How to Securely Erase a Mac’s SSD or Hard Drive

That won’t work on APFS. Even aside from how SSDs actually work, it’s already bound to fail on the FS level.

On APFS, when you “copy a file” the bits of that file do not get duplicated on your platter or flash. There’s merely a couple pointers that get added in your FS table. That’s why these days on APFS the Finder can duplicate a 100GB file in 2 sec. :+1:

I think folks would be wise to go read the original thread first. A whole bunch of stuff is being repeated here that was detailed at length already over there. Read count > post count IMHO.

The link is of course front and center in @ace’s nice article, but perhaps some folks are not even reading that. So here. Read this first:


True…but I remember a terminal command using cat and pointing it to device /null will create a new file of all 1s or 0s…let that fill the disk, erase, and repeat a couple times with reboots in the middle after erasing any vm files as well from /etc/var or wherever they live…can’t remember off the top of my head…that will be sufficient I honk to remove your data from any casual or even more than casual user…as previously noted only physical destruction is a guarantee and that means you can’t trade it in or pass it on. One could also just record a ery long video from the camera until the drive fills as well…but gain not perfect as any of the marked don’t use blocks could still potentially have some data…but gain short of destruction some of that might remain.

But seriously…for most normal people…and even the majority of greater than normal people…the above should be sufficient…and the greater than greater than normal VIP type people have enough money to not worry about a trade in just don’t worry and just smash it with a sledge hammer works just fine.

As a long time computer security guy…don’t forget that better is the enemy of good enough. Back when I worked in the ‘in the closets world…we just hit the dead drives with a sledge to break them open, pulled the platters and tossed them into a box in the server room…and every year or so me and one of my buddies would get ourselves a couple of Marines, arm the 4 of us with 1911s, and take them out to a local foundry who melted them for us. Some of the slightly less sensitive stuff we could have used the giant computer shredder…think of a wood chipper on steroids that could shred an entire computer into confetti…but separating the drives was too hard since we had to melt some of them anyway…and trying to get permission to use the shredder for all ran into the ‘we’ve always done it this way’ problem.

The rules never caught up to the tech.

1 Like

There ya go suggesting common sense Simon…this is the intertubes and I’m not sure that’s legal. :-)

Seriously though…if the drive was encrypted from the get go…the crypto erase is good. If some data got written to it before encryption then potentially blocks containing data got swapped out as bad…and I don’t know enough about the encryption part of macOS to know whether those swapped out blocks get encrypted or not…if so crypto erase is still fine but if not…eh maybe not. That gets you back to still good enough for almost all purposes or destruction if you’re really paranoid…and I highly doubt that Samsung is going to do anything with the old drive besides toss it in the landfill or send it to the recycling folk if it has some value there.


The three kinds of stress…nuclear, cooking and a&&hole. Jello is the key to the relationship.

This is no different from diskutil’s secure-erase (overwrite with one or more passes of zeros or random data).

But, for reasons already mentioned above, that will only wipe software-accessible data. It won’t necessarily wipe data that is inaccessible, but could possibly be recovered by someone able to bypass the device’s normal firmware (hot-spare blocks, SSD garbage blocks, etc.)

And although I haven’t seen actual reports, it wouldn’t surprise me if some SSD firmware takes shortcuts (optimizations?) like marking a block as garbage without writing anything when you write all-zeros to a block (which you would never see as a user, since a logical block that isn’t mapped to physical storage will simply read back as all-zeros).

Hardware de-duplication (assigning two logical blocks to a single physical block when the data is identical) is also something that wouldn’t surprise me (depending on what kind of files are stored on the device, this could greatly reduce the number of write cycles on the flash storage.)

Modern storage is far too complicated to assume that simple solutions, which worked just fine in the 80’s and 90’s, are going to work as expected today.

If you don’t think the next person in possession of your drive will send it to a data recovery company or a government agency, then a simple one-pass erase (or reformatting with TRIM) is sufficient. But there are plenty of people (some of whom are probably represented here) who don’t believe they can afford to take that chance.

Then physical destruction is really the only viable option…because we just don’t know how the device firmware works.


… or encryption. Encrypt the drive when it is new - before you add any content. Then at disposal time, reformat it and change/lose the key. Any data remaining in the garbage space will be encrypted with a key that nobody has, and will be meaningless to anyone scavenging it for data.

… and now we’re back to the article’s conclusions. :slight_smile:


Yep…that’s the only choice except for destruction if one is either that paranoid or has NDA or HIPP or legal dealings or whatever on the drive so. That only 100% non-recoverability is acceptable. However…most of us don’t fall into those categories…and absent those cases, which every user must decide for themselves…erasing the drive, new partition and encrypted, fill with a large file or a series of large files that aren’t duplicates, then deleting the key is good enough for the majority of users since most people aren’t really going to pay the money to see if they can recover anything.

I went over this thread a couple of times, unfortunately most of the information is over my head. I have a 2019 macbook air I plan to trade in/recycle to Apple so I obviously need to keep the drive intact. Apple’s instructions are simply to erase, then install a new system – no mention of safe-reboot per @ernst

Do we even know what Apple does with these trade-in’s …?

The computer had FileVault at some point, which was removed when it exchanged hands within the family, so it’s no longer encrypted.

Appreciate any insight, Brenda

A 2019 MacBook Air has a T2 chip and the flash memory is soldered to the board.

Since there is a T2, the data is already encrypted and therefore can not be accessed if the T2 is bypassed (e.g. by removing the chips). FileVault on this Mac simply associates a password with the encryption keys, but doesn’t actually change the underlying beheavior.

So an erase-and-reinstall from Recovery mode should be sufficient to securely erase everything. Erasing the volume will cause TRIM to be called for the entire volume, marking all the old data as garbage, and making it inaccessible to software. And since the chips are cryptographically tied to the SSD controller (the T2), there is no other way to access it.

I suppose it is theoretically possible for someone to replace the T2’s firmware with something that could provide access to the garbage data, but as far as I know, only Apple would have the ability to develop this firmware and based on everything I’ve read, I think they would refuse to do this (just like they refused to develop firmware that would let the FBI bypass iPhone security), and even if they did, I suspect it wouldn’t work unless the replacement firmware was installed before you erased the SSD.

In other words, unless you’ve got something so secret that government agencies are trying to force their way in, I would just follow Apple’s instructions and be comfortable with the result.


Thanks so much, David. I really appreciate it.