|Appendix|93
which slows down the process of recording new data. In theory, there shouldn’t be such problems, because
TRIM exists - a command to clear the data marked for deletion in cells. This command only works with
2.5” and M.2 SATA drives. For drives connected to the PCIe bus (M.2 or PCIe on the motherboard) there is
an analogue - Deallocate. But it happens that these functions are disabled for some reason - an OS error,
a user error in setting up a disk through third-party software, or the use of non-standard OS assemblies
with unknown software components. So, the disk starts to work noticeably slower and it is quite noticeable
without any benchmark performance measurements.
SSDs use a number of mapping layers that hide the physical layout of the flash-based memory, as well as
help in managing how flash memory data integrity and lifetime are managed. Collectively, these layers are
referred to as the Flash Translation Layer (FTL).
SSDs are also over-provisioned: they contain a bit more flash memory than what they’re rated for. This extra
memory is used internally by the FTL as empty data blocks, used when data needs to be rewritten, and as
out-of-band sections for use in the logical to physical mapping.
The mapping layers, and how the flash controller manages memory allocation, pretty much ensure that
either erasing or performing a conventional hard drive type of secure erase won’t ensure all data is
overwritten, or even erased at all.
One example of how data gets left behind intact is due to how data is managed in an SSD. When you edit a
document and save the changes, the saved changes don’t overwrite the original data (an in-place update).
Instead, SSDs write the new content to an empty data block and then update the logical to physical map
to point to the new location. This leaves the space the original data occupied on the SSD marked as free,
but the actual data is left intact. In time, the data marked as free will be reclaimed by the SSD’s garbage
collection system, but until then, the data could be recovered.
A conventional Secure Erase, as used with hard drives, is unable to access all of the SSD’s memory location,
due to the FTL and how an SSD actually writes data, which could lead to intact data being left behind.
SSD manufacturers understand the need for an easy way to sanitize an SSD, and most have implemented
the ATA command, Secure Erase Unit (used with SATA-based SSDs), or the NVMe command, Format NVM
(used with PCIe-based SSDs) as a fast and effective method of securely erasing an SSD.
So, SSD drives have a non-trivial system of work, therefore, the scheme for the complete destruction of
data should also not be the easiest. But in reality, this is not so at all. Any SSD has a controller that is the
"brain" of the drive. He not only tells the system where to write data, but also encrypts the information
passing through it and stores the key with himself. If you remove (or rather replace) a given key, then all the
information will turn into a random set of 1 and 0 - it will be impossible to decrypt it in any way. Just one
simple action by the user can solve the problem of safe data erasure. This method is the fastest and most
effective.
Note:
To protect information that is critical, both for serious organizations that are concerned about
the safety of data and for public sector enterprises working with information classified as state
secrets, information systems should usually use certified sanitation algorithms (US DoD 5220.22-M,
Canadian OPS-II, NSA 130-2 etc.).
If you combine these two methods (replacing the key and resetting the cells), you get the perfect algorithm
for obtaining a completely sterile disk in the state of its maximum performance. This, firstly, solves the
problem that we raised at the very beginning, and, secondly, it can help us answer the question about the
degree of drive wear.
It is important to note that some drives with built-in encryption can receive only one algorithm upon
receipt of a safe erase command - it depends on the controller settings by the manufacturer. If you "reset"
your SSD and compare the actual performance with the declared one, you will get the answer to this
question. This procedure does not affect disk wear (which is very important). Note that these actions are
designed specifically for analyzing the state of the disk, but it will not be possible to achieve a long-term
increase in the read/write speed due to the peculiarities of the operation of SSD disks - the situation may
©
1999 - 2024 LSoft Technologies Inc.