This is an old revision of the document!

Information

Quick-commands to wipe drives and clear EFI variables
Notably performs full-drive TRIMs for SSDs (ArchWiki)
Useful to perform before OS installations

Ideally use openSUSE Tumbleweed's latest GNOME Live image on USB due to it having up-to-date tools, a GUI, and USB data persistence ¹⁾

Tools

sudo zypper install 'nvme-cli' -y && sync

sudo apt install 'nvme-cli' -y && sync

sudo dnf install nvme-cli hdparm -y && sync

Suspend/Wake

Some motherboard firmware lock/freeze drives, and prevents some wipe commands from working
Unlocking drives can be done with a suspend and wake
This applies to both SATA and NVMe drives

sync && systemctl suspend

lsblk

Always check before running anything
Assume nothing; all commands below are immediately destructive on the block device they're ran on

lsblk

EFI Variables

sudo rm -f '/sys/firmware/efi/efivars/'* || sync && sudo efibootmgr -v

Drive Wipe

Notes

2024/05/02: TODO: Try nvme sanitize

4K Sectors

Steam and Oculus were known to be broken with 4K sector size on Windows 11
Steam and Oculus worked fine with 4K sector size on Windows 10 LTSC 2021 and Linux
iTunes possibly fails with 4K sectors due to Bonjour and dnssd.dll (thread)

See sector_size to check or switch to available sector disk formats

nvme0

This is using LBA Format 1 for 4K sector size

sudo blkdiscard --force --verbose '/dev/nvme0n1' && sync && sudo nvme format '/dev/nvme0' --force --namespace-id='1' --lbaf='1' --reset --ses='1' --pil='0' --pi='0' --ms='0' && sudo rm -f '/sys/firmware/efi/efivars/'* || sync

sudo blkdiscard --force --verbose '/dev/nvme0n1' && sync

sudo nvme format '/dev/nvme0' --force --namespace-id='1' --lbaf='1' --reset --ses='1' --pil='0' --pi='0' --ms='0' && sync

sudo wipefs --all --force '/dev/nvme0n1'

LBA 0

This is using LBA Format 0 for 512 sector size

sudo blkdiscard --force --verbose '/dev/nvme0n1' && sync && sudo nvme format '/dev/nvme0' --force --namespace-id='1' --lbaf='0' --reset --ses='1' --pil='0' --pi='0' --ms='0' && sudo rm -f '/sys/firmware/efi/efivars/'* || sync

sudo nvme format '/dev/nvme0' --force --namespace-id='1' --lbaf='0' --reset --ses='1' --pil='0' --pi='0' --ms='0' && sync

nvme1

This is using LBA Format 0

sudo blkdiscard --force --verbose '/dev/nvme1n1' && sync && sudo nvme format '/dev/nvme1' --force --namespace-id='1' --lbaf='0' --reset --ses='1' --pil='0' --pi='0' --ms='0' && sudo rm -f '/sys/firmware/efi/efivars/'* || sync

sudo blkdiscard --force --verbose '/dev/nvme1n1' && sync

sudo nvme format '/dev/nvme1' --force --namespace-id='1' --lbaf='0' --reset --ses='1' --pil='0' --pi='0' --ms='0' && sync

sudo wipefs --all --force '/dev/nvme1n1'

sda

sudo blkdiscard --force --verbose '/dev/sda' && sync && sudo hdparm --user-master u --security-set-pass 'x' '/dev/sda' && sudo hdparm --user-master u --security-erase 'x' '/dev/sda' && sudo hdparm --user-master u --security-set-pass 'x' '/dev/sda' && sudo hdparm --user-master u --security-erase-enhanced 'x' '/dev/sda' && sudo rm -f '/sys/firmware/efi/efivars/'* || sync

sudo blkdiscard --force --verbose '/dev/sda' && sync

sudo hdparm --user-master u --security-set-pass 'x' '/dev/sda' && sudo hdparm --user-master u --security-erase 'x' '/dev/sda' && sync

sudo hdparm --user-master u --security-set-pass 'x' '/dev/sda' && sudo hdparm --user-master u --security-erase-enhanced 'x' '/dev/sda' && sync

sudo wipefs --all --force '/dev/sda'

sdb

sudo blkdiscard --force --verbose '/dev/sdb' && sync && sudo hdparm --user-master u --security-set-pass 'x' '/dev/sdb' && sudo hdparm --user-master u --security-erase 'x' '/dev/sdb' && sudo hdparm --user-master u --security-set-pass 'x' '/dev/sdb' && sudo hdparm --user-master u --security-erase-enhanced 'x' '/dev/sdb' && sudo rm -f '/sys/firmware/efi/efivars/'* || sync

sudo blkdiscard --force --verbose '/dev/sdb' && sync

sudo hdparm --user-master u --security-set-pass 'x' '/dev/sdb' && sudo hdparm --user-master u --security-erase 'x' '/dev/sdb' && sync

sudo hdparm --user-master u --security-set-pass 'x' '/dev/sdb' && sudo hdparm --user-master u --security-erase-enhanced 'x' '/dev/sdb' && sync

sudo wipefs --all --force '/dev/sdb'

sdc

sudo blkdiscard --force --verbose '/dev/sdc' && sync && sudo hdparm --user-master u --security-set-pass 'x' '/dev/sdc' && sudo hdparm --user-master u --security-erase 'x' '/dev/sdc' && sudo hdparm --user-master u --security-set-pass 'x' '/dev/sdc' && sudo hdparm --user-master u --security-erase-enhanced 'x' '/dev/sdc' && sudo rm -f '/sys/firmware/efi/efivars/'* || sync

sudo blkdiscard --force --verbose '/dev/sdc' && sync

sudo hdparm --user-master u --security-set-pass 'x' '/dev/sdc' && sudo hdparm --user-master u --security-erase 'x' '/dev/sdc' && sync

sudo hdparm --user-master u --security-set-pass 'x' '/dev/sdc' && sudo hdparm --user-master u --security-erase-enhanced 'x' '/dev/sdc' && sync

sudo wipefs --all --force '/dev/sdc'

Sector Size

NVMe

sudo nvme id-ns '/dev/nvme0' --namespace-id='1' --human-readable

sudo smartctl --all '/dev/nvme0'

sda

sudo smartctl --all '/dev/sda1'

sudo hdparm --set-sector-size '4096' '/dev/sda'

¹⁾

can copy a command into Terminal and run it on one machine, boot the drive on another machine, and use Terminal history to re-run the command; it's quite convenient :p

RoE | Wiki

Table of Contents