I’ve seen so much debate surrounding what specifically Samsung magician’s secure erase tool for their consumer ssds actually does. It seems like everyone agrees that using the bootable USB media wipes and generates a new encryption key for the drive to run off of, but does their utility also execute an ata secure erase command and trimming all sectors of the ssd? Samsung’s own website says that their secure erase tool will wipe data and restore performance (which I assume it would have to properly destroy data on all sectors to do), and I have seen a few people say this, yet many many people I’ve seen on the internet are claiming that all it does is wipe the encryption key rendering the data unusable. What is the actual process of Samsung secure erase?
-
1We can only speculate about any proprietary software.– ChanganAutoCommented May 15, 2021 at 18:53
1 Answer
There's no exact behavior defined for ATA Secure Erase in the ACS specs. Therefore, it's often implemented to either works more or less like issuing TRIM to all the logical blocks, or regenerate the encryption key if the drive is employed with "always-on" encryption. In fact, there's an enhanced bit that can be based on to trigger different behaviors with the command, so with some drive the command can be used to trigger either behavior.
However, there's no easy way (if any) for us to determine what's done behind the scene. The truth is, even with the former case / TRIM, no one can tell exactly how it is implemented. It may not even do anything immediately to the NAND flash, but merely notify the controller that they are all considered unused. With the fact that the same drive vendor might be using chips from different controller vendors for different models of drives, the behavior could differ among them.
It might be worth noting that, the fact that logical blocks return all zero does not necessarily mean the memory they were mapped to are by any means wiped, but merely that they are now "unmapped".
So if you are concerned whether you need to TRIM the whole drive in case the "erasure" is in fact a regeneration of encryption key, don't be. Besides, regardless of whether it's better or worse to do so, TRIM is often issued by the OS/utility to the blocks of a partition before it is being formatted.
