SSD's consist of blocks of storage. The SSD itself isn't aware of which blocks are not in use. The TRIM command is a way for the OS to keep a record of which blocks are available for writes. It also deletes data from blocks that are not in use so that when data is written to that block the operation does not have to wait for a delete, thus increasing performance. TRIM has two forms, determinate and indeterminate. The determinate form will overwrite all unused blocks with a zero and will happen all at once. The indeterminate form is unpredictable on when the TRIM operation will be performed and what exactly will be written in the blocks.
NVMe’s (Non-Volatile Memory express) version of TRIM is called deallocate.
Allow TRIM option in WipeDrive:
If a SSD/NVMe supports the TRIM command, of either form, WipeDrive will use it as part of the cleaning process, usually showing up as an additional pass at the very end. To disable this functionality, uncheck this box. If you need to be able to verify a wipe after the fact you may need to disable this option so the last pattern put on the device remains.
Secure Erase is a firmware erasure method built into some drives. There is also an improved version on many newer drives called Enhanced Secure Erase. When available, a command is sent to the firmware of the drive, and the firmware quickly overwrites every sector with a 1 or 0. Since it is an internal process, it is a very quick process. WipeDrive has the ability to determine if the drive can do Secure Erase, and will attempt to use that command to wipe the drive more efficiently. If a 3 pass pattern is selected in WipeDrive, for example, it will attempt to use Secure Erase during one of the passes. We now indicate on our logs whether a Secure Erase pass has been completed in order to comply with NIST standards if a NIST pattern is chosen.
If Secure Erase is not supported, WipeDrive then does the process manually. Depending on the wipe pattern chosen, WipeDrive will overwrite each sector of the drive with the appropriate data.
Sanitize Device is an operation somewhat like an enhanced version of Secure Erase. When the Sanitize command is given the users data will no longer be available. The information is unavailable even if the disk is powered off. If prematurely powered off, Sanitize will complete its operation once the disk is powered back on. Sanitize has three available operations: Block Erase, Crypto Scramble, and Overwrite. Most newer drives will support an assortment of the versions. The pre and post encryption key reset options within WipeDrive correspond to the Crypto Scramble sanitize command. An OPAL crypto erase is similar to this and uses the same key reset options but isn’t a Sanitize Device command.
Drop in Speed While Wiping
SSD’s that use TLC (Triple Layer Cell) NAND and V NAND cell structure provide a larger drive capacity than a Single Layer Cell would be able to achieve by storing more bits per cell. One downside is this can cause continuous write speeds to be poor. To compensate for this issue manufacturers may include a portion of Single Layer Cells, in some cases DRAM, as a buffer. The amount of buffer depends on the manufacturer and drive size. As long as the buffer is not exhausted in one operation, then the drive should maintain a write performance expected from SSD. If the buffer is exhausted, which may often occur during wiping, there will be a decrease in write performance.