HP Secure Erase Whitepaper
HP SECURE ERASEFOR SSDS & HDDSSAFELY AND EFFECTIVELY ERASE SENSITIVE DATATECHNICAL WHITEPAPER
HP SECURE ERASEIS A CRITICALRESOURCE FOR ITAdministrators tasked with protecting sensitivedata, and a key component of HP system security.HP Secure Erase1 makes it easy to sanitize localmagnetic hard disk drives (HDD) or solid-statedrives (SSDs) to industry standards before disposalor recycling.TABLE OF CONTENTSLOCAL STORAGE SANITATION— AN IMPORTANT LAST STEP IN THEPC LIFECYCLE . 2ERASING SSDS VS. HDDS . 2CONCLUSION . 3HP SECURE ERASE FOR SSDS & HDDS WHITEPAPER1
LOCAL STORAGE SANITATION—AN IMPORTANT LAST STEP IN THEPC LIFECYCLEIn an environment where sensitive user information is under attack at every stage of thesystem lifecycle, ensuring that data can be securely erased from a data storage deviceis paramount. Information can be vulnerable if left on a storage drive when a system isrecycled, disposed of, or reprovisioned for another user. Properly sanitizing storagedrives according to industry standards is a critical step in the PC lifecycle.In addition to meeting industry standards for data erasure in standard magnetic harddisk drives (HDDs), HP has taken the additional step of extending HP Secure Erase toalso support industry-standard solid state drives (SSDs). HP Secure Erase is a standardfeature in all HP business notebooks, supporting the methods outlined in the NationalInstitute of Standards and Technology Special Publication 800-88. Manufacturers ofindustry standard SSDs approved for use in HP business notebook products have verifiedthat running HP Secure Erase on their SSDs fully removes all user data so that it cannotbe recovered.ERASING SSDS VS. HDDSUsing HP Secure Erase on standard HDDs, data is overwritten using a data-removalalgorithm that writes multiple patterns on every sector, cluster, and bit of the hard drive.This process is documented in the Department of Defense (DOD) 5220.22-M Chapter 8specification.2 This overwrite-based process is only effective on standard HDDs. Writinga predetermined data pattern to a NAND flash-based SSD does not result in an emptydrive. Instead it results in a drive full of data that must be erased before new user datacan be written, which massively shortens the service life.Industry-standard disk sanitationTo securely erase all user data from an SSD and restore the drive to a fresh-out-of-box(FOB) performance state, the National Institute of Standards Technology (NIST) supportsthe following commands that meets the minimum guideline for media sanitization ofSSDs (NIST SP800- 88 Rev. 1).Block Erase is a function enabled only in SATA SSDs. Using the ATA command BLOCKERASE EXT. Block Erase will instruct the SSDs controller to apply an erase voltage to allNAND cells of the device (including any cells which form blocks that have been retired,re-allocated, involved in garbage collection or over-provisioning or are part of a reservedpool of spare blocks). This functionality provides a very fast, complete and robusterasure of the SSD.Crypto Erase is a function enabled only in SATA SED SSDs. Using the ATA commandCRYPTO SCRAMBLE EXT, this function removes the encryption key effectively makingit impossible to reconstruct any of the data on the storage device. Crypto Scramble isimplemented on both HDD and SSD SED devices.HP SECURE ERASE FOR SSDS & HDDS WHITEPAPER2
Block Erase and Crypto Erase Sanitize Operation is a function enabled only in PCIe NVMeSSDs. NVMe does not follow conventional ATA feature sets. Instead, NVMe devicessupport a sanitization function, inside their FORMAT NVM command structure thatincludes BLOCK ERASE SANITIZE and CRYPTO ERASE SANITIZE operation. So, by settingsome specific bits in this command structure, a function similar to Secure Erase can becarried out.What data is not erased?After deploying HP Secure Erase on an SSD, all data in the user space is completely andirretrievably erased, and every block in the user space is ready to accept new host-writtendata, which moves the drive to its highest performance state (FOB). However, some datamust be left in place, including data required for normal drive operation: SSD firmwarecopies that reside in the NAND, all SMART data, and retired NAND block mapping tables.CONCLUSIONWriting or overwriting data to drive is the accepted practice of securely eliminating datafrom an HDD. However, in the case of NAND flash-based SSDs, overwriting is redundant,unnecessary, and a potentially insecure method of eliminating data. By using HP SecureErase, users can ensure that SSD drives are completely sanitized and meet the minimumindustry standards HP Secure Erase is easily enabled through the standard F10 BIOSsetup process on most HP business PCs.Learn morehp.com/wolfsecurityforbusinessHP SECURE ERASE FOR SSDS & HDDS WHITEPAPER3
HP SECURE ERASE FOR SSDS & HDDS WHITEPAPERFor the methods outlined in the National Institute of Standards and Technology Special Publication 800-88 “Clear” sanitation method. Secure Erasedoes not support platforms with Intel Optane . HP Secure Erase does not support platforms with Intel Optane.2Specification 5220.22-M no longer exists. The DoD has subsequently decided that secure information must be destroyed to remain secure. The NISTguidelines restate in clear terms that a two-person rule (read human verification) shall be implemented but did not establish guidelines on the methodof sanitization (it could be a single wipe with dual human verification, or a single destruction with the same).1Sign up for updates: hp.com/go/getupdated Copyright 2021 HP Development Company, L.P. The information contained herein is subject to change without notice. The only warranties forHP products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should beconstrued as constituting an additional warranty. HP shall not be liable for technical or editorial errors or omissions contained herein.Intel, Pentium, Intel Inside, and the Intel Inside logo are trademarks of Intel Corporation or its subsidiaries in the U.S. and/or other countries.4AA7-2608ENW, June 20214
HP SECURE ERASE FOR SSDS & HDDS WHITEPAPER 1 HP SECURE ERASE IS A CRITICAL . RESOURCE FOR IT . Administrators tasked with protecting sensitive data, and a key component of HP system security. HP Secure Erase. 1. makes it easy to sanitize local magnetic hard disk drives (HDD) or solid-state d
Kingston SSD Manager will not allow a drive to be secure erased if it contains any partitions. If your drive contains partitions the Secure Erase button will be inactive and you will see this message in KSM: In the case your drive contains partitions you must remove them using the Disk Management system utility.
a speci c, commonly used, case of secure computation. To implement secure computation and secure key storage on mobile platforms hardware solutions were invented. One commonly used solution for secure computation and secure key storage is the Secure Element [28]. This is a smart card like tamper resistant
3.3V Uniform Sector Dual and Quad Serial Flash GD25Q32C 4 1. FEATURES 32M-bit Serial Flash Fast Program/Erase Speed -4096K-Byte -Page Program time: 0.6ms typical -256 Bytes per programmable page -Sector Erase time: 50ms typical -Block Erase time: 0.15/0.25s typical
3.3V Uniform Sector Dual and Quad Serial Flash GD25Q32C 4 1. FEATURES 32M-bit Serial Flash Program/Erase Speed -4096K-byte -Page Program time: 0.6ms typical -256 bytes per programmable page -Sector Erase time: 50ms typical -Block Erase time: 0.15/0.25s typical
3.3V Uniform Sector Dual and Quad Serial Flash GD25Q256C 4 1. FEATURES 256M-bit Serial Flash Program/Erase Speed -32M-byte -Page Program time: 0.6ms typical -256 bytes per programmable page -Sector Erase time: 50ms typical -Block Erase time: 0.2/0.3s typical
2 - 2 Creating a Simple Object (Part I) Figure 1 Part at the end of this lesson Figure 2 Creating a new part Start Creo Parametric as usual. If it is already up, close all windows (except the base window) and erase all objects in session using File ' Manage Session ' Erase Current and/or File ' Manage Session ' Erase Not Displayed.Close the Navigator and
EGS-1007 AutoCAD Lab1 of 30 AutoCAD Tour Erase all the objects on the screen. Type "Undo" or "U" to undo the erase command. Type "Redo" to execute the erase command again. Turn ON the GRID again. Set new drawing limits by selecting "Format" - "Drawing Limits" from the pull-down menu or by typing "Limits".
American Chiropractic Board of Radiology Heather Miley, MS, DC, DACBR Examination Coordinator PO Box 8502 Madison WI 53708-8502 Phone: (920) 946-6909 E-mail: exam-coordinator@acbr.org CURRENT ACBR BOARD MEMBERS Tawnia Adams, DC, DACBR President E-mail: president@acbr.org Christopher Smoley, DC, DACBR Secretary E-mail: secretary@acbr.org Alisha Russ, DC, DACBR Member-at-Large E-mail: aruss@acbr .
