Apple - How to get the "securely erase" function of Disk Utility on El Capitan & Sierra
Use diskutil from Terminal. The following command
diskutil secureErase 0 /dev/diskX
Will erase your disk, identified by X, with a single pass of zeros. You can get a list of the options available to you by issuing the command without any options:
$ diskutil secureErase
Usage: diskutil secureErase [freespace] level MountPoint|DiskIdentifier|DeviceNode
Securely erases either a whole disk or a volume's freespace.
Level should be one of the following:
0 - Single-pass zeros.
1 - Single-pass random numbers.
2 - US DoD 7-pass secure erase.
3 - Gutmann algorithm 35-pass secure erase.
4 - US DoE 3-pass secure erase.
Ownership of the affected disk is required.
Note: Level 2, 3, or 4 secure erases can take an extremely long time.
Secure Erase and SSDs
You don't need to do a secure erase of an SSD because a a standard erase is already more than enough to secure your data. The reason you needed multiple passes or even the DoD 7 pass secure erase was because with traditional hard drives (HDDs) the data was stored on magnetic platters which left a residual magnetic imprint even when wiped. This is how COTS (Commercial Off the Shelf) utilities like Disk Drill software is able to reconstruct a drive. This is not the case with an SSD; nothing is magnetized.
In fact, it is recommended (read that to mean highly advised) that you don't do a secure erase because you would be shortening the life expectancy of your SSD due to the increased write operations.
Per Apple:
Note: With an SSD drive, Secure Erase and Erasing Free Space are not available in Disk Utility. These options are not needed for an SSD drive because a standard erase makes it difficult to recover data from an SSD. For more security, consider turning on FileVault encryption when you start using your SSD drive.
Now, if TRIM is enabled (and it should be if your Mac came with an SSD from the factory), it will handle the task of freeing up the blocks of data no longer in use making them available for immediate writing.
Regular HDDs didn't do this. When you deleted a file, it only deleted the pointer to the data, not the data itself.
Both Allan and Klanomath provide accurate advice on how to do this via Terminal. However, if you're wanting to do this with a HDD (and not an SSD), the option is still there in Disk Utility, although it's changed.
Follow these steps:
- Select the volume (not the physical disk, and not an SSD) in the sidebar
- Click the Erase button
- Click on Security Options
- Select the level of secure erase in the next window by moving the slider. You'll find that there's an option to randomly write data followed by a single pass of zeros across the entire drive.
Hope this helps.
The unsecure/secure erase is only accessible via Terminal > diskutil zeroDisk|randomDisk|secureErase device.
man diskutil helps:
zeroDisk [force] device
Erase a device, writing zeros to the media. The device can be a whole-disk or a partition. In either
case, in order to be useful again, zero'd whole-disks will need to be (re)partitioned, or zero'd parti-
tions will need to be (re)formatted with a file system, e.g. by using the partitionDisk, eraseDisk, or
eraseVolume verbs. If you desire a more sophisticated erase algorithm or if you need to erase only
free space not in use for files, use the secureErase verb. The force parameter causes best-effort,
non-error-terminating, forced unmounts and shared-mode writes to be attempted; however, this is still
no guarantee against drivers which claim the disk exclusively. In such cases, you may have to first
unmount all overlying logical volumes (e.g. CoreStorage or AppleRAID), or, if a disk is partially dam-
aged in just the wrong way, even un-install a kext or erase the disk elsewhere. Ownership of the
affected disk is required.
randomDisk [times] device
Erase a whole disk, writing random data to the media. Times is the optional (defaults to 1) number of
times to write random information. The device can be a whole-disk or a partition. In either case, in
order to be useful again, randomized whole-disks will need to be (re)partitioned, or randomized parti-
tions will need to be (re)formatted with a file system, e.g. by using the partitionDisk or eraseDisk
verbs. If you desire a more sophisticated erase algorithm or if you need to erase only free space not
in use for files, use the secureErase verb. Ownership of the affected disk is required.
secureErase [freespace] level device
Erase, using a secure method, either a whole-disk (including any and all partitions), or, only the free
space (not in use for files) on a currently-mounted volume. Erasing a whole-disk will leave it useless
until it is partitioned again. Erasing freespace on a volume will leave it exactly as it was from an
end-user perspective, with the exception that it will not be possible to recover deleted files or data
using utility software. If you need to erase all contents of a partition but not its hosting whole-
disk, use the zeroDisk or randomDisk verbs. Ownership of the affected disk is required.
Level should be one of the following:
o 0 - Single-pass zero-fill erase.
o 1 - Single-pass random-fill erase.
o 2 - US DoD 7-pass secure erase.
o 3 - Gutmann algorithm 35-pass secure erase.
o 4 - US DoE algorithm 3-pass secure erase.