(Also in this series: ATA Sanitize Device and hdparm, ATA Secure Erase (SE) and hdparm, and NVMe Sanitize.)
nvme-format, part of nvme-cli (NVMe management command line interface), offers two Secure Erase options:
Secure Erase Settings: This field specifies whether a secure erase should be performed as part of the format and the type of the secure erase operation. The erase applies to all user data, regardless of location (e.g., within an exposed LBA, within a cache, within deallocated LBAs, etc). Defaults to 0.
Value Definition 0 No secure erase operation requested 1 User Data Erase: All user data shall be erased, contents of the user data after the erase is indeterminate (e.g., the user data may be zero filled, one filled, etc). The controller may perform a cryptographic erase when a User Data Erase is requested if all user data is encrypted. 2 Cryptographic Erase: All user data shall be erased cryptographically. This is accomplished by deleting the encryption key. 3-7 Reserved
NVM Express Base Specification Revision 1.3c May 24, 2018 states:
As part of the Format NVM command, the host may request a secure erase of the contents of the NVM. There are two types of secure erase. The User Data Erase erases all user content present in the NVM subsystem. The Cryptographic Erase erases all user content present in the NVM subsystem by deleting the encryption key with which the user data was previously encrypted.
The nvme-cli README.md includes installation instructions for a number of Linux distributions, though building is as simple as make && make install
.
# nvme list
Node SN Model Namespace Usage Format FW Rev
---------------- -------------------- ---------------------------------------- --------- -------------------------- ---------------- --------
/dev/nvme0n1 XXXXXXXXXXXX WDS250G2X0C-00L350 1 250.06 GB / 250.06 GB 512 B + 0 B 101110WD
# nvme id-ctrl -H /dev/nvme0
NVME Identify Controller:
vid : 0x15b7
ssvid : 0x15b7
sn : XXXXXXXXXXXX
mn : WDS250G2X0C-00L350
fr : 101110WD
...
oacs : 0x17
[1:1] : 0x1 Format NVM Supported
...
fna : 0
[2:2] : 0 Crypto Erase Not Supported as part of Secure Erase
...
This device supports User Data Erase (value 1 in above table), but not Cryptographic Erase (value 2 in above table).
# nvme format /dev/nvme0 --ses=1
Success formatting namespace:ffffffff
#nvme format /dev/nvme0 --ses=1
NVME Admin command error:INVALID_FORMAT(410a) #systemctl -i suspend
#nvme format /dev/nvme0 --ses=1
Success formatting namespace:ffffffff
# hexdump /dev/nvme0n1
0000000 0000 0000 0000 0000 0000 0000 0000 0000
*
3a38b2e000
There are reports of "NVME Admin command error:INVALID_OPCODE(2001)" on Samsung NVMe SSDs being resolved by suspending and waking the computer as well.
The manpage on specifying the character device (e.g., /dev/nvme0) vs the namespace block device (e.g., /dev/nvme0n1): If the character device is given, the namespace identifier will default to 0xffffffff to send the format to all namespace, but can be overridden to any namespace with the 'namespace-id' option. If the block device is given, the namespace identifier will default to the namespace id of the block device given, but can be overridden with the same option.
For more information on NVMe character devices (e.g., /dev/nvme0) vs. namespace block devices (e.g., /dev/nvme0n1), see Why is there both character device and block device for nvme? and Managing NVMe Namespaces.
The NVMe 2.1 specs (announced on August 6, 2024) include "post sanitization media verification".
created: 2018.06.30, updated: 2024.08.06