Find a suitable command to securely erase an NVMe device

erase-command.py

#!/usr/bin/env python3

import json
import subprocess
import sys

try:
    dev = sys.argv[1]
except IndexError:
    sys.exit('Device required')

data = subprocess.check_output(['nvme', 'id-ctrl', '-H', dev, '-o', 'json'])
data = json.loads(data.decode())

fmt_caps = data['oacs']
san_caps = data['sanicap']

has_fmt = fmt_caps & 0b10
print('Formatting {}supported'.format('' if has_fmt else 'not ',
                                      file=sys.stderr))
if has_fmt:
    has_crypto_fmt = data['fna']
    print('Crypto formatting {}supported'.format('' if has_crypto_fmt
                                                 else 'not ', file=sys.stderr))
else:
    has_crypto_fmt = False

has_crypto_san = san_caps & 0b1
print('Crypto sanitize {}supported'.format('' if has_crypto_san
                                           else 'not ', file=sys.stderr))
has_block_san = san_caps & 0b10
print('Block sanitize {}supported'.format('' if has_block_san
                                          else 'not ', file=sys.stderr))

if has_crypto_san:
    print("nvme sanitize %s --sanact 4" % dev)
elif has_block_san:
    print("nvme sanitize %s --sanact 2" % dev)
elif has_crypto_fmt:
    print("nvme format %s --ses 2" % dev)
elif has_fmt:
    print("nvme format %s --ses 1" % dev)
else:
    sys.exit("No supported methods")