Erase Mac before trade-in to Apple?

I do not use FileVault.

Thank you for the sites.

Then you should make sure to perform a secure erase with Disk Utility as per Howard’s instructions.

Don’t forget to sign out of iCloud, which also requires turning off Find my Mac.

Other things here: What to do before you sell, give away or trade in your Mac – Apple Support (UK)

(Going to the horse’s mouth, rather than Howard Oakley…) If your Mac is running macOS 12 Monterey, there’s a new Erase All Content and Settings command available from the File menu in System Preferences.

Thanks for the assist. Unfortunately my wife’s old Mac is running Big Sur.

Then your have one of two good options:

  • Upgrade to Monterey, and then erase everything.
  • Boot into Recovery mode and perform an erase/reinstall of macOS

In both cases, everything not from Apple will be erased. I wouldn’t worry about your documents being recoverable after this. Macs use TRIM on the internal SSDs, so all of the deleted content will be marked garbage for later collection, making it inaccessible by software.

You could also choose to have Disk Utility write zeros over the entire SSD before you reinstall macOS. This will take a long time, but it will definitely make all the old data inaccessible by software, in case you don’t trust TRIM.

If you’re worried about someone removing the SSD before garbage collection takes place (to try and bypass the SSD controller and access the garbage data with your deleted files), the easiest way around this is to leave the computer powered on and idle for a few days afterward. Boot it into Recovery mode and let it sit that way. The SSD will collect its garbage during its idle time (which will be all the time) and all will be well. You won’t have any way of knowing when the garbage collection completes, but unless you want to physically remove and destroy the SSD, that’s about the best you can do.

I assume your old iMac is too old to have a T2 chip (I think only the 2017 iMac pro and 2020 iMac use it), but if you have a T2, then you don’t have to worry about garbage collection. The T2’s encryption will effectively block any attempt to bypass the SSD controller (which is the T2 chip).

This IMHO is the way to go. Choose a DOE-compliant erase (or if you have lost of time, DOD). It will take a while (IIRC about 8 hrs for a 2TB SATA over USB-C), but you can let it run over night. That way you get direct feedback that the operation took place and has completed. Little effort for good peace of mind.

Full disclosure, many-cycle random writes and zero writes are not recommended for frequent use on SSDs because they of course eat up the finite no. of r/w cycles every SSD has, but since you are disposing of this Mac, that’s of no concern to you.

But that won’t guarantee garbage collection for your deleted files either. It will just take longer and make those who don’t understand SSDs feel like they did something important.

Since you have absolutely no knowledge about what the SSD’s internal garbage collection algorithms are, you don’t know if all this overwriting will force your deleted files’ blocks to be flash-erased or if they will still be lurking somewhere.

In terms of what you can know for certain, it’s really no different than a single-pass write of zeros or just deleting all the files with TRIM running. Your old files will be inaccessible via software, but someone willing and able to bypass the SSD controller might still be able to recover something.

Single-pass write zeros if fine. But I would caution against just relying on TRIM. Depending on what make/model of SSD is being used TRIM might not be available or it might not be running the way you’d expect. Apple’s TRIM documentation has been very limited to put it mildly.

Is there a way that I can tell if this iMac with Big Sur will use TRIM on the erase.

I appreciate all of the above help… As does my better half!

Did you ever exchange the internal disk? What type is it? What exact model of iMac is it?

1 Like

That’s true. I’ve been assuming that the original Apple-provided SSD is installed, in which case, TRIM should work as expected. Those are the only SSDs where Apple claims it is supported.

If it was replaced with an aftermarket SSD, then TRIM may or may not be enabled. Most of the time, you must use the trimforce command to enable it. If you just turned it on, then you should do a repair with Disk Utility, which will TRIM all free space at the end of its processing. But if the SSD didn’t implement TRIM properly (or at all), then the data might still be recoverable.

And a recommendation for a one-pass-write-zeros erase is also necessary if there is a hard drive involved - either as a secondary drive or as a Fusion drive. So it’s a good reccommendation if you’re not completely sure about what storage devices are present.

Use the System Information utility (option-click the Apple menu for a quick way to get there) and look at the category for the storage device. For my 2018 Mac mini, it’s the “NVMExpress” category, but yours may be in a different category (maybe “SATA”).

TRIM support should be indicated there. For example, on my system, I see:

If you have a genuine Apple SSD (as indicated by the device’s model name), then TRIM should be on and working. If you have an aftermarket SSD and TRIM is not enabled (which is the case for most aftermarket SSDs), then you can force macOS to use TRIM using the trimforce command.

After enabling TRIM (via trimforce), newly-deleted files will be TRIMmed, but files deleted before enabling it will not, so if you want to rely on TRIM, be sure it is enabled before you erase your data.

In older versions of macOS, Disk Utility would display a message indicating that it has TRIMmed all free space at the end of a repair, so you could perform a repair to make sure all deleted files have been TRIMmed. But in Big Sur, I no longer see this message, so I don’t know if it is still doing that or not.

In general, if you don’t have a genuine Apple SSD, it’s probably safest to assume that TRIM is not enabled and you should wipe the drive with all-zeros before reinstalling macOS.

I’m on Mojave with FileVault enabled, and while I’m not planning on erasing the drive anytime soon, I just want to make sure I understand correctly that performing a basic erase is enough to delete the key? After which reinstall the OS for added coverage.

I always erase my devices before handing them to Apple. The Genius Bar has actually helped me with this before.

Yes, if you have FileVault 2, you will essentially securely erase your drive as soon as you format it. Boot from another volume (external clone, Recovery or Internet Recovery, etc.) and choose to format the drive as APFS unencrypted. No password will be set. The drive will still contain the bits that were set there before, but since they had been encrypted with FileVault 2, you’d need that FileVault key to encrypt them. Without that key, anything left on that drive is gibberish.

A problem would be if you did not have FileVault 2 enabled, or possibly, if you only enabled it after you had already stored and later deleted data before turning on FileVault encryption. That is where secure erase via writing zeros or random data (DOE or DOD schemes) come into play. But with FV2 encryption, none of hat is necessary. “Cryptographic erase” is really an awesome feature: it’s quick, it’s thorough, and it’ incredibly easy to carry out. It’s the way we these days with SSDs should be dealing with privacy concerns when selling our Macs or getting rid of an SSD.

1 Like

Thank you Simon - that answers my question. I purchased the machine in Sept. 2019, and I don’t believe I turned on FileVault until sometime either later that year or possibly not until the following year, but I don’t think during that time I had anything vital stored on it. I have since stored a few passwords in my browsers (none for banking) which could always be deleted (assuming I remember first!) and have never stored any credit card info either. So I may have a small risk for whatever may not have been encrypted, but as I stated, I do not plan to sell anytime soon.

My understanding is that if you are running on a Mac with a T2 processor or are running on Apple Silicon, there is an encryption key for the built-in SSD in the Secure Enclave. Erasing the drive causes that key to be regenerated, making the current data on the SSD unreadable.

If this is correct, that makes securing the internal drive on current Macs an almost trivial process, not worthy of a long discussion.

Since almost all Macs produced in the last several years fit this case, if my supposition is correct, it would be brought up quickly in the discussion, dealt with, and then more difficult cases would be discussed. Since that has not been the case, I’m curious what I am missing.

That’s not the way I’ve understood it.

The T2 encryption binds the SSD to the T2 chip, so you can’t remove the flash media and read it on any other computer. This is highly unlikely when the flash is soldered down, but when it’s on a plugin card (e.g. a Mac Pro), it prevents the SSD from being read on another computer.

But I don’t think that key is regenerated as a part of erasing the drive, since that key is needed for accessing file system structures below the level of a volume (e.g. the partition table).

If you have a source that says otherwise, please share it.

So, the presence of a T2 does not change the rationale for using FileVault. The T2 encryption will prevent an attacker from bypassing the SSD controller, but it is completely transparent to software running on the Mac that has the T2 and its paired flash storage - which is why Target Disk mode still works on a T2 Mac without FileVault.

With respect to erasing an old Mac, what a T2 will do for you is that simple file-erase or volume-erase operations (which will be erased with TRIM on any Apple-provided SSD, including a T2) can be considered secure because there’s no way to bypass the T2’s SSD controller logic.

That’s the way I understand it as well. The encryption key used by T2 to access the SSD is not exposed to the user or macOS. This xART key is a hardware key that’s used even when no FV is involved at all. And when you do use FV2, FV2’s key is in addition to the xART key, not instead of it or related to it. The xART hardware key is there merely to prevent the hardware from being removed and read out on another system (or read out via bypass of its controller [the T2 SoC]). So on a MP for example, you first need to set up a new (socketed) internal SSD with the MP’s T2 before you can use the new disk.

But don’t take it from me. Here’s a good source on how disk encryption on Macs works covering FV1 vs. FV2 and M1/T2 vs. T1 vs. older Macs.