Scribd
Upload
81 views2 pages

tech-brief-instant-secure-erase-overview

Uploaded by

roadhog77
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
81 views2 pages

tech-brief-instant-secure-erase-overview

Uploaded by

roadhog77
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 2

TECH BRIEF INSTANT SECURE ERASE

Instant Secure Erase


Instant Secure Erase (ISE) is a feature on many Ultrastar HDDs & SSDs. The feature is included in newer capacity
enterprise drives: Ultrastar® DC HC520 (12TB) and Ultrastar DC HC510 (10TB/8TB). It provides several benefits, and
is available in both SATA and SAS configurations.

Drives with the ISE feature allow users to instantly erase the drive Data Encryption
by using industry-standard commands and options. This feature is
beneficial compared to the alternative of overwriting a drive with new Western Digital offers comprehensive data encryption solutions on
data, which can take hours, especially for higher capacity hard drives. many Ultrastar SATA and SAS drives.

Another benefit of using the new feature is that it can effectively erase • Bulk Data Encryption (BDE) is offered as an option on some SATA HDDs.
both user accessible data, as well as potentially hidden user data that
• TCG Encryption (TCG) is offered as an option for SAS HDDs and SSDs.
the drive maintains, but the user cannot easily access, such as re-
allocated blocks, spare blocks, etc. Western Digital also offers FIPS 140-2 Level 2 validation, a U.S.
government security standard which includes tamper-evidence
protection, on certain TCG drive models (TCG-FIPS).

Neither Instant Secure Erase (ISE) nor Secure Erase (SE) drive models
provide encryption, but ISE functionality is included on all BDE, TCG
and TCG-FIPS HDDs and SSDs from Western Digital.

Implementation
Instant Secure Erase is Western Digital’s implementation of the
industry standard T10/T13 SANITIZE command. The host can determine
if the feature is available in SATA drives by calling Identify Device to
determine if the SANITIZE device feature set is supported, and what
optional features are supported. With SAS drives, the Sanitize Service
Action Codes can be used to determine features. Refer to the Ultrastar
HDD and SSD OEM specification for specific bit/byte assignments.

The SANITIZE command supports three options:

1. Crypto Scramble (SATA)/ Crypto Erase (SAS)

2. Overwrite (for HDDs)

3. Block Erase (for SSDs)

Crypto Scramble/Erase uses cryptographic techniques to securely


How Does Instant Secure Erase Work? erase the drive.
In order to securely erase the data, the drive first creates an internal • T13 SATA specification uses the term Crypto Scramble.
cipher key that is used to cryptographically scramble (or unscramble)
the data as it is written to (or read from) the disk. During normal • T10 SAS specification uses the term Crypto Erase.
drive operation, all data is scrambled (or unscrambled) using that
internal key. When the operator uses Instant Secure Erase to wipe the Both features are similar. To simplify things, both are used
drive clean, the HDD deletes the internal key, rendering all user data interchangeably in this document to describe the same feature. When
unreadable. the drive is SANITIZED (wiped clean) using the Crypto Erase option, the
HDD deletes the internal key, rendering data unreadable.
It is important to note that while Instant Secure Erase uses
cryptographic techniques to securely erase data, it does not offer Overwrite is a secondary erasure method for HDDs. It erases the drive
data encryption to protect data at rest. by overwriting existing data with a bit pattern. This method erases the
existing magnetic bits by overwriting them with new data. The host
can provide a specific bit pattern to use for overwriting.

Instant Secure Erase


TECH BRIEF HGST MICROACTUATOR
INSTANT SECURE ERASE

Block Erase is the secondary erasure method for SSDs. SSDs can be
erased by performing a block erase, which “electrically” erases each
More Information
block by using internal SSD functions. For more information on the SANITIZE command, please refer to the
OEM Specifications for the specific drive of interest.
In normal operation, the host can query the device to determine if
SANITIZE is supported, and if so, which of the three options (Crypto OEM Specifications can be found on our website for the following
Erase, Overwrite, Block Erase) are supported. products:

With ISE HDDs, both Crypto Erase and Overwrite are supported. Ultrastar DC HC520
Block Erase does not apply to HDDs. http://www.wdc.com/dc-hc520
With ISE SSDs, both Crypto Erase and Block Erase are supported. Ultrastar DC HC510
Overwrite does not apply to SSDs. http://www.wdc.com/dc-hc510

Secure Erase
SATA: See manual sections titled “SANITIZE Device Feature Set”. This
Secure Erase (SE) is a subset of Instant Secure Erase, where the
section explains the command parameters as well as the state machine
Crypto Erase option has been disabled. Thus, there is no longer an
for various conditions that occur when using the SANITIZE command.
“instant” option. The SANITIZE command is still supported, but only
Do not confuse “Instant Secure Erase” using the SANITIZE command
with “Overwrite” or “Block Erase” options. The SE feature provides an
(what we are describing in this document) with the similarly named
advantage over a “manual overwrite” by ensuring that any current non-
“SECURITY ERASE Unit” which is part of the Security Mode Feature Set
accessible user data areas are also overwritten.
found on Ultrastar SATA HDDs & SSDs.
Western Digital provides Instant Secure Erase (ISE) as a standard SAS: See sections titled “SANITIZE (48)”
feature in many of our enterprise-class HDD and SSD products.
Secure Erase (SE) drives provide an option for customers who do not
want the Crypto Erase option, but still desire to support the SANITIZE Industry Standards
Feature with Overwrite only (or Block Erase only for SSDs). The T10/T13 technical committees define the SAS/SATA drive
standards respectively, and the technical committees publish these
With SE HDDs, Overwrite is supported. With SE SSDs, Block Erase
specifications. The SANITIZE feature is one of the commands available
is supported.
within the specification. More information can be found at the links below:

www.T13.org (SATA)
www.t10.org (SAS)

5601 Great Oaks Parkway © 2016-2018 Western Digital Corporation or its affiliates. All rights reserved. Produced 8/15. Rev. 9/18. Western Digital, the Western Digital logo, and Ultrastar are
San Jose, CA 95119, USA trademarks or registered trademarks of Western Digital Corporation or its affiliates in the US and/or other countries. All other marks are the property of their respective
owners. References in this publication to Western Digital products, programs, or services do not imply that they will be made available in all countries. Product
US (Toll-Free): 800.801.4618
specifications provided are sample specifications that are subject to change and do not constitute a warranty. Please visit our website, www.westerndigital.com for
International: 408.717.6000 additional information on product specifications. Pictures shown may vary from actual products.
www.westerndigital.com

Instant Secure Erase WTB03-EN-US-0918-01

You might also like