Securely erasing a storage device with Linux

This tutorial shows how to securely erase a storage device. I use in this tutorial a hard drive, but it can be also a flash drive etc. I’m running Ubuntu 16.04 from live-usb.

First you need to figure out, what is the storage device you want to erase. It can be /dev/sdb or something like that, but don’t use partitions. So not like this “/deb/sdb1”. Run command:

$ sudo fdisk -l

......
Disk /dev/sda: 698.7 GiB, 750156374016 bytes, 1465149168 sectors
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disklabel type: dos
Disk identifier: 0x00063067

Device     Boot Start        End    Sectors   Size Id Type
/dev/sda1  *     2048 1465147391 1465145344 698.7G 83 Linux
.......

Mine was /dev/sda, but I use /dev/sdX in example commands so hopefully no one will erase wrong device by mistake.

Check if there are any mounted partitions

$ mount -l | grep /dev/sdX

/dev/sdX1 on /media/ubuntu/f3dc34aa-2cd1-4954-ad5d-bee45909d99c type ext4 (rw,nosuid,nodev,relatime,data=ordered,uhelper=udisks2)

If there is partitions, you should remove all mounted partitions before erasing all data

$ sudo umount /media/ubuntu/f3dc34aa-2cd1-4954-ad5d-bee45909d99c

Make sure you founded the right storage device you really want to erase. After this command there is no coming back. Shred will overwrite the device 3 times by default so it can took awhile.

There is 3 different ways to erase device. I recommend the third option.

1. Write random bits three times and leave all bits random (default):

$ sudo shred -v /dev/sdX

2. Write random bits one time and after that change all bits to zero:

$ sudo shred -v -n1 -z /dev/sdX

3. Write random bits three time and after that change all bits to zero (I recommend this if you really wanna be sure everything is erased):

$ sudo shred -v -z /dev/sdX

Now your storage device is empty and ready to be sold or used. If you are going to use it, then you can do partitioning with gparted or some other tool

You should also check your hard drive health before selling it or partitioning

Partitioning with gparted

If you want to use gparted run these commands:

$ sudo apt update
$ sudo apt install gparted
$ sudo gparted

gparted should now be open.

If you get error:
The driver descriptor says the physical block size is 2048 bytes, but Linux says it is 512 bytes.
Run this command to your device (change sdX to your device):

$ sudo dd if=/dev/zero of=/dev/sdX bs=2048 count=32 && sync

In gparted

1. Choose device where you want to create partition.
2. Device -> Create partition table -> ms-dos (or gpt) -> Apply
3. Partition -> New
- If you use Windows: File System -> ntfs
- If you use Linux: File System -> ext4
- Add Label
4. Push: Add
5. Apply

Now you have created new partition.

Check hard drive health with S.M.A.R.T

Install smartmontools

$ sudo apt install smartmontools

With this command you can check estamated time for short and long tests

$ sudo smartctl -c /dev/sdX

Usually the short test is sufficient for detecting issues

$ sudo smartctl -t short /dev/sdX

If you want to examinate the entire disk surface then use long test (this can take an hour, two hours or more)

$ sudo smartctl -t long /dev/sdX

Test results you can see with this command

$ sudo smartctl -H /dev/sdX

You should see test result is passed

=== START OF READ SMART DATA SECTION ===
SMART overall-health self-assessment test result: PASSED

If you see something else you should find out what is means.

Source:
https://askubuntu.com/questions/17640/how-can-i-securely-erase-a-hard-drive
https://www.ghacks.net/2017/07/19/how-to-check-hard-drive-disk-health-in-gnulinux/