Clarify Manufacturer Support for Secure Erase and Sanitize

[fthobe]

Currently there's no clarity regarding the support of sanitize / secure erase standard commands by manufacturers.

In preparation of future developments a compatibility matrix of supported secure erase / sanitisation standards would be helpful.

The table below illustrates the current state information and will be updated on a rolling base:

The following table illustrates the compatibility of standard sanitize commands with the manufacturer:

Manufacturer	Manufacturer Tool (MFT)	SATA	SAS	NVME
Samsung	Samsung DC Toolkit 2.1	Use MFT	Use MFT	Use MFT
Intel / Solidigm	Solidigm™ Storage Tool	Use MFT	Use MFT	Use MFT
Western Digital	supports SAS / SCSI format unit command	hdparm sanitize	sg_utils sanitize	nvme-cli sanitize
Sandisk	supports SAS / SATA / SCSI format unit command	hdparm sanitize	sg_utils sanitize	nvme-cli sanitize
SK Hynix	Unconfirmed for Linux	N/A	N/A	N/A
Kioxia *	Binary for Linux legacy SSD Manual	N/A	sg_utils sanitize**	nvme-cli sanitize**
Micron	Unconfirmed for Linux	N/A	N/A	N/A
Kingston	Unconfirmed for Linux	N/A	N/A	N/A
Others	Unconfirmed for Linux	N/A	N/A	N/A

* Support varies, check SKU individually
** See vendor details below

Following manufacturers are confirmed by documentation or publicly accessible replies:

• Seagate: Broad Support, but to be verified on per device bases Ongoing Discussion on Seachest
• Western Digital: https://documents.westerndigital.com/content/dam/doc-library/en_us/assets/public/western-digital/collateral/tech-brief/tech-brief-instant-secure-erase-overview.pdf
• Intel / Solidigm: unconfirmed
• SK Hynix:
• Micron: unconfirmed
• Kingston: unconfirmed
• Kioxia: SIE models supported

[fthobe]

Updated with information for Kioxia

[fthobe]

Hi @sc108-lee , I saw some of your contributions to the nvme-cli. We are currently trying to determine sata / sas / nvme sanitize support for nwipe and I saw that most Samsung sata SSDs can receive firmware updates via the nvme client, do you know if they also respond to the nvme-cli sanitize command? I am struggling to understand if Samsung sata disks are compliant to SATA sanitize commands, as the official Samsung tool contains hdparm, but there's no documentation regarding compliance with optional sata standard commands.

[sc108-lee]

Hi @fthobe , As far as I know, Samsung NVMe device support sanitize command via nvme-cli, since NVMe spec 1.3 introduce sanitize command.
Unfortunately, I have no experience of sata / sas device.
I assume that if spec says mandatory, they might support same way.

[fthobe]

Hi @sc108-lee ,
thank you so much for your reply and first of all thank you for your contributions to NVME. I hope I can bother you with two more questions :)

I assume that if spec says mandatory, they might support same way.

Unfortunately it's an optional command. In theory if supported it should be supported fully, but to my knowledge support is often incoherent, despite the standard defining it as either fully supported or not supported at all.

As far as I know, Samsung NVMe device support sanitize command via nvme-cli, since NVMe spec 1.3 introduce sanitize command.

Do you know from your experience if nvme id-ctrl -H always yields a correct output on Samsung devices? Not all manufacturers have always been 100% compliant with optional interface standard features.

# nvme id-ctrl -H /dev/nvme1
...
  [2:2] : 0   Overwrite Sanitize Operation Not Supported
  [1:1] : 0x1 Block Erase Sanitize Operation Supported
  [0:0] : 0   Crypto Erase Sanitize Operation Not Supported
...

Do you know somebody working on the DC Toolkit or Samsung Magician so that we can ask the same questions?

[sc108-lee]

Do you know from your experience if nvme id-ctrl -H always yields a correct output on Samsung devices? Not all manufacturers have always been 100% compliant with optional interface standard features.
Yes, From my experience, id-ctrl SANICAP always shows right data.