How to Securely Wipe the Data Stored on a Drive in macOS High Sierra

Securely wiping a drive, removing all of its data, and ensuring that no meaningful information can be recovered, has long been a feature of Disk Utility and its erase function. Even though the default for Disk Utility is a simple erase, a secure wipe was just a few clicks away.

Two recent changes have made the traditional secure wipe, performed by overwriting a volume multiple times with various types of data patterns, largely a thing of the past. The first change, leading to less reliance on the various secure wipe options, has been the proliferation of SSDs, both as original equipment provided by Apple and by resellers, such as OWC, which bring higher performance storage systems to the Mac.

(Using the Security Options to sanitize a volume may be a thing of the past.)

The second change that directly affects the Mac community, at least in the way free space can be securely erased, is the release of the APFS file system, and how it makes use of shared space between multiple volumes.

In this guide, we’re going to look at erasing volumes, partitions, and containers. We’ll be looking at drives formatted with APFS as well as those formatted with the traditional HFS+ file system. If you’re working with macOS Sierra or earlier, you may find the Rocket Yard Guide: How to Use Mac’s Disk Utility to Securely Wipe a Drive a good source of information for erasing your drives.

We’ll be using the Disk Utility app included with macOS High Sierra and later.

Erasing a Volume: The Basics
Let’s start off with erasing a volume to casually remove any stored data on the selected volume. In this case, we just want to free up the space for a new use, and aren’t worried about anyone being able to recover any of our old data.

Launch Disk Utility, located in the /Applications/Utilities folder.

Select View, Show All Devices, or click the View button in the Disk Utility toolbar, and select Show All Devices from the popup menu.

In macOS High Sierra and later, volumes can be carved out of the drive using partitions, or if the drive is formatted with APFS, they can be part of a container. By setting the sidebar to Show All Devices, we can readily see what a volume is associated with. This can affect the way we might choose to erase a volume.

(Make sure the volume you wish to erase is selected, then use the Erase button in the toolbar to begin the erase process.)

In the sidebar, select the volume you wish to erase. The volume is the lowest item in a drive’s hierarchical view. You should see “Physical Drive, Volume” for HFS+ formatted drives, or “Physical Drive, Container, Volume” for APFS formatted drives.

With the volume you wish to erase selected, click on the Erase button in the Disk Utility toolbar, or select Erase from the Edit menu.

The Erase sheet will drop down, presenting the options to change the volume’s name and format, and whether to use any of the Security Options. In this example, we’re just performing a simple erase, so leave everything as is, except for changing the name, if needed, and then click the Erase button.

The erase sheet will change to display a progress bar. When the erase has finished, click the Done button.

Erasing a Hard Drive Volume with Security Options
If you wish to erase a hard drive’s volume and ensure the old information it contained can’t be easily recovered, you can use the Security Options offered when choosing the erase function.

But before you make use of the Security Options, make sure the volume being erased is part of a hard drive and not a fusion drive or an SSD. The security options can shorten the life of SSDs by causing excessive writes to the SSD to occur. In the case of SSDs, for all but the most advanced security needs, you don’t need to use any of the multiple write security options to prevent old information from being recoverable.

(The Erase Security Options feature lets you pick the number of write passes that are made on the selected volume.)

If the volume you wish to erase is part of a hard drive, follow the steps outlined in Erasing a Volume: The Basics, above, until the erase sheet is shown. At this point, click the Security Options button.

The Security Options sheet will be displayed, showing a slider you can use to select one of four methods to erase the selected drive. The Fastest method is the same as the standard erase, and performs no special function to ensure any level of security. Picking this option will result in the volume being erased, but data can be recovered with basic data recovery apps.

Moving the slider one click towards the right will produce the first secure erase, which writes a pass of random data followed by a pass of all zeros across the selected volume. This two-pass write method will keep most individuals with prying eyes using conventional data recovery techniques from being able to access your old information.

The next security option produces a DOE-compliant three-pass secure erase. It uses two passes of random data followed by a third pass using a predefined data pattern. Using this method should secure your old data against most individuals, businesses, and governments not willing to spend excess money or time to uncover your data.

The last and most secure option is a seven-pass erasure that meets DOD 5220-22M standards for a secure wipe of magnetic media.

As you advance the slider to more secure options, you also substantially increase the time it takes to perform the erase. Make sure you really need this level of security before proceeding.

Make your selection and click the OK button, then click the OK button to begin the actual erase.

Securely Erasing SSDs and APFS Volumes
Unless you need to meet a specific business or government requirement, SSDs don’t need to use the secure erase options listed above. By their physical nature, SSDs are inherently secure after a basic erase process. The reason for this has to do with the internal architecture, logical to physical cell mapping, and wear leveling. Once the logical to physical map is removed, which occurs during a standard erase, accessing the internal data would just produce a hodge-podge of data that would be nearly impossible to decipher. You can read more about this in How to Use Mac’s Disk Utility to Securely Wipe a Drive.

If you’re really worried about old information on your SSD being recoverable, and you don’t think the inherent security offered by how an SSD works is enough, you can use this next method to produce an enhanced secure erase.

(Erasing a volume by changing the format to include encryption, followed up by a second standard erase, will create a nicely sanitized volume with little chance of data recovery.)

A better and much faster method to produce a sanitized SSD volume is to encrypt the data on the drive, and then erase it, removing the stored encryption key along with everything else. Since encrypting the volume will make use of 128-bit encryption and use a 256-bit encryption key, it’s estimated it would take one billion years using brute force to break the encryption. Of course, it’s also possible that the first brute force attempt could break the encryption, but it isn’t very likely.

Discover more about setting up and using encryption in the Rocket Yard Guide: Data Privacy Day: Keep Your Data Safe From Prying Eyes with FileVault.

If you’re using an APFS volume or an HFS+ volume, you can use the optional encryption format, available when you erase a drive. Simply follow the steps in Erase a Volume: The Basics, above, and when the Erase sheet appears, change the format drop-down menu to APFS (Encrypted), or Mac OS Extended (Journaled, Encrypted).

You can also encrypt a volume by right-clicking on the volume on the Desktop or in a Finder window and selecting Encrypt “Volume Name” from the popup menu.

Erasing APFS Containers
APFS volumes share the space within a container. This space sharing has a number of advantages, letting your volumes grow and shrink automatically as needed. But it could also have a security disadvantage. The shared space area of a container could hold old file data, even though the volume that originally contained the information was deleted.

If the container uses APFS encryption or the APFS formatted drive is an SSD, this should not be a concern. In the case of an SSD, the logical to physical map detailing the location of any old file was removed when the volume was deleted. And if the volume was using encryption, the encryption key was lost when the volume was removed.

Even so, some of you will want to be doubly, or even triply, sure, and erase the container when a volume is also deleted.

Note: This process is only valid when a container houses multiple volumes and the physical drive contains multiple containers. If you have a container with only a single volume there’s no need to remove the container.

(Use the minus (-) button to remove a container.)

To erase a container, select the container from the Disk Utility sidebar.

With the container selected, click the Partition button in the toolbar.

A sheet will drop down, asking if you wish to partition or add a volume. Click the Partition button.

A pie chart will appear, displaying any container or partitions on the physical drive. Make sure the container you wish to remove is selected in the pie chart.

Warning: The next steps will erase data from the selected item.

Click the minus (-) button to have all volumes housed within the container, as well as the container itself, removed. The pie chart will be updated to show the outcome. If this is what you intended, click the Apply button; otherwise, click the Revert button to leave the drive untouched.

Wiping a Volume, Container, or Drive: Troubleshooting
One of the more common problems you may encounter is the failure of an erase or a secure erase process to finish. In most cases, the problem occurs when the targeted volume or container fails to unmount. This can occur because one or more files is in active use. Close all open apps, including Disk Utility, then relaunch Disk Utility and try again.

If you still have an unmount failure, you can try manually unmounting the volume by selecting the volume in the Disk Utility sidebar, and then select Unmount from the Edit menu.

Another common problem is the inability to delete a container. This problem can arise when a container houses multiple volumes. Normally, deleting a container should force all volumes within the container to be removed, and then the container to be deleted. If a volume should fail to be removed, the container delete process will quit with an error. Try deleting each volume within the container by right-clicking the volume in the sidebar and selecting Remove Volume from the popup menu. Repeat for each volume within the container.

You can also run into an issue if the container you wish to delete is the first container on a drive. APFS drives require at least one container. Instead, perform an erase on the physical drive (Warning: All data on the drive will be lost).


LEAVE A COMMENT


  • Hmmm. I am using an older 1.0TB Mercury Electra 6G SSD as a Time Machine Drive to backup my data on an iMac Model 18-3 (OS 10.13.4). Regarding your article’s statement “to produce a sanitized SSD volume is to encrypt the data” using Disk Utility I was unable to 1) wipe my SSD clean and format as a APSF drive, the drive utility would only allow a Journaled format and 2) time machine would not allow me to encrypt my backup.




  • And what happened to “secure delete empty space?”




  • How about restoring the “secure delete trash” to El Capitan?