Securely erase SSD on Mac without restoring data

How to safely erase an SSD on a Mac without data being able to be restored, that is what a reader wanted to know from me recently. The background was that the hard disk utility under macOS no longer offers the option of writing zeros to the hard disk 7 times in order to eliminate possible residual data. The same is due to the fact that a "Solid State Drive" (SSD) works differently than a "Hard Disk Drive" (HDD). In this guide, I'll show you how you can still clean up the Mac memory so that no restoration is possible from the remnants of data.

TL; DR: The app solution presented at the end is the BitRaser File Eraser from Stellar

You can find out here how to securely erase an SSD on a Mac without data being restored. The manual solution is complex; it's faster with the app.
You can find out here how to securely erase an SSD on a Mac without data being restored. The manual solution is complex; it's faster with the app.

Multiple overwrite only applies to magnetic media

Apple offers for deleting and formatting a storage medium on or in the Mac computer a comprehensive guide on. This contains, among other things, information about multiple overwriting of the hard disk that is to be formatted - as well as the information that this option is only available for magnetic media (i.e. HDD storage with magnetic storage disks). Due to the different way in which chip storage works like an SSD hard drive, one with the Disk Utility editable, so the multiple overwrite option is not available.

Secure erase options are not provided in Disk Utility for a solid-state drive (SSD). If necessary, you can ensure more protection and security when commissioning an SSD drive by activating FileVault encryption.

Update: Activate FileVault on the Mac

A reader just asked me by email, where you can activate FileVault hard disk encryption on your Mac. Since this is certainly also interesting for other readers, here are the brief instructions:

Open the system settings and select "Security". There you will find a tab "FileVault" at the top, which you click on. Now you have to unlock the lock on the bottom left (with admin password) and then activate FileVault.

The FileVault encryption implemented by Apple offers a high level of security against data theft. I could not find any loss of performance due to the activation.
The FileVault encryption implemented by Apple offers a high level of security against data theft. I could not find any loss of performance due to the activation.

However, one thing should be clear: If you lose or forget the key for decryption, there is no way to get to the data on the hard drive. Apple support cannot help here either. For this reason, I would not recommend this option to everyone, but rather to people who travel a lot with their Mac / MacBook / MacBook Pro and who have an increased risk of their Mac falling into the wrong hands.

Securely delete SSD on Mac: that is the problem!

HDDs and SSDs therefore differ significantly from each other. With the other structure, which, by the way, is not the same for SSDs as for SD cards, there are different procedures for secure deletion. If you want to securely erase an SSD on the Mac without data being able to be restored, you have to say goodbye to the thought of multiple overwriting with zeros first.

Because with a magnetic disk, old data is simply deleted and replaced by new data by overwriting it. This is even possible in small amounts of memory (“page”). With a solid-state drive, the pages are not individually irretrievably overwritten; to do this, the old data must first be deleted and then entire data blocks must be replaced with new content.

An example: You apparently instruct the SSD via the macOS user interface to overwrite page 7 in the data block. However, this does not delete page 7. It is only marked as invalid and replaced by a new page, e.g. page 3107. If you now query the content of page 7, the operating system, which detects the detour in the background, delivers the 3107 content. Page 7 is only really deleted when the storage space of its entire block is required.

Free backup software for Mac: SmartBackup presented here

Completely write to the hard disk several times: The solution?

Now one can conclude that one simply has to write the record to the brim so that the space of the old, still existing pages is freed. A double full write and delete should even ensure that the private data before the Mac sale (or whatever else you want to securely delete the hard drive for) is finally gone and can no longer be recovered. For execution can in Port the command discussil randomDisk 2 / dev / diskN be used.

But this procedure has some disadvantages for the continued use of the hard disk. Their lifespan can be affected by the rapid sequence of full utilization and subsequent cleanup. In addition, the logical fragmentation can increase, which decreases the writing performance. This counteracts the speed advantage of this type of hard disk, which is always emphasized.

However, if you only do this process if you want to completely delete the Mac for a sale, then there is certainly nothing wrong with it. I just wouldn't recommend running it multiple times a day - for whatever reason you would want to. : D

Securely erase Mac SSD without any loss of performance

Probably the best way to securely erase an SSD with no possibility of recovery is to call up the secure erase function built into the controller. If the controller designers have done their job well, this should actually delete all blocks and also ensure that the logical page assignment is reset. This would effectively defragment the disk and restore its original performance.

How to proceed for this is discussed in the MacRumors forum, among others. in the appropriate thread quite technical instructions are given, which also contain Linux boot media. Other options, which can be found in other sources, relate more to DOS commands, but they are of no use on the Mac. Really playing it safe and manually deleting the Mac SSD safely without data being restored is no easy undertaking - at least if you don't want to accept any loss of performance.

Especially since the controllers of SSD hard drives are not always implemented so well by the manufacturers that the procedure really works. This is shown, for example, by the Non-Volatile Systems Lab at UC San Diego. You can find the full investigation here ; the abstract with this link. The conclusion (translated):

Our results lead to three conclusions: First, the built-in commands are effective, but manufacturers sometimes implement them incorrectly. Second, overwriting the entire visible address space of an SSD twice is usually, but not always, sufficient to disinfect the drive. Third, none of the existing disk-oriented techniques for cleaning individual files on SSDs are effective. 

Overwrite the Mac SSD via app and securely delete files

So you see: It is not that easy to securely erase the SSD hard drive on the Mac without data being restored. A double, complete filling and deletion is probably the best way if you want to proceed without app solutions. However, this tends to be via complex solutions so that the performance of the storage medium is not adversely affected for future tasks.

Otherwise, there are also a few apps for securely overwriting the Mac memory. Various names like Wipe Mac, File Shredder, Permanent Eraser, Shred It, Super Eraser and the like came my way during the research. The "BitRaser File Eraser" from Stellar looked quite potent. You can do this for macOS and Windows. In the menu-driven program, 17 algorithms can be selected to safely remove files from solid-state drives.

Securely erase Apple Mac hard drive before selling

Before the sale or if you just want to give the Mac away to the family - it is always good to delete the memory securely. Even if you want to set up a system from scratch, a defragmented disk with empty pages is not bad. You can find these application examples on the BitRaser File Eraser website linked above. The app is made so that you can delete files in order to sell the Mac afterwards, to give it away, to recycle the storage medium without hesitation and so on.

The software is also very good for everyone with a high volume of files and companies, because you can delete not only the entire hard drive, but also individual files and folders and the apparently empty memory. Sensitive data that you would like to delete forever will be removed forever and irretrievably. If you want to convince yourself of the performance of the app, you can download a free 30-day trial version;)

Did you like the article and did the instructions on the blog help you? Then I would be happy if you the blog via a Steady Membership or at Patreon would support.

28 Response to “Securely erase SSD on Mac without recovering data”

  1. In my experience - practical tests with an SSD that was fully overwritten several times, most data could be recovered with DataRecovery tools.
    Therefore, there is only one method, the SSD must be reset to the factory state in which all cells are reset.
    Then nothing can be restored.

    I don't know how to do that with a Mac, especially a Macbook.

    Best regards Bernd

    1. Hello Bernd! But doesn't that contradict the general saying that the data on an SSD is completely scattered across the SSD in tiny pieces and is therefore not that easy to recover? What software did you use to recover the SSD? And wouldn't it help if you simply copy large meaningless files (eg satellite images or films) onto the SSD until it is full? Then the original data would have to be gone, right?

  2. Unfortunately not Jens, I tried it.
    Only after I reset the nand cells of the SSD with Linux to the factory state, whether 0 or 1, do I know nothing more to recover.
    Don't forget the SSDs have an overhead that can be another 10% of the capacity if cells break.
    It was a paid program for hard drive crashes for 100 euros to restore data that I once needed.

    And the data all came up clean.

    For external disks, no problem, boot into a slot in the PC with Linux or the tool from Samsung and patch guarantees factory settings.
    But on a Macbook?

    Sensitive data is stored on my Macs, I'll just say keychain etc.

    The only idea I currently have is encrypting the disk with its own key and not giving out the key when it is sold.

    Best regards Bernd

    1. Hello Bernd! Thank you for your reaction. That's very interesting. The only way I can think of then would be to enable FileVault. Everything is then encrypted. If the encrypted data could be restored, the "problem" for the restorer would still be that he cannot decrypt the contents of the files without the File Vault key. VG, Jens

  3. Hi Jens,
    That's exactly my idea when selling the two devices.
    Turn off FileVault, delete files, reinstall Mac according to your instructions, then pass on FileVault with a password and so on.

    By the way, the program to reset the SSD was PartedMagic, it works with all SSDs.

    Best regards Bernd

    1. Hello Bernd! I think you should leave File Vault enabled and delete the files first. Then turn off File Vault. Otherwise the files would be decrypted and only then deleted. That wouldn't be good, because I assume re-enabling File Vault would only encrypt the currently available file. In theory, if the subsequent owner shuts down File Vault and then rebuilds the hard drive, your data could reappear. Or have I thought incorrectly about that?
      And because of PartedMagic: That's interesting. You can apparently run it with Etcher on a Mac. And with that you were able to restore an APFS file system?

  4. Hi Jens,
    The recovery didn't work with Parted Magic but with another program I forgot the name [the age].
    However, Parted Magic is very good at restoring SSDs of all makes to the factory state.
    For this I use a Windows PC with a hard disk slot and boot with Parted Magic from DVD.
    You're right I probably have to delete the data in encrypted form, then decrypt it and then re-encrypt it again.

    Best regards Bernd

  5. I didn't have any success with "BitRaser File Eraser" either.
    With DataRecovery I was able to recover all data...

  6. The only possibility - which Apple also does with its i-Devices - is to reset the NAND cells to 0.

    This is possible with Parted Magic and Linux with "normal" SSDs with a SATA interface - everything is gone.

    But with Apple MACs that's unfortunately not possible, just take out the disk and delete it somewhere else with the Proggie.

    Best regards Bernd

  7. clicker cookie

    The only option available is to reset the NAND cells to zero, which Apple also does with its iDevices. This is possible under Parted Magic and Linux with "normal" Solid State Drives (SSDs) that have a SATA interface; however, this will result in the loss of all data. Unfortunately, Apple MACs are not capable of this; All you have to do is remove the disk and use the proggie to delete the file somewhere else.

  8. It would be nice - BUT - the hard drive connections of the Macs are - of course - NOT - standard - i.e. SATA etc.
    That means you need an adapter for it.
    And - to make it even easier - each generation of MacBooks has a different connection.

    Just noticed on two open MBA Airs one 2012 one 2013 the SSDs could not be exchanged crosswise.

    Best regards Bernd

  9. Deleting free storage space on an SSD – great: I got a nasty, destructive entry in the Mac operating system when resetting my password for the photo software Luminar (Ukrainian software development...) on an SSD: Safari blocked and “over” with 100% utilization and no right mouse button Function. Nothing helped - reinstalling the OS and migrating from backup reinstalled the error. Reinstallation without migration (!) did not fix the error, ie the entry remained on the (deleted) SSD and was found again after a fresh installation of Mac OS! What to do? Thanks to this article I downloaded the Stellar File Eraser (January 23/costs about 35€/ no test phase/ download only via the link in the purchase email!). Installed in the newly installed OS on the SSD via USB stick (Safari doesn't work!), 1) Clear the Safari cache without opening Safari! 2) Permanently erase all free space of SSD.
    Only then is the malware deleted from the SSD and does not find its way back into the new OS! EXCELLENT! Thanks for the necessary knowledge (see above)

    1. Hi Michael! I have Luminar 4, Luminar AI and Luminar NEO on my Mac and I am not aware that any of the software_products would install anything "harmful". It's just a graphics program and not antivirus software.
      The other thing: If you completely reinstall the macOS and don't do any migration, then the problem MUST be gone. If not, it's a hardware problem. The second thing I don't understand about your comment...
      But no matter: the main thing is that your problem is solved. 😊 I just wouldn't want to blame it on Luminar...

      1. Hi Jens,
        the one with Luminar was a forgotten password action. There was "something hidden" on the new password creation page... strange reactions and no new PW received...Luminar itself as software will probably be clean.
        And no, it's not a HW problem. The 13er iMac 21 inch has been running without any problems since the cleanup. After the cleanup, the OS has to be reinstalled again.

        1. Maybe ask their support? Sometimes such emails end up in the spam folder. I don't know what else it could be.

    2. Hello Michael,
      Thanks for your post, I will buy Stellar Erase because I currently have a WIN PC that I want to give away, but it had some company data on it and it has an SSD in it.

      The new user will certainly not buy or use data recovery, but this way I have at least a little more security – I hope.

      Flashing the SSD completely is a problem due to the age of the PC. I would have to read out the key from Win10 and reinstall all the MoBo drivers.

      Best regards Bernd

      1. Yes, I also always think that the chances of someone recovering data are very, very small. But once you've overwritten the data, you just have a better feeling. 😊

  10. Thanks for the tip! I have to send back a defective SSD (fails sporadically), so the idea of ​​"diskutil randomDisk 2 /dev/diskN" suited me very well. However, the command aborts with an error for APFS volumes. Workaround: Repartition the SSD as "Mac OS Extended (Journaled)", then the command will work.

    1. Hello Bernd! Exactly... you could also throw a lot of files onto your SSD by hand so that the existing data is overwritten, but the tool does the work for you. It doesn't do any special magic.

    2. Hello Bernd,
      yes, that's exactly what it's supposed to do. Try erasing an SSD (see post). The deletion process only takes seconds and no content is deleted. However, the software fills the entire storage space bit by bit with data/or overwrites it with 0 or 1 over several hours. I don't want to know what the success rate would be if I willfully load 1 TB of data onto my disk - one at a time! because in the end the Mac is almost standing still and I have to "fill up" it in smaller and smaller bits. The software takes care of that and that helps immensely.
      Greetings Michael

      1. Hello Michael,
        It would be nice.
        I did that years ago just for fun and filled an SSD to the max.
        This can actually be done in a flash simply by copying more data than is free.
        Then I formatted, filled again until it stops.
        Unfortunately, some of the original data that was there before filling could be retrieved with the Stellar Recovery Tool.

        The only method I know of - and hopefully Apple will do that when doing a factory reset - is a command that resets the NAND memory to factory settings.

        Best regards Bernd

        1. If the SSD was formatted with APFS and you always copied the same file, then the file was not written umpteen times (and thus overwritten the SSD as desired), but only cloned, i.e. there is only the original file and always a new entry in the file directory per clone. Advantage: if you have many duplicates on the hard disk, you save storage space (however, you wouldn't have been able to reach the "full" status then either?!?). Also here would be possible. one solution is to first repartition with "Mac OS Extended (Journaled)" and then copy. MW could not clone the old file system.

          1. Yes, I thought so too, that APFS notices when a file is the same and doesn't create it multiple times. However, it doesn’t take up much space and you shouldn’t actually fill up the SSD in this way, but you probably have to keep copying other files to it so that storage space is actually used. The bottom line is that the program that fills the SSD with data should be the least stressful. 😂

  11. Hello Bernd,
    good...I give up!...
    All I can say is that the SW helped me to get rid of the problem... copying data from - let's say 900GB takes a while... even with Thunderbolt. I just erased another iMac with Stellar (1TB in about 5 hours) as it had some odd behavior (SW would only partially install - e.g. Imageprint didn't see a single image after the install (which completed as successfully installed). the computer as an image! Mirage did not copy any data with it - recognizes the printer incorrectly - no print possible...I have now bought Malwarebytes and run it on 2 Macs - hope it helps...

    1. Hello Michael,
      I think my post got it wrong.
      I have Stellar and it's a good tool.
      My approach was different - if I should sell my computers - I currently have a MacPro standing around - on which sensitive company data - were - e.g. access data to accounts and passwords were in the key ring, then I just want to be 100% sure that under no circumstances can restore.
      As far as I understood, this would be secured by first deleting everything - e.g. decrypting the SSD with Stellar and then encrypting it with a new password.

      Best regards Bernd

Post a comment

Your e-mail address will not be published. Required fields are marked with * marked

In the Sir Apfelot Blog you will find advice, instructions and reviews on Apple products such as the iPhone, iPad, Apple Watch, AirPods, iMac, Mac Pro, Mac Mini and Mac Studio.