Skip to content

Instantly share code, notes, and snippets.

@joeblau

joeblau/OSX Secure Disk Wipe.md

Last active June 12, 2023 07:37
Show Gist options
  • Save joeblau/ebe9adad43d9665608ff to your computer and use it in GitHub Desktop.
Save joeblau/ebe9adad43d9665608ff to your computer and use it in GitHub Desktop.
Download ZIP
Securely erase an external disk using dd on OSX
Raw
OSX Secure Disk Wipe.md

Securely erase an external disk using dd on OSX

  1. Plug in your SD card, HDD, or other block device and then use the following command to see which /dev/diskN node it's located on:
diskutil list
  1. Unmount the disk where “N� is the number of the disk taken from the above command:
diskutil unmountDisk /dev/diskN

If the above command was successful, you will see:

Unmount of all volumes on diskN was successful

  1. Execute dd command as super user on disk where "N" is the number of the disk from step 1.
sudo dd if=/dev/urandom of=/dev/diskN bs=1000000

This will overwrite all partitions, master boot records, and data. Please note that this may take a while depending on the size of your disk and there is no progress indicator. However; If you want to check whether or not dd is working you can always use pv (Available on Homebrew) which will dump out the raw data being written to the disk.

sudo pv /dev/disk1
@auslaner
Copy link

Nice solution, but the number must be put after the secureErase option.
sudo diskutil secureErase [0-4] /dev/rdiskN

Also note for anyone arriving here from google and such that the man pages state this method isn't considered safe by modern standards despite being called "secureErase".

From the diskutil man page:

NOTE: This kind of secure erase is no longer considered safe. Modern devices have wear-leveling, block-
sparing, and possibly-persistent cache hardware, which cannot be completely erased by these commands. The
modern solution for quickly and securely erasing your data is encryption. Strongly-encrypted data can be
instantly "erased" by destroying (or losing) the key (password), because this renders your data irretrievable
in practical terms. Consider using APFS encryption (FileVault).

@felgercarb
Copy link

Also note for anyone arriving here from google and such that the man pages state this method isn't considered safe by modern standards despite being called "secureErase".

From the diskutil man page:

NOTE: This kind of secure erase is no longer considered safe. Modern devices have wear-leveling, block-
sparing, and possibly-persistent cache hardware, which cannot be completely erased by these commands. The
modern solution for quickly and securely erasing your data is encryption. Strongly-encrypted data can be
instantly "erased" by destroying (or losing) the key (password), because this renders your data irretrievable
in practical terms. Consider using APFS encryption (FileVault).

This is still a good solution for use cases involving spinning-disk HDs, however. The manpage caveat applies to solid-state storage devices.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment