tinyapps.org / docs / NVMe Sanitize


(Also in this series: ATA Sanitize Device and hdparm, ATA Secure Erase (SE) and hdparm, and NVMe Secure Erase.)

Introduction

The NVMe 1.3 specification introduced a host of new features, including Sanitize. Alas, it is an optional feature (per section 8.15, "Sanitize Operations (Optional)" of NVM Express Revision 1.3 May 1, 2017), as I discovered after purchasing a drive which advertised that it "follows NVMe 1.3". Despite contacting every major NVMe drive manufacturer, I have yet to find one with Sanitize support.

Peter Onufryk outlines NVMe Sanitize benefits over NVMe format/Secure Erase in Major New Features in NVMe 1.3 and Looking to the Future:

  1. Once Sanitize has been initiated, it keeps running until complete (surviving reboots, etc.)
  2. Format erases all data in namespace, but Sanitize additionally erases any cache or buffer data
  3. Any log page metadata is also erased

Usage

0. Install nvme-cli

The nvme-cli README.md includes installation instructions for a number of Linux distributions, though building is as simple as make && make install.

1. List NVMe device(s)

# nvme list
Node             SN                   Model                                    Namespace Usage                      Format           FW Rev
---------------- -------------------- ---------------------------------------- --------- -------------------------- ---------------- --------
/dev/nvme0n1     XXXXXXXXXXXXXXXXXXXX TS128GMTE110S                            1         128.04  GB / 128.04  GB    512   B +  0 B   R0213A3

2. Check for Sanitize support:

# nvme id-ctrl -H /dev/nvme0n1
NVME Identify Controller:
vid     : 0x126f
ssvid   : 0x126f
sn      : XXXXXXXXXXXXXXXXXXXX
mn      : TS128GMTE110S
fr      : R0213A3
...
sanicap : 0
  [2:2] : 0 Overwrite Sanitize Operation Not Supported
  [1:1] : 0 Block Erase Sanitize Operation Not Supported
  [0:0] : 0 Crypto Erase Sanitize Operation Not Supported
...

3. For supported devices, refer to the nvme-sanitize man page:

nvme-sanitize(1)
================

NAME
----
nvme-sanitize - Send NVMe Sanitize Command, return result

SYNOPSIS
--------
[verse]
'nvme sanitize' <device> [--no-dealloc | -d]
              [--oipbp | -i]
              [--owpass=<overwrite-pass-count> | -n <overwrite-pass-count>]
              [--ause | -u]
              [--sanact=<action> | -a <action>]
              [--ovrpat=<overwrite-pattern> | -p <overwrite-pattern>]

DESCRIPTION
-----------
For the NVMe device given, sends a Sanitize command and
provides the result.

The <device> parameter is mandatory NVMe character device (ex: /dev/nvme0).

On success it returns 0, error code otherwise.

OPTIONS
-------
-d::
--no-delloc::
    No Deallocate After Sanitize:
    If set, then the controller shall not deallocate any logical
    blocks as a result of successfully completing the sanitize
    operation. If cleared, then the controller should deallocate
    logical blocks as a result of successfully completing the
    sanitize operation.  This bit shall be ignored if the Sanitize
    Action field is set to 001b (i.e., Exit Failure Mode).

-i::
--oipbp::
    Overwrite Invert Pattern Between Passes:
    If set, then the Overwrite Pattern shall be inverted between
    passes. If cleared, then the overwrite pattern shall not be
    inverted between passes. This bit shall be ignored unless the
    Sanitize Action field is set to 011b (i.e., Overwrite).

-n <overwrite-pass-count>::
--owpass=<overwrite-pass-count>::
    Overwrite Pass Count:
    This field specifies the number of overwrite passes (i.e.,
    how many times the media is to be overwritten) using the data
    from the Overwrite Pattern field of this command. A value of 0
    specifies 16 overwrite passes. This field shall be ignored
    unless the Sanitize Action field is set to 011b (i.e., Overwrite).

-u::
--ause::
    Allow Unrestricted Sanitize Exit:
    If set, then the sanitize operation is performed in unrestricted
    completion mode. If cleared then the sanitize operation is
    performed in restricted completion mode. This bit shall be ignored
    if the Sanitize Action field is set to 001b (i.e., Exit Failure Mode).

-a <action>::
--sanact=<action>::
    Sanitize Action:
    000b - Reserved
    001b - Exit Failure Mode
    010b - Start a Block Erase sanitize operation
    011b - Start an Overwrite sanitize operation
    100b - Start a Crypto Erase sanitize operation

-p <overwrite-pattern>::
--ovrpat=<overwrite-pattern>::
    Overwrite Pattern:
    This field is ignored unless the Sanitize Action field in
    Command Dword 10 is set to 011b (i.e., Overwrite). This field
    specifies a 32-bit pattern that is used for the Overwrite
    sanitize operation.

EXAMPLES
--------
* Has the program issue Sanitize Command :
+
------------
# nvme sanitize /dev/nvme0n1 -a 0x02
# nvme sanitize /dev/nvme0n1 --sanact=0x01

------------

NVME
----
Part of the nvme-user suite.

last update: 2018.09.13