Summary: In this blog, we will share simple steps to format and wipe clean your SSD via the UEFI BIOS using the built-in Secure Erase feature of the SSD. We shall analyze the pitfalls of simply using Secure Erase and how BitRaser Drive Eraser comes as a promising tool for achieving compliance with data protection regulations.
Solid State Drive (SSD) is used predominantly in laptops, desktops, and Mac devices. Their superior performance, reliability, and durability as compared to Hard Disk Drive (HDD) have led to this change. As a result, SSDs store more sensitive and confidential data than ever. Commonly, organizations use the ‘Secure Erase’ feature accessible via the BIOS to wipe clean or format their SSD before reallocating, reselling, donating, or recycling.
However, it is essential to note that Secure Erase merely removes the data and does not generate any proof of data destruction for audit purposes. In addition, there is no guarantee that Secure Erase wipes hidden areas like HPA & DCO. Professional drive wiping software like BitRaser overcomes the challenges of the Secure Erase feature and helps organizations meet compliance in the most cost-effective manner. Let us look at both options to gain clarity.
Using the Secure Erase Feature in BIOS
Secure Erase is an inbuilt functionality in UEFI BIOS that helps you permanently erase data from your internal drives. Depending on your motherboard manufacturer, the Secure Erase feature may have a different name and location in the menu structure.
For Example, Lenovo ThinkBook laptops offer Secure Erase functionality via ‘Security Erase HDD Data’ in the BIOS.
For this Blog, we will be using a laptop with the following configuration:
- Device: Lenovo ThinkBook Laptop
- OS: Windows Server 2019
- Processor: Intel i5 (12th Gen Intel) x64
- RAM: 8.0 GB
- Storage: 476 GB Solid State Drive (SSD)
Step 1: Power ‘ON’ the laptop you want to wipe and press the ‘F1’ key to access the UEFI Boot menu. (The key may vary according to your device).
Go to ‘Security’ in the menu and select ‘Security Erase HDD Data’. Although the ThinkBook has an SSD, the terminology used here is HDD. (Refer to Image 1)
Note: The option to perform Secure Erase is only available on ThinkBook if the internal SSD is password-protected. In case, the SSD does not have a password, you cannot perform Secure Eraser.
Image 1: Select Security Erase in the UEFI Security Menu
Step 2: Press Enter on ‘Security Erase HDD 1 Data’, and you will see a ‘Setup Warning’ window informing you that all the data will be erased and the disk password will be deleted. Click ‘Yes’. (Refer to Image 2)
Note: The secure Eraser feature wipes the SSD data permanently without the scope of recovery; therefore, it is crucial to back up the data you want to retain.
Image 2: Click Yes in the Setup Warning Window
Step 3: A new Window will prompt you to enter your Disk Password, enter the password and press ‘Enter’. (Refer to Image 3)
The SSD wiping process will begin, and you can see the progress on your screen. (Refer to Image 4) Once the process is done, you will see a Windows saying, “Security erase complete successfully”. (Refer to Image 5)
Image 3: Enter Disk Password, then Press Enter
Image 4: Secure Erase Progress Screen
Image 5: Secure Erase Completed Successfully
Similar Secure Erase functionality exists in other laptops from different manufacturers like HP, Dell, Asus, etc. Erasing data using the ‘Secure Erase’ functionality from BIOS is limiting if you want to wipe multiple SSDs simultaneously, moreover, no report is generated to verify the erasure. This feature is more suitable for individual users intending to safeguard their privacy. For businesses, government organizations, educational institutions, etc., we recommend using a professional tool like BitRaser that generates data destruction records post-completion of data erasure.
Erase SSD Using BitRaser Drive Wiping Software
BitRaser Drive Eraser is a Drive wiping tool ideal for wiping SSDs of all make models, including SAS SSD, SED NVMe, etc. The software also wipes hard drives, PCs, laptops & Mac devices. The tool uses global data erasure methods like NIST Clear, NIST Purge, DoD 3 Pass, 7 Pass, etc. The software generates data erasure reports based on NIST guidelines for media sanitization.
Let us see what advantages the BitRaser software brings in comparison to the Secure Erase feature of BIOS.
Advantages of Using BitRaser Drive Eraser Over Secure Erase (BIOS):
Parameters | Secure Erase (BIOS) | BitRaser Drive Eraser |
Data Erasure | Yes | Complete Erasure including HPA, DCO areas |
Supported Wiping Methods | Only Overwriting is performed | 24+ Wiping Methods supported like NIST 800-88, US DoD 5220.22, etc. |
Erasure Reports | No | Tamper-Proof Erasure Reports & Certificates |
Device Compatibility | For Internal Drives only (SSD) | Wipes all Internal or External SSD, HDD, Servers, Laptops, Desktops & Mac |
Advance Features | No, advanced features are available | API Integration with Asset Management tools. ERP Integration Remote Wiping Cloud Integration for managing Users, Erasure Licenses & reports |
Deployment | Through UEFI BIOS | Deployable via USB, PXE Boot, or Remotely |
Scalable | No | Wipe 100 Drives/Devices Simultaneously using the USB Boot solution Wipe up to 65,000 Drives Over a Network using the PXE Boot Solution |
Erasure Verification | No | Yes, the software has an inbuilt verification mechanism |
Data Recovery | Not Possible | Not Possible |
Tested & Certified | No | Yes, the software has been tested & certified by NIST, Common Criteria, ADISA, etc. |
Pricing | Free | Pay-per-use, Cost-efficient solution |
To learn how to wipe SSD using BitRaser Drive Eraser, you may refer to our articles below:
- How to Wipe SSDs?
- How to Wipe NVMe and M.2 Drives?
- How to Perform Cryptographic Erasure on an SSD?
You can also wipe other drives & devices with BitRaser and can refer to our articles below:
- How to Wipe a Hard Drive?
- How to Wipe Mac® Devices?
- How to Wipe Laptop or PC?
FAQs
Can you wipe an SSD through BIOS? Is it advisable?
Yes, you can wipe SSD through BIOS using the secure erase feature. This feature is accessible via the BIOS or UEFI menu. However, this feature does not generate any proof of destruction for compliance purposes.
How can I access the Secure Erase feature in my laptop's BIOS?
To access the secure erase feature, you need to restart your laptop and repeatedly press the F1 key to enter the BIOS or UEFI menu (The key may vary according to the device manufacturer. For Example: In Dell laptops, the key is F2). In the BIOS, the secure erase feature is present under the ‘Security’ tab (It may have a different name depending on the manufacturer).
What are the limitations of using the Secure Erase feature in BIOS?
Secure erase functionality is limited to only wiping one internal SSD in a laptop. The functionality does not support external drives, including wiping multiple SSDs simultaneously. Moreover, there is no guarantee that hidden areas like HPA & DCO will be erased, and no report is generated to verify the erasure.
How can I wipe multiple SSDs simultaneously?
You can wipe multiple SSDs simultaneously using BitRaser Drive Eraser software. The tool allows you to wipe up to 100 SSDs simultaneously by mounting them on a chassis or a rack. You can also deploy a PXE boot solution over a network to wipe up to 65,000 SSDs.