Why is the Secure Erase option not available for SSD media?

Question

Created 9h

Replies 3

Boosts 0

Participants 2

This post is from the WWDC26 File Systems Q&A.

There has been a lot of speculation/explanations offered over the years about why this functionality was removed from Disk Utility, but some of it is contradictory. I'd love to hear a definitive answer from the experts – what's the technical reason that Secure Erase is not offered for SSDs?

Answered by Engineer in 891133022

Thanks for the clarification. The note there is trying to be both terse and accurate at the same time which can be challenging.

The main point to observe is that with external media, we (Apple) do not control the block remapping layer of the drive, and so knowing exactly when a particular block's prior contents have been zeroed is very challenging. Much of the exact behavior of how the external drive responds to TRIM or UNMAP is vendor dependent. So in the interest of not wanting to offer any false promises, it was removed. Additionally, with the physics of SSDs being what they are (not actually doing targeted overwrites of a particular NAND block), the former secure erase option doesn't exactly help the longevity of the drive with generally more limited write accumulation as compared to a HDD.

Answer 1

Engineer OP

Apple

8h

Just to clarify, are you asking about internal media, external media, or just in general? Through the DiskUtility.app?

Answer 2

bombich OP

8h

Primarily external media, and yes, via Disk Utility. The documentation for the secureErase verb in diskutil has this note:

NOTE: This kind of secure erase is no longer considered safe. Modern devices have wear-leveling, block-sparing, and possibly-persistent cache hardware, which cannot be completely erased by these commands.

But this is the detail that is at the center of some disagreement/conflict (e.g. claims that blocks are erased before being wear-leveled).

Answer 3

Engineer OP

Apple

8h

Accepted Answer

Recommended

Thanks for the clarification. The note there is trying to be both terse and accurate at the same time which can be challenging.

The main point to observe is that with external media, we (Apple) do not control the block remapping layer of the drive, and so knowing exactly when a particular block's prior contents have been zeroed is very challenging. Much of the exact behavior of how the external drive responds to TRIM or UNMAP is vendor dependent. So in the interest of not wanting to offer any false promises, it was removed. Additionally, with the physics of SSDs being what they are (not actually doing targeted overwrites of a particular NAND block), the former secure erase option doesn't exactly help the longevity of the drive with generally more limited write accumulation as compared to a HDD.