Erase Mac before trade-in to Apple?

I’m trading in an iMac for a new one.

The question I have is: what level of erasure to perform on its internal SSD before sending to Apple.

I don’t know if it is necessary to go beyond Apple’s Disk Utility?

And in fact is it possible to erase a SSD drive? I’ve read somewhere that it isn’t or wasn’t.

And what practically does it mean to change the levels of the erase software?

Additionally, I’m not sure if sending to Apple would be secure if I didn’t do any erasing. NO, I’m not going to test that. :wink: LOL

Any suggestions on how to approach this question is appreciated.

Do you use FileVault? If so, securely erasing your SSD can be as simple as throwing away the encryption key. If not, you probably need to secure erase with Disk Utility. Here’s some good advice.

I traded in a Mac to Apple last fall and I reformatted it and installed a brand new OS (mainly for my own comfort – I figured a new OS would overwrite enough stuff to make recovery of anything personal moot), but mainly all you need to do is remove your password since it’s encrypted. Seemed to work just fine.

I do not use FileVault.

Thank you for the sites.

Then you should make sure to perform a secure erase with Disk Utility as per Howard’s instructions.

Don’t forget to sign out of iCloud, which also requires turning off Find my Mac.

Other things here: What to do before you sell, give away or trade in your Mac – Apple Support (UK)

(Going to the horse’s mouth, rather than Howard Oakley…) If your Mac is running macOS 12 Monterey, there’s a new Erase All Content and Settings command available from the File menu in System Preferences.

Thanks for the assist. Unfortunately my wife’s old Mac is running Big Sur.

Then your have one of two good options:

  • Upgrade to Monterey, and then erase everything.
  • Boot into Recovery mode and perform an erase/reinstall of macOS

In both cases, everything not from Apple will be erased. I wouldn’t worry about your documents being recoverable after this. Macs use TRIM on the internal SSDs, so all of the deleted content will be marked garbage for later collection, making it inaccessible by software.

You could also choose to have Disk Utility write zeros over the entire SSD before you reinstall macOS. This will take a long time, but it will definitely make all the old data inaccessible by software, in case you don’t trust TRIM.

If you’re worried about someone removing the SSD before garbage collection takes place (to try and bypass the SSD controller and access the garbage data with your deleted files), the easiest way around this is to leave the computer powered on and idle for a few days afterward. Boot it into Recovery mode and let it sit that way. The SSD will collect its garbage during its idle time (which will be all the time) and all will be well. You won’t have any way of knowing when the garbage collection completes, but unless you want to physically remove and destroy the SSD, that’s about the best you can do.

I assume your old iMac is too old to have a T2 chip (I think only the 2017 iMac pro and 2020 iMac use it), but if you have a T2, then you don’t have to worry about garbage collection. The T2’s encryption will effectively block any attempt to bypass the SSD controller (which is the T2 chip).

This IMHO is the way to go. Choose a DOE-compliant erase (or if you have lost of time, DOD). It will take a while (IIRC about 8 hrs for a 2TB SATA over USB-C), but you can let it run over night. That way you get direct feedback that the operation took place and has completed. Little effort for good peace of mind.

Full disclosure, many-cycle random writes and zero writes are not recommended for frequent use on SSDs because they of course eat up the finite no. of r/w cycles every SSD has, but since you are disposing of this Mac, that’s of no concern to you.

But that won’t guarantee garbage collection for your deleted files either. It will just take longer and make those who don’t understand SSDs feel like they did something important.

Since you have absolutely no knowledge about what the SSD’s internal garbage collection algorithms are, you don’t know if all this overwriting will force your deleted files’ blocks to be flash-erased or if they will still be lurking somewhere.

In terms of what you can know for certain, it’s really no different than a single-pass write of zeros or just deleting all the files with TRIM running. Your old files will be inaccessible via software, but someone willing and able to bypass the SSD controller might still be able to recover something.

Single-pass write zeros if fine. But I would caution against just relying on TRIM. Depending on what make/model of SSD is being used TRIM might not be available or it might not be running the way you’d expect. Apple’s TRIM documentation has been very limited to put it mildly.

Is there a way that I can tell if this iMac with Big Sur will use TRIM on the erase.

I appreciate all of the above help… As does my better half!

Did you ever exchange the internal disk? What type is it? What exact model of iMac is it?

1 Like

That’s true. I’ve been assuming that the original Apple-provided SSD is installed, in which case, TRIM should work as expected. Those are the only SSDs where Apple claims it is supported.

If it was replaced with an aftermarket SSD, then TRIM may or may not be enabled. Most of the time, you must use the trimforce command to enable it. If you just turned it on, then you should do a repair with Disk Utility, which will TRIM all free space at the end of its processing. But if the SSD didn’t implement TRIM properly (or at all), then the data might still be recoverable.

And a recommendation for a one-pass-write-zeros erase is also necessary if there is a hard drive involved - either as a secondary drive or as a Fusion drive. So it’s a good reccommendation if you’re not completely sure about what storage devices are present.

Use the System Information utility (option-click the Apple menu for a quick way to get there) and look at the category for the storage device. For my 2018 Mac mini, it’s the “NVMExpress” category, but yours may be in a different category (maybe “SATA”).

TRIM support should be indicated there. For example, on my system, I see:

If you have a genuine Apple SSD (as indicated by the device’s model name), then TRIM should be on and working. If you have an aftermarket SSD and TRIM is not enabled (which is the case for most aftermarket SSDs), then you can force macOS to use TRIM using the trimforce command.

After enabling TRIM (via trimforce), newly-deleted files will be TRIMmed, but files deleted before enabling it will not, so if you want to rely on TRIM, be sure it is enabled before you erase your data.

In older versions of macOS, Disk Utility would display a message indicating that it has TRIMmed all free space at the end of a repair, so you could perform a repair to make sure all deleted files have been TRIMmed. But in Big Sur, I no longer see this message, so I don’t know if it is still doing that or not.

In general, if you don’t have a genuine Apple SSD, it’s probably safest to assume that TRIM is not enabled and you should wipe the drive with all-zeros before reinstalling macOS.

I’m on Mojave with FileVault enabled, and while I’m not planning on erasing the drive anytime soon, I just want to make sure I understand correctly that performing a basic erase is enough to delete the key? After which reinstall the OS for added coverage.

I always erase my devices before handing them to Apple. The Genius Bar has actually helped me with this before.

Yes, if you have FileVault 2, you will essentially securely erase your drive as soon as you format it. Boot from another volume (external clone, Recovery or Internet Recovery, etc.) and choose to format the drive as APFS unencrypted. No password will be set. The drive will still contain the bits that were set there before, but since they had been encrypted with FileVault 2, you’d need that FileVault key to encrypt them. Without that key, anything left on that drive is gibberish.

A problem would be if you did not have FileVault 2 enabled, or possibly, if you only enabled it after you had already stored and later deleted data before turning on FileVault encryption. That is where secure erase via writing zeros or random data (DOE or DOD schemes) come into play. But with FV2 encryption, none of hat is necessary. “Cryptographic erase” is really an awesome feature: it’s quick, it’s thorough, and it’ incredibly easy to carry out. It’s the way we these days with SSDs should be dealing with privacy concerns when selling our Macs or getting rid of an SSD.

1 Like

Thank you Simon - that answers my question. I purchased the machine in Sept. 2019, and I don’t believe I turned on FileVault until sometime either later that year or possibly not until the following year, but I don’t think during that time I had anything vital stored on it. I have since stored a few passwords in my browsers (none for banking) which could always be deleted (assuming I remember first!) and have never stored any credit card info either. So I may have a small risk for whatever may not have been encrypted, but as I stated, I do not plan to sell anytime soon.