already been scrubbed.
-S, --no-signature
Do not write scrub signature. Scrub will not be able to ascertain if the disk has already been
scrubbed.
-p, --pattern PATTERN
Select the patterns to write. nnsa selects patterns compliant with NNSA Policy Letter NAP-14.1-C;
dod selects patterns compliant with DoD 5220.22-M; bsi selects patterns recommended by the German
Center of Security in Information Technologies (http://www.bsi.bund.de); old selects pre-version
1.7 scrub patterns; and fastold is old without the random pass. gutmann is a 35-pass sequence
described in Gutmann's paper cited below. See STANDARDS below for more detail. random is a
single random pass. random2 is two random passes. schneier is the method described by Bruce
Schneier in ''Applied Cryptography'' (1996) consisting of one 0x00 pass, one 0xff pass, and five
random passes. pfitzner7 is Roy Pfitzner's 7-random-pass method. pfitzner33 is Roy Pfitzner's
33-random-pass method. usarmy is the US Army AR380-19 method consisting of one 0x00 pass, one
0xff pass, and a random pass. Default: nnsa.
Additionally you may execute a destructive badblocks command:
$ badblocks -wsv /dev/sdX
Checking for bad blocks in read-write mode
From block 0 to 234431063
Testing with pattern 0xaa: done
Reading and comparing: done
Testing with pattern 0x55: done
Reading and comparing: done
Testing with pattern 0xff: done
Reading and comparing: done
Testing with pattern 0x00: done
Reading and comparing: done
Pass completed, 0 bad blocks found. (0/0/0 errors)
Parameter explanation for badblocks:
search a device for bad blocks
-w Use write-mode test. With this option, badblocks scans for bad blocks by writing some patterns
(0xaa, 0x55, 0xff, 0x00) on every block of the device, reading every block and comparing the
contents. This option may not be combined with the -n option, as they are mutually exclusive.
-s Show the progress of the scan by writing out rough percentage completion of the current badblocks
pass over the disk. Note that badblocks may do multiple test passes over the disk, in particular
if the -p or -w option is requested by the user.
-v Verbose mode. Will write the number of read errors, write errors and data- corruptions to stderr.
Option 3: Secure erase of directories/files with userspace tools
If you cannot shred the whole disk (for example a NFS share) use scrub:
$ cd /to/directory/to/wipe
$ scrub --freespace dump --force --no-signature --remove --pattern nnsa
The -X / --freespace
command tells scrub to create a directory dump
(in this case) and fill it with files until write returns ENOSPC (file system full), then scrub the files as usual.
Shred is only a last resort:
$ find <directory> -depth -type f -exec shred -v -n3 -z -u {} \;
Parameter explanation for shred
overwrite a file to hide its contents, and optionally delete it
-v, --verbose
show progress
-n, --iterations=N
overwrite N times instead of the default (3)
-z, --zero
add a final overwrite with zeros to hide shredding
References
- https://ata.wiki.kernel.org/index.php/ATA_Secure_Erase
- https://wiki.archlinux.org/index.php/Securely_wipe_disk
- https://stackoverflow.com/questions/10377393/deleting-files-permanently-and-securely-on-centos
- https://unix.stackexchange.com/questions/27027/how-do-i-recursively-shred-an-entire-directory-tree
- https://askubuntu.com/questions/17640/how-can-i-securely-erase-a-hard-drive