Linux erase all disk

Securely wipe disk

Wiping a disk is done by writing new data over every single bit.

Contents

Common use cases

Wipe all data left on the device

The most common usecase for completely and irrevocably wiping a device is when the device is going to be given away or sold. There may be (unencrypted) data left on the device and you want to protect against simple forensic investigation that is mere child’s play with for example File recovery software.

If you want to quickly wipe everything from the disk, /dev/zero or simple patterns allow maximum performance while adequate randomness can be advantageous in some cases that should be covered up in #Data remanence.

Every overwritten bit means to provide a level of data erasure not allowing recovery with normal system functions (like standard ATA/SCSI commands) and hardware interfaces. Any file recovery software mentioned above then would need to be specialized on proprietary storage-hardware features.

In case of a HDD, data recreation will not be possible without at least undocumented drive commands or tinkering with the device’s controller or firmware to make them read out for example reallocated sectors (bad blocks that S.M.A.R.T. retired from use).

There are different wiping issues with different physical storage technologies. Most notably, all Flash memory based devices and older magnetic storage (old HDDs, floppy disks, tape).

Preparations for block device encryption

To prepare a drive for block device encryption inside the wiped area afterwards, it is recommended to use #Random data generated by a cryptographically strong random number generator (referred to as RNG in this article from now on).

Data remanence

See also Wikipedia:Data remanence. The representation of data may remain even after attempts have been made to remove or erase the data.

Operating system, programs and filesystem

The operating system, executed programs or journaling file systems may copy your unencrypted data throughout the block device. When writing to plain disks, this should only be relevant in conjunction with one of the above.

If the data can be exactly located on the disk and was never copied anywhere else, wiping with random data can be thoroughgoing and impressively quick as long there is enough entropy in the pool.

A good example is cryptsetup using /dev/urandom for wiping the LUKS keyslots.

Hardware-specific issues

Flash memory

Write amplification and other characteristics make Flash memory, including SSDs, a stubborn target for reliable wiping. As there is a lot of transparent abstraction in between data as seen by a device’s controller chip and the operating system, sight data is never overwritten in place and wiping particular blocks or files is not reliable.

Other «features» like transparent compression (all SandForce SSDs) can compress your zeros or repetitive patterns, so if wiping is fast beyond belief this might be the cause.

Disassembling Flash memory devices, unsoldering the chips and analyzing data content without the controller in between is feasible without difficulty using simple hardware. Data recovery companies do it for cheap money.

For more information see:

Marked Bad Sectors

If a hard drive marks a sector as bad, it cordons it off, and the section becomes impossible to write to via software. Thus a full overwrite would not reach it. However because of block sizes, these sections would only amount to a few theoretically recoverable KiB.

Residual magnetism

A single, full overwrite with zeros or random data does not lead to any recoverable data on a modern high-density storage device. Note that repeating the operation should not be necessary nowadays. [1] Indications otherwise refer to single residual bits; reconstruction of byte patterns is generally not feasible.[2] See also [3], [4] and [5].

Select a target

Use fdisk to locate all read/write devices the user has read access to.

Check the output for lines that start with devices such as /dev/sd»X» .

This is an example for a HDD formatted to boot a linux system:

Or another example with the Arch Linux image written to a 4GB USB thumb drive:

If you are worried about unintentional damage of important data on the primary computer, consider using an isolated environment such as a virtual environment (VirtualBox, VMWare, QEMU, etc. ) with direct connected disk drives to it or a single computer only with a storage disk(s) that need to be wiped booted from a Live Media (USB, CD, PXE, etc. ) or use a script to prevent wiping mounted partitions by typo.

Select a data source

To wipe sensitive data, one can use any data pattern matching the needs.

Zeros

Overwriting with /dev/zero or simple patterns is considered secure in most situations. With today’s HDDs, it is deemed appropriate and fast for disk wiping.

However, a drive that is abnormally fast in writing patterns or zeroing could be doing transparent compression. It is obviously presumable not all blocks get wiped this way. Some #Flash memory devices do «feature» that.

To setup block device encryption afterwards, one should wipe the area with random data (see next section) to avoid weakening the encryption.

Random data

True random data source using /dev/random is impractical for wiping large capacities as it will take too long to wait for the entropy generation. /dev/urandom can be used as a reasonable source of pseudorandom data. For differences between random and pseudorandom data as source, please see Random number generation.

Another alternative for pseudorandom data generation is to use an encrypted datastream. For example, if one wants to prepare a device for block encryption and will use AES for the encrypted partition, it is appropriate to wipe it with a similar cipher prior to creating the filesystem to make the empty space not distinguishable from the used space.

Select a block size

If you have an Advanced Format hard drive it is recommended that you specify a block size larger than the default 512 bytes. To speed up the overwriting process choose a block size matching your drive’s physical geometry by appending the block size option to the dd command (i.e. bs=4096 for 4 KiB).

fdisk prints physical and logical sector size for every disk. Alternatively sysfs does expose information:

Calculate blocks to wipe manually

A block storage devices contains sectors and a size of a single sector that can be used to calculate the whole size of device in bytes. You can do it by multiplying sectors with size of the sector.

As an example we use the parameters with the dd command to wipe a partition:

Here, to illustrate with a practical example, we will show the output of the fdisk command on the partition /dev/sdX :

• The first line of the fdisk output shows the disk size in bytes and in logical sectors.
• The size in bytes of the storage device or of the partition can also be obtained with the command blockdev —getsize64 /dev/sdXY .
• The Units line of the fdisk output shows the size of single logical sector; the logical sector size can also be derived from the number of bytes divided by the number of logical sectors, here use: echo $((2000398934016 / 3907029168)) .
• To know the physical sector size in bytes (that will make it work faster), we can use the next line.
• To get the disk size in physical sectors, one can divide the disk size in bytes by the size of a single physical sector, here echo $((2000398934016 / 4096)) ,

To wipe partition /dev/sdX1 , the example parameters with logical sectors would be used like follows.

• By using the starting address of the partition on the device using the seek= parameter:

with Start=2048 , End=3839711231 and BytesInSector=512 .

• Or by using the partitions size in logical sectors:

Or, to wipe the whole disk by using physical sectors:

with AllDiskPhysicalSectors=488378646 and PhysicalSectorSizeBytes=4096 .

Overwrite the target

You can choose from several utilities to overwrite a drive. If you only want to wipe a single file, Securely wipe disk/Tips and tricks#Wipe a single file has considerations in addition to the utilities mentioned below.

By redirecting output

The redirected output can be used to create files, rewrite free space on the partition, and to wipe the whole device or a single partition on it.

The following examples show how to rewrite the partition or a block device by redirecting stdout from other utilities:

The file copy command cp can also be used to rewrite the device, because it ignores the type of the destination:

To show speed and time you can use pv :

Zero-fill the disk by writing a zero byte to every addressable location on the disk using the /dev/zero stream.

The process is finished when dd reports No space left on device and returns control back:

To speed up wiping a large drive, see also:

A program specialized on wiping files. It is available as part of the wipe package. To make a quick wipe of a destination, you can use something like:

See also wipe(1) . The tool was last updated in 2009. Its SourceForge page suggests that it is currently unmaintained.

shred

shred (from the coreutils package) is a Unix command that can be used to securely delete individual files or full devices so that they can be recovered only with great difficulty with specialised hardware, if at all. By default shred uses three passes, writing pseudo-random data to the device during each pass. This can be reduced or increased.

The following command invokes shred with its default settings and displays the progress.

Shred can also be used on a single partition, e.g. to wipe the first partition use shred -v /dev/sdX1 .

Alternatively, shred can be instructed to do only one pass, with entropy from e.g. /dev/urandom .

Badblocks

The tool badblocks from e2fsprogs is able to perform destructive read-write test, effectively wiping the device. By default, it performs four passes and can take very long.

hdparm

hdparm supports ATA Secure Erase, which is functionally equivalent to zero-filling a disk. It is however handled by the hard drive firmware itself, and includes «hidden data areas». As such, it can be seen as a modern-day «low-level format» command. SSD drives reportedly achieve factory performance after issuing this command, but may not be sufficiently wiped (see #Flash memory).

Some drives support Enhanced Secure Erase, which uses distinct patterns defined by the manufacturer. If the output of hdparm -I for the device indicates a manifold time advantage for the Enhanced erasure, the device probably has a hardware encryption feature and the wipe will be performed to the encryption keys only.

For detailed instructions on using ATA Secure Erase, see Solid state drive/Memory cell clearing and the Linux ATA wiki.

Источник

How to Format and Wipe Linux Disk Using Commands

Can’t seem to clear your Linux disk space or not sure about disk formatting? Read this informative post about the working of different Linux commands to wipe or format the disk.

Theo Lucia

Sep 14, 2021 • Filed to: Answer Hard Drive Problems • Proven solutions

If you also own a Linux system, which is running on low disk space, then you might be facing a similar situation. Although Linux is one of the most popular open-source operating systems, it can be a bit complicated at times. For instance, there is no direct solution to do a Linux format disk using a dedicated GUI feature. Don’t worry – you can still erase the disk on Linux with the help of the right commands. Read on and clear your Linux disk space by following this extensive guide.

Content

Why Do We Need to Format and Wipe Linux Disk?

Before we get to know different ways to format a disk on Linux, it is vital to understand the reasons behind it. Ideally, there could be the following major reasons for wiping or formatting a disk on a Linux system:

• If your system is running low on free space, then you can choose to wipe the data of a partition or a disk.
• Sometimes, a system can become slow by having limited free space. By formatting its Linux drive, you can improve its performance as well.
• If your system has been corrupted by malware, then you can wipe the hard disk of your Linux to resolve this.
• Mostly, users prefer to do a Linux format disk before reselling their systems. This helps themВ protect their data.
• There could be an issue with the firmware or the system storage, which can be fixed after wiping a Linux disk.

How to Format a Linux Hard Drive?

Unlike Windows or macOS, there is not a dedicated disk management tool that can help us partition or format the disk. Therefore, we need to take the assistance of certain commands to format a Linux disk. If you are connecting your drive for the first time to your Linux system, then you need to create a partition beforehand. To implement this, you can enter the fdisk command. Once a partition is created, you can use the «mkfs.ext4» command to format the disk. Here’s a simple solution to format a disk on a Linux system.

Step 1 Create a partition of the disk

Firstly, connect the disk to your Linux system if you haven’t already and launch the Terminal window on it. You can enter the following command to check it:

sudo fdisk –l.

Now, to create a partition, enter the command «fdsk» in the following format:

sudo fdisk /dev/sdb.

This will launch the results of the fdisk command. If you want, you can type «m» to get help. It will display a list of the supported parameters. You can type «n» to create a new partition, «d» to delete the partition, «p» to check the partition table, and so on.

Firstly, press «p» and enter to view the partition table. This will let you know about the disk identifier and the sector space. Subsequently, enter the «n» command to create a new partition. You will be given an option to create a primary or an extended partition. Press «p» to create a new primary partition and give it a number from 1 to 4. If you want to create a single partition, then enter «1».

Step 2 Format the disk

Great! Once you have created the relevant partition on your Linux system, you can format it by entering the command –

sudo mkfs.ext4 /dev/sdb.

This will make the system look for the available partitions on the drive. When you are asked to confirm your choice, just press «y». Afterward, wait for a while as the selected partitions would be formatted on the Linux system.

Step 3 Mount the file system (optional)

If you want, you can mount the file system as well. To do this, you can use the «mkdir /data» command to make a directory. After that, end the following command to mount it:

mount /dev/sdb1 /data.

How to Wipe a Hard Drive on Linux?

If you are planning to resell your system or are concerned about your privacy, then you should consider wiping the drive instead. Unlike formatting a disk, wiping it will erase the data and make the recovery process harder than before. Thankfully, there are multiple commands to do Linux wipe the disk. Here are some simple solutions to wipe a hard drive on Linux.

1 wipe

As the name suggests, the command is used to wipe data from a magnetic disk. Though, a lot of Linux systems do not have the command readily installed. In this case, you can use the apt install command first.

# apt install wipe.

Once it is done, just use the «wipe» command in the format — wipe [options] target. For instance, to wipe a partition, simply enter the command:

Confirm your choice, by entering «yes» and wait as the selected partition would be wiped.

2 shred

This is one of the best ways to protect your private data on a Linux system. Ideally, this works as a dedicated shredder – that would overwrite your data with something else, making the recovery process harder. This Linux based command has the following syntax:

shred [option] target

As you know, «target» would specify the location you wish to shred. It can be a partition, folder, or file name. Subsequently, it can have the following options.

• -n: To overwrite data «n» times
• -f: To change permission and allow the writing operation
• -u: Truncates the files after shredding them
• -s: To provide the size to shred
• -u: To remove the file after shredding
• -v: To enable the verbose mode
• -z: To add zeros to the final overwriting process

Therefore, you can wipe the Linux disk, by entering a command like this:

# shred -vfz -n 10 /dev/sda2.

This will follow ten passes of overwriting on the provided location, making it impossible for a recovery tool to retrieve data from it.

If you are running short on time, then consider using the «dd» command to erase disk on a Linux system. Instead of generating random data, it will overwrite the entire disk with strings of zeros. Therefore, it will take less time to wipe the disk and protecting your information. Although, it provides certain options that you can use to customize the process.

dd if=source of=target [Options].

Make sure that you run the command prompt and as a super-user. Here’s a simple demonstration of the same.

# dd if=/dev/zero of=/dev/sda2 bs=512 count=1.

The command will overwrite the target location with a string of zeros, as specified in the source. Also, this will copy 512 bytes in a single count. One of the major advantages of this is the time taken by the dd command is lesser than shred.

4 scrub

Lastly, you can also take the assistance of the «scrub» command to overwrite your disk with specific patterns. Sometimes, the patterns can be randomly generated by the system too. Since the command is not present in every Linux system by default, you might need to install it first. To do this, you can use the apt install command.

Once it is done, just enter the command in the following syntax:

scrub [option]В target.

Even if you don’t provide an option and just specifies the target location to wipe, the command will work. Though, you would be asked to verify your choice to erase disk on Linux entirely. Here’s a quick example of the same:

Tips for Formatting and Wiping Linux Disk

After getting to know about these popular commands to create new disk space on Linux, you would certainly be able to format or wipe it. Besides that, you can consider following these tips to format or wipe the Linux disk successfully.

• Make sure that you have logged in as a super-user (administrator) while wiping a disk. This will make the entire process a whole lot easier.
• Not every command might be installed on your system. Therefore, you can consider checking its status or installing it beforehand.
• Although there are third-party applications available to shred and wipe a disk, it is recommended to use reliable commands. If you use a readily available tool, then make sure it is from a trusted source with a positive reputation in the industry.
• Always double-check the command before entering it (particularly the syntax and the location). One small error and you might end up causing irrevocable damage to your system.
• Most importantly, take a backup of your important files before wiping the Linux disk. This will make sure that you have a second copy of your vital data in advance.

Video Tutorial on How to Recover Data from Hard Disk After Disk Wipe

Recent Videos from Recoverit

That’s a wrap, folks! Now when you know how to format or wipe disk on Linux, you can easily meet your requirements. In case if you have accidentally deleted your data or have formatted a drive, then use a reliable data recovery solution likeВ Wondershare Recoverit. Using it, you can just attach your Linux device to a PC and later extract the lost or inaccessible content from it. Go ahead and try some of these methods and feel free to share your shortcuts or tips in the comments below.

What disk format does Linux use?

Linux is a very versatile operating system and has its own disk format which is EXT, which can be presented in its EXT2, EXT3 and EXT4 versions. However, this is not the only file system that can be supported by this operating system; FAT32 and NTFS systems are fully supported as well as HFS.

Does a full format wipe data?

Not necessarily. Although the information will not be accessible through Windows file explorer. This does not mean that the information is not physically stored on disk yet. Formatting a disk is equivalent to giving disk permission to overwrite where information previously was. Eventually, the residual information will be completely overwritten.

How do I wipe Linux and install Windows?

If you want to remove Linux and install Windows, the procedure is quite simple. First, back up your information. Once you have done this, you will need to insert your bootable DVD or flash drive that has the Windows installer on it. Then you have to follow the steps and in the type of installation, you will choose «custom», then you will erase the partition where Linux is installed and you will be able to install Windows.

Does formatting remove Bitlocker?

As part of Windows security and protection mechanisms, BitLocker has been developed. For security reasons, BitLocker can only be removed by typing its password or, in case you forgot it, the recovery key. If you do not have any of them, it is suggested to format the device, since this process will delete all the information –including BitLocker— contained to reset all settings to the factory default.

Источник