How to Secure Erase an SSD (SATA & NVMe) — Complete Guide

Deleting files or formatting an SSD does not actually erase your data. Unlike traditional hard drives, SSDs store data on NAND flash chips controlled by sophisticated firmware — and that firmware makes standard erasure methods unreliable. If you are selling, donating, recycling, or decommissioning a computer with an SSD, you need a method that works with the drive's architecture, not against it.

Key Takeaways:

• Overwriting an SSD does not erase all data — wear leveling and over-provisioning leave data in cells that overwrite commands cannot reach
• Use firmware-level commands (ATA Secure Erase for SATA, NVMe Sanitize for NVMe) instead of software-based overwriting
• Manufacturer tools from Samsung, WD, Crucial, Kingston, and Intel are the easiest way to secure erase most consumer SSDs
• Self-encrypting drives (SEDs) can use crypto erase, which destroys the encryption key in under a second
• NIST 800-88 Rev. 2 recommends Purge or Destroy for SSDs — not Clear (overwrite)

Why SSDs Are Different from HDDs

If you have wiped a traditional hard drive before, you may assume the same approach works for SSDs. It does not. The fundamental difference comes down to how these two storage technologies handle writes.

An HDD writes data to a specific physical location on a magnetic platter. When you overwrite that location, the new data replaces the old data at the same physical spot. One pass is enough — the original data is gone.

SSDs work entirely differently because of three key architectural features:

Wear Leveling. NAND flash cells degrade after a limited number of program/erase (P/E) cycles. To spread wear evenly, the SSD controller constantly moves data around, remapping logical addresses to different physical cells. When you "overwrite" a file, the SSD often writes the new data to a fresh cell and marks the old cell for later erasure. The original data remains in the old cell until the controller gets around to erasing it.

Over-Provisioning. Every SSD reserves a percentage of its NAND capacity (typically 7-28%) that is invisible to the operating system. This hidden space is used for wear leveling, garbage collection, and bad block replacement. No software running on the host system can directly address or overwrite these cells.

Flash Translation Layer (FTL). The FTL is firmware that maps logical block addresses (what the OS sees) to physical NAND locations (where data actually lives). This abstraction layer means the OS has no way to know — or control — where data physically resides on the drive.

Because of these three factors, a software-level overwrite might appear to have erased the entire drive, but data can still exist in remapped cells, over-provisioned space, and blocks waiting for garbage collection. This is not theoretical — researchers at UC San Diego demonstrated in a landmark 2011 study that overwriting entire SSDs still left up to 75% of previously stored data recoverable in some cases.

For a deeper comparison, see our SSD vs. HDD data erasure differences breakdown.

SSD Erasure Methods Compared

Not all SSD erasure methods are equal. The table below compares the five primary approaches:

Method	Interface	Erases Over-Provisioned Space?	Speed	NIST 800-88 Level	Best For
ATA Secure Erase	SATA	Yes	30 sec – 2 min	Purge	SATA SSDs
NVMe Sanitize	NVMe	Yes	1 – 5 min	Purge	NVMe SSDs
NVMe Format (User Data Erase)	NVMe	Depends on implementation	30 sec – 3 min	Clear or Purge	NVMe SSDs (check spec)
Crypto Erase	SATA or NVMe (SEDs)	Yes (renders data unreadable)	< 1 sec	Purge	Self-encrypting drives
Software Overwrite	Any	No	Hours	Clear only	Last resort / HDDs only

The clear takeaway: firmware-level commands are the correct approach for SSDs. Software overwriting is designed for HDDs and should not be relied upon for solid-state storage.

Bottom Line: Always use a firmware-level command — ATA Secure Erase, NVMe Sanitize, or crypto erase — to wipe an SSD. Software-based overwriting is unreliable for flash storage and is not recommended by NIST 800-88 Rev. 2 for SSD sanitization at the Purge level.

Method 1: Manufacturer Secure Erase Tools

The simplest approach for most users is to use the free utility provided by your SSD's manufacturer. These tools send the correct firmware commands for your specific drive model.

Samsung Magician

1. Download and install Samsung Magician (Windows)
2. Open Samsung Magician and select your Samsung SSD
3. Navigate to Data Management > Secure Erase
4. Follow the prompts — Samsung Magician may require you to create a bootable USB to perform the erase
5. The process typically completes in under two minutes

Note: Secure Erase is not available for the system drive while Windows is running. You will need to boot from USB or use a secondary system.

Western Digital Dashboard

1. Download WD Dashboard (Windows)
2. Select your WD/SanDisk SSD
3. Go to Tools > Drive Erase
4. Create the bootable USB when prompted
5. Boot from the USB and follow the on-screen instructions

Crucial Storage Executive

1. Download Crucial Storage Executive (Windows)
2. Select your Crucial/Micron SSD
3. Navigate to Sanitize or PSID Revert depending on your drive model
4. Follow the prompts to complete the erasure

Kingston SSD Manager

1. Download Kingston SSD Manager (Windows)
2. Select your Kingston SSD
3. Use the Secure Erase function under the Security tab
4. Create a bootable USB if required

Intel Memory and Storage Tool (MAS)

1. Download Intel MAS (Windows or Linux CLI)
2. Select your Intel/Solidigm SSD
3. Use the Secure Erase option
4. Complete the process via bootable media or the CLI version

Limitation: Manufacturer tools only work with their own drives. If you have multiple SSD brands or need a universal solution, see Method 4 below.

Method 2: ATA Secure Erase via Linux (SATA SSDs)

For SATA SSDs, the ATA Secure Erase command can be issued directly using hdparm on Linux. This works with any SATA SSD regardless of manufacturer.

Requirements: A Linux system (live USB such as Ubuntu works fine), root access, and the SSD must not be the boot drive.

Step-by-Step

1. Identify the drive. List all connected drives:

sudo fdisk -l

Locate your target SSD — for this example, we will assume /dev/sda. Double-check the drive identifier. Erasing the wrong drive is not reversible.

2. Check if Secure Erase is supported. Query the drive's security features:

sudo hdparm -I /dev/sda | grep -i "security"

Look for supported: enhanced erase in the output. If the drive shows "frozen," you need to unfreeze it (see step 3).

3. Unfreeze the drive (if needed). Most BIOS implementations issue a SECURITY FREEZE LOCK command on boot, which blocks secure erase. To unfreeze:

sudo systemctl suspend

Wake the system (press power button), then re-check — the drive should now show not frozen.

Alternative: Hot-plug the SATA cable after boot (if hardware supports it).

4. Set a temporary security password. ATA Secure Erase requires a user password to be set first:

sudo hdparm --user-master u --security-set-pass Erase /dev/sda

5. Issue the Secure Erase command:

sudo hdparm --user-master u --security-erase Erase /dev/sda

For Enhanced Secure Erase (which also handles remapped and over-provisioned areas):

sudo hdparm --user-master u --security-erase-enhanced Erase /dev/sda

6. Verify completion. After the command finishes, confirm the drive no longer has a password set:

sudo hdparm -I /dev/sda | grep -i "security"

The output should show not enabled and not locked.

Warning: Do not interrupt the secure erase process. If power is lost or the command is interrupted, the drive may remain in a locked state requiring the password to unlock. In most cases, re-running the erase command with the same password resolves this.

For complete drive wiping fundamentals across all storage types, see our guide to wiping a hard drive.

Method 3: NVMe Sanitize via Linux (NVMe SSDs)

NVMe drives use a different command set than SATA drives. The NVMe specification defines the Sanitize command, which is the preferred method for securely erasing NVMe SSDs. The nvme-cli tool provides access to these commands.

Important distinction: NVMe Sanitize, NVMe Format, and ATA Secure Erase are three different operations targeting different interfaces. Do not confuse them:

• NVMe Sanitize — Performs a complete sanitization of the drive, including over-provisioned and unmapped areas. This is the most thorough NVMe erasure command.
• NVMe Format (User Data Erase) — Reformats the NVMe namespace. Whether it erases all data depends on the Secure Erase Settings (SES) field — some implementations only perform a cryptographic erase of user-visible data.
• ATA Secure Erase — SATA-only command. It does not work on NVMe drives.

NVMe Sanitize Step-by-Step

1. Install nvme-cli:

sudo apt install nvme-cli    # Debian/Ubuntu
sudo dnf install nvme-cli    # Fedora/RHEL

2. Identify the NVMe drive:

sudo nvme list

Note the device path (e.g., /dev/nvme0n1).

3. Check Sanitize support:

sudo nvme id-ctrl /dev/nvme0 -H | grep -i "sanitize"

Look for supported sanitize operations: Block Erase, Overwrite, or Crypto Erase.

4. Run Sanitize with Block Erase:

sudo nvme sanitize /dev/nvme0n1 --sanact=2

Sanitize action values:

• --sanact=1 — Exit Failure Mode
• --sanact=2 — Block Erase (resets all blocks)
• --sanact=3 — Overwrite (writes a pattern — slower, less preferred for SSDs)
• --sanact=4 — Crypto Erase (destroys encryption key)

5. Monitor progress:

sudo nvme sanitize-log /dev/nvme0n1

The log shows sanitize progress (SPROG) and completion status.

NVMe Format Alternative

If your drive does not support Sanitize, NVMe Format with secure erase settings is the fallback:

sudo nvme format /dev/nvme0n1 --ses=1

SES values:

• --ses=0 — No secure erase (format only)
• --ses=1 — User Data Erase
• --ses=2 — Cryptographic Erase

Note: Check your drive's datasheet to confirm whether --ses=1 erases all areas including over-provisioned space, or only the user-visible namespace. Implementations vary.

For a full rundown of erasure standards and what they require, see our data erasure standards overview.

Method 4: Third-Party Software

If you prefer a graphical interface, need to wipe drives from multiple manufacturers, or require a certificate of erasure for compliance purposes, third-party tools handle SSD secure erase across brands.

BitRaser Drive Eraser

BitRaser Drive Eraser is a bootable solution that supports both SATA and NVMe secure erase. It issues firmware-level commands (not just overwriting) and generates tamper-proof certificates of erasure — a requirement for compliance with HIPAA, GDPR, PCI DSS, and other regulations. Plans start at $39 per drive.

• Supports ATA Secure Erase, NVMe Sanitize, and crypto erase
• Generates PDF certificates of erasure with drive serial numbers
• Compliant with NIST 800-88, IEEE 2883, and other standards
• Works from bootable USB — no OS installation required

Parted Magic

Parted Magic is a bootable Linux environment ($15 one-time purchase) that includes a graphical Secure Erase tool alongside disk partitioning utilities. It wraps hdparm and nvme-cli commands in a user-friendly interface, making it a solid choice for users who are not comfortable with the Linux command line.

KillDisk

KillDisk offers both free and professional versions. The professional version ($59.95+) supports SSD-specific erasure commands and provides certificates of erasure. The free version is limited to single-pass overwriting, which — as discussed above — is not reliable for SSDs.

EaseUS BitWiper

EaseUS BitWiper provides SSD wipe functionality from within Windows. It supports multiple erasure standards and can wipe non-system drives without bootable media. Check that your version supports firmware-level SSD commands rather than overwrite-only modes.

For detailed comparisons of these and other tools, see our best data erasure software roundup.

Common Mistakes When Erasing SSDs

Assuming "format" means "erase." Quick format and even full format in Windows do not perform a secure erase. They remove file system metadata but leave actual data intact on the NAND chips. See our Windows 11 drive wipe guide for clarification on what Windows built-in tools actually do.

Relying on TRIM. TRIM notifies the controller that blocks are available for garbage collection, but it does not verify erasure, does not touch over-provisioned areas, and the timing of actual erasure is up to the controller. TRIM is not a sanitization method.

Using HDD overwrite tools on SSDs. Tools designed for HDD wiping (like DBAN) work by overwriting every sector sequentially. On an SSD, this writes to logical addresses that the FTL maps to physical cells — but the FTL may remap during the process, and over-provisioned cells are never touched.

Forgetting to check for frozen drives. BIOS security freeze locks prevent secure erase from executing. If hdparm reports the drive as "frozen," the erase command will be rejected silently or with an error. Always verify the drive state before attempting erasure.

Skipping verification. After erasing, confirm the operation completed successfully. Check hdparm security status, review nvme sanitize-log, or use the verification features in third-party tools. A failed or interrupted erase may leave data intact.

Crypto Erase: The Fastest Option for Self-Encrypting Drives

If your SSD is a self-encrypting drive (SED) that supports TCG Opal or IEEE 1667, crypto erase is the fastest and most effective erasure method. It works by destroying the media encryption key (MEK) stored in the drive's controller. Without the key, all data on the NAND chips is permanently unreadable — even if the raw flash chips are removed and read directly.

Crypto erase completes in under one second because it only needs to erase the key, not the actual data.

Requirements:

• The SSD must have hardware encryption enabled (many modern SSDs encrypt by default, even without user setup)
• The encryption implementation must be sound — some early SED implementations had flaws where data was stored in the clear despite encryption being "enabled"

How to perform crypto erase:

• SATA SEDs: Use hdparm --user-master u --security-erase-enhanced (Enhanced Secure Erase on SEDs performs crypto erase)
• NVMe SEDs: Use nvme sanitize --sanact=4 or nvme format --ses=2
• Manufacturer tools: Most manufacturer utilities detect SEDs and offer crypto erase as an option
• Third-party: BitRaser and Parted Magic both support crypto erase

For macOS-specific instructions, including FileVault and the Erase All Content and Settings feature on Apple Silicon, see our Mac drive wipe guide.

Frequently Asked Questions

Can I just overwrite an SSD to erase it?

Overwriting an SSD with zeros or random data does not erase all stored data. Wear leveling, over-provisioning, and the flash translation layer mean that some NAND cells are never reached by overwrite commands sent through the operating system. NIST 800-88 Rev. 2 classifies overwriting as Clear — insufficient for SSDs when Purge-level sanitization is required.

What is the difference between ATA Secure Erase and NVMe Sanitize?

ATA Secure Erase is a firmware-level command for SATA drives that instructs the SSD controller to reset all NAND cells. NVMe Sanitize is the equivalent for NVMe drives, defined in the NVMe specification. They target different interfaces and use different command sets, but both operate at the firmware level to reach areas that software-based overwriting cannot.

Does TRIM securely erase data from an SSD?

No. TRIM tells the SSD controller that specific blocks are no longer in use, allowing the controller to erase them during garbage collection. However, TRIM is an advisory command — the controller decides when and whether to act on it. There is no verification that data was actually erased, and TRIM does not touch over-provisioned space.

Is a single-pass overwrite enough for an SSD?

For HDDs, a single overwrite pass is sufficient per NIST guidance. For SSDs, even a single-pass overwrite is unreliable because the flash translation layer remaps writes, leaving data in cells that the overwrite never touches. Use firmware-level commands (ATA Secure Erase, NVMe Sanitize) or crypto erase instead.

What is crypto erase and when should I use it?

Crypto erase destroys the encryption key on a self-encrypting drive (SED), making all stored data permanently unreadable. It completes in under a second. It is effective only if the drive had hardware encryption enabled and the encryption implementation is trustworthy. Many modern NVMe SSDs support crypto erase even without explicit user-configured encryption.

Can I secure erase my SSD on Windows without Linux?

Yes. Most SSD manufacturers provide free Windows utilities — Samsung Magician, WD Dashboard, Crucial Storage Executive, Kingston SSD Manager, and Intel Memory and Storage Tool. Third-party tools like BitRaser and Parted Magic also support SSD secure erase from Windows or bootable environments.

Will secure erase damage my SSD or reduce its lifespan?

A properly executed secure erase does not damage the drive. ATA Secure Erase and NVMe Sanitize reset NAND cells to their factory state, consuming one program/erase cycle — negligible impact relative to the drive's total endurance rating. In fact, secure erase can restore SSD performance by returning cells to a clean state.

How long does SSD secure erase take?

Most SSD secure erase operations complete in under two minutes. Crypto erase finishes in under a second. NVMe Sanitize with Block Erase typically takes one to five minutes depending on capacity. This is dramatically faster than HDD wiping, which can take hours for large drives.

Do I need to secure erase an SSD before selling my computer?

Yes. A standard Windows Reset or macOS Erase does not perform firmware-level secure erase. Data recovery from a reset drive is often possible using commercially available tools. Before selling, donating, or recycling any device with an SSD, perform a proper secure erase using one of the methods in this guide.

What if secure erase fails or my SSD does not support it?

Some older or budget SSDs have incomplete secure erase implementations. If the command fails or hangs, try a different method: NVMe Sanitize for NVMe drives, crypto erase for SEDs, or a third-party tool that wraps firmware commands with error handling. If no software method works and the data is sensitive, physical destruction is the only remaining option.

The Bottom Line

SSDs require firmware-level erasure commands — not the software overwriting methods used for HDDs. Use your SSD manufacturer's free tool for the easiest path, or hdparm/nvme-cli on Linux for direct control. For compliance documentation, a third-party tool like BitRaser provides certified erasure reports. Whatever method you choose, verify the erase completed successfully before releasing the drive.

---

Last updated: February 2026. We regularly review and update our guides to ensure accuracy.

Sources:

• NIST Special Publication 800-88 Rev. 2, Guidelines for Media Sanitization. https://csrc.nist.gov/publications/detail/sp/800-88/rev-2/final
• NVM Express Base Specification, Revision 2.1. https://nvmexpress.org/specifications/
• ATA/ATAPI Command Set (ACS-4), T13/BSR INCITS 529. https://www.t13.org/
• Wei, M. et al. "Reliably Erasing Data From Flash-Based Solid State Drives," FAST '11, USENIX. https://www.usenix.org/conference/fast11/reliably-erasing-data-flash-based-solid-state-drives
• IEEE 2883-2022, Standard for Sanitizing Storage. https://standards.ieee.org/ieee/2883/10165/