tinyapps.org / docs / NVMe Sanitize

(Also in this series: ATA Sanitize Device and hdparm, ATA Secure Erase (SE) and hdparm, and NVMe Secure Erase.)


The NVMe 1.3 specification introduced a host of new features, including Sanitize. Alas, it is an optional feature (per section 8.15, "Sanitize Operations (Optional)" of NVM Express Revision 1.3b), as I discovered after purchasing a drive which advertised that it "follows NVMe 1.3".

Peter Onufryk outlines NVMe Sanitize benefits over NVMe format/Secure Erase in Major New Features in NVMe 1.3 and Looking to the Future:

  1. Once Sanitize has been initiated, it keeps running until complete (surviving reboots, etc.)
  2. Format erases all data in namespace, but Sanitize additionally erases any cache or buffer data
  3. Any log page metadata is also erased


0. Install nvme-cli

The nvme-cli README.md includes installation instructions for a number of Linux distributions, though building is as simple as make && make install.

1. List NVMe device(s)

# nvme list
Node             SN                   Model                                    Namespace Usage                      Format           FW Rev  
---------------- -------------------- ---------------------------------------- --------- -------------------------- ---------------- --------
/dev/nvme0n1     XXXXXXXXXXXX         WDS250G2X0C-00L350                       1         250.06  GB / 250.06  GB    512   B +  0 B   101110WD
/dev/nvme1n1     XXXXXXXXXXXX         CT500P1SSD8                              1         500.11  GB / 500.11  GB    512   B +  0 B   P3CR010 

2. Check for Sanitize support:

# nvme id-ctrl -H /dev/nvme1
  [2:2] : 0   Overwrite Sanitize Operation Not Supported
  [1:1] : 0x1 Block Erase Sanitize Operation Supported
  [0:0] : 0   Crypto Erase Sanitize Operation Not Supported

3. Perform block erase sanitize operation

# nvme sanitize -a 2 /dev/nvme1

4. Check sanitize status

# nvme sanitize-log /dev/nvme1


Sanitize Progress                      (SPROG) :  16704
Sanitize Status                        (SSTAT) :  0x2


Sanitize Progress                      (SPROG) :  65535
Sanitize Status                        (SSTAT) :  0x101

5. Verify

# dd if=/dev/nvme1n1 bs=8192 status=progress | hexdump
0000000 0000 0000 0000 0000 0000 0000 0000 0000


Sanitize action values are listed as 3-bit binary numbers in the nvme-sanitize man page:

-a <action>::
    Sanitize Action:
    000b - Reserved
    001b - Exit Failure Mode
    010b - Start a Block Erase sanitize operation
    011b - Start an Overwrite sanitize operation
    100b - Start a Crypto Erase sanitize operation

though the included examples use hexadecimal:

# nvme sanitize /dev/nvme0n1 -a 0x02
# nvme sanitize /dev/nvme0n1 --sanact=0x01

As we saw above, plain decimal values are fine too (000b = 0, 001b = 1, 010b = 2, 011b = 3, 100b = 4), though not binary:

# nvme sanitize -a 010b /dev/nvme1
Invalid Sanitize Action

# nvme sanitize -a 0b010 /dev/nvme1
Invalid Sanitize Action

Sanitize mode notes from NVMe Tips and Tricks ww46'18 rev2 by Jonmichael Hands, "Strategic Planner / Product Line Manager for Intel Data Center SSDs":

There is some confusion as to whether a Sanitize Status (SSTAT) value of 0x101 indicates success or failure; according to ArchWiki, it is the former:

When the command has completed successfully:

Sanitize Progress                      (SPROG) :  65535
Sanitize Status                        (SSTAT) :  0x101

This Google-translated excerpt from Sanitize小知识 offers a possible explanation:

The Sanitize Progress (SPROG) field represents the progress of sanitize completion, which refers to the progress of completely deleting data from NAND asynchronously. With 65536 as the denominator, 65535 means that the progress is 100% complete.

The Sanitize Status (SSTAT) field records the last completed sanitize status, and 0x101 represents that the 0th bit in [2:0] is set to "1", which means that the latest sanitize execution was successful.

See also page 116 of NVM Express Revision 1.3b.

created: 2018.09.13, updated: 2022.02.23