cancel
Showing results for 
Search instead for 
Did you mean: 

Maximus X Hero: ASUS Secure Erase despite NVMe-SSD *not* listed in QVL (= dangerous?)

The_Spirit_of_M
Level 7
Hi,

I did a massive HW Upgrade approx. 2 months ago (new MB, new CPU, new memory, new GPU and new SSD in addition to new HDD, new optical drive and now also a new case). The new Motherboard is the ASUS Maximus X Hero flashed to the latest BIOS version (1801) via USB BIOS Flashback (without CPU being present at the time). A few weeks ago, I started to assemble the new parts together and with my new case having arrived just recently, I'm finally done assembling and the PC is running fine since a few days - at least, I cannot see or find any defects or issues on ANY of the above mentioned components;)

Now, I want to Secure Erase my NVMe SSD (Samsung SSD 970 Evo Plus 1TB, M.2 (PCIe x4), released to market End January 2019, no new firmware available yet...), after having already done the same to my HDD. There are 3 ways I can do this: 1.) Secure Erase/Enhanced Secure Erase via Linux command line, 2.) Secure Erase via manufacturer-provided method (preparing a SE bootstick with Samsung Magician software) and 3.) Secure Erase directly from the BIOS/UEFI (Tools -> Secure Erase). With the latest BIOS version 1801, my Maximus X Hero now also supports SE for NVMe-SSDs!

I want to do method 3.) first, but the above mentioned SSD is not listed in the QVL for Secure Erase (and neither is the regular 970 Evo - the latest Samsung NVMe models listed in the QVL are the 960 Series), which is quite understandable since the "Plus" model came to market AFTER the latest BIOS Update for M10H was released, which was in End December 2018. In particular, I was scared by this warning that is displayed in the "Secure Erase" menu of the "Tools" section:

"WARNING: Ensure that you run Secure Erase on a compatible SSD. Running Secure Erase on an incompatible SSD will render the SSD totally unusuable.
NOTE: For the list of Secure Erase-compatible SSDs, visit the ASUS Support site at www.asus.com/support"


I don't know, what to do now - I don't want to brick my new-purchased SSD, that's for sure...

T.S.O.M.
27,010 Views
6 REPLIES 6

Guitarmageddon1
Level 9
The Spirit of Morpheus wrote:
Hi,

I did a massive HW Upgrade approx. 2 months ago (new MB, new CPU, new memory, new GPU and new SSD in addition to new HDD, new optical drive and now also a new case). The new Motherboard is the ASUS Maximus X Hero flashed to the latest BIOS version (1801) via USB BIOS Flashback (without CPU being present at the time). A few weeks ago, I started to assemble the new parts together and with my new case having arrived just recently, I'm finally done assembling and the PC is running fine since a few days - at least, I cannot see or find any defects or issues on ANY of the above mentioned components;)

Now, I want to Secure Erase my NVMe SSD (Samsung SSD 970 Evo Plus 1TB, M.2 (PCIe x4), released to market End January 2019, no new firmware available yet...), after having already done the same to my HDD. There are 3 ways I can do this: 1.) Secure Erase/Enhanced Secure Erase via Linux command line, 2.) Secure Erase via manufacturer-provided method (preparing a SE bootstick with Samsung Magician software) and 3.) Secure Erase directly from the BIOS/UEFI (Tools -> Secure Erase). With the latest BIOS version 1801, my Maximus X Hero now also supports SE for NVMe-SSDs!

I want to do method 3.) first, but the above mentioned SSD is not listed in the QVL for Secure Erase (and neither is the regular 970 Evo - the latest Samsung NVMe models listed in the QVL are the 960 Series), which is quite understandable since the "Plus" model came to market AFTER the latest BIOS Update for M10H was released, which was in End December 2018. In particular, I was scared by this warning that is displayed in the "Secure Erase" menu of the "Tools" section:

"WARNING: Ensure that you run Secure Erase on a compatible SSD. Running Secure Erase on an incompatible SSD will render the SSD totally unusuable.
NOTE: For the list of Secure Erase-compatible SSDs, visit the ASUS Support site at www.asus.com/support"


I don't know, what to do now - I don't want to brick my new-purchased SSD, that's for sure...

T.S.O.M.


I have always used parted magic for this sort of thing. It's not free anymore but it's highly useful and good to keep stashed on a thumb drive for these types of uses. As for your original question, yes that would make me nervous too. Not sure the method it uses to do the erasing.
https://partedmagic.com/nvme-secure-erase/

SK8
Level 10
I have used bios Tools , Secure Erase on a SSD not listed in the past BUT it was a older SSD I was not stressed over it if I killed it lol, It did clean it and its still going. But I am not so sure I would use it on a new SSD not listed. I have never used parted magic but it does sound like good advice and your best bet .
Bios 602 and did a bios update doh
passed 8hr test on Karhu RamTest
Set to Manual OC
Dram Frequency 4266MHz
Dram voltage 1.45v
CPU VCCIO Voltage 1.25v
CPU System Agent Voltage 1.29v
Dram timing control 17-18-18-38
Mode1
Dram command rate set to 2N set dram current capability to 130%

Hey,

Thank You both for your replies! I think, I will give ASUS Secure Erase a try - I guess, the warning message is for reference only or a disclaimer, so ASUS is legally covered for the case, someone destroys his/her SSD with that function. Is that so?

I mean WHY should that function kill a SSD, just because it is not listed in QVL? I don't think, the Samsung 970 Series is fundamentally different to the 960 Series (which is QVL-approved)...

Does anyone else have experience with this function in conjunction with a "non-approved" NVMe-SSD?

About Parted Magic: I already know it and it isn't really necessary if you have a recent Linux distribution - it will likely have the NVMe CLI program included and if not, you can manually get it's repository afterwards;)

Just my 2 cents,

T.S.O.M.

In doing some more research, it appears there is both a secure erasse as well as a sanitize function in parted magic, and I'm not sure which type Asus refers to in the bios. Older drives could only secure erase while newer can also sanitize. Secure erase would just remove the drives mapping table, while sanitize for newer drives actually removes the table plus all data.

PerpetualCycle
Level 13
Why not do it with the Samsung secure erase. That will work and is safest.
Why do you feel you need to secure erase it?

Btw, all the secure erase should do is send a command to the processors in the ssd and wait for it to finish.

ROG Dark Hero Z790 | 13900KS @5.7 GHz | g.skill 2x48GB 6800 MT/s | ROG Strix 4070 Ti | EK Nucleus 360 Dark | 6TB SSD/nvme, 16TB external HDD | 2x 1440p | Vanatoo speakers with Klipsch sub | Fractal North XL case

geneo wrote:
Why not do it with the Samsung secure erase. That will work and is safest.
Why do you feel you need to secure erase it?


Because I can't create a bootable USB stick with the Samsung Magician software (Version 5.3) for some unknown reason - probably because I installed Magician on a computer that hasn't any Samsung drive on it. The "Secure Erase" option on the Magician main control panel just won't show up - even when I insert and select a FAT32-formatted usb stick on the control panel...

Guitarmageddon888 wrote:
In doing some more research, it appears there is both a secure erase as well as a sanitize function in parted magic, and I'm not sure which type Asus refers to in the bios.


It has nothing to do with Parted Magic, it's part of the (S)ATA specification - drives with SATA 3.2 (or maybe 3.1) feature set shall support "SANITIZE" commands. The most well-known commands are "SANITIZE OVERWRITE [PATTERN]" (for HDDs only), "SANITIZE BLOCK ERASE" (for SSDs only*) and "SANITIZE CRYPTO SCRAMBLE" (both HDDs and SSDs*, for encrypted drives). Any recent Linux distribution should support the SANITIZE feature set via the hdparm program/command. Newer SCSI drives also support very similar SANITIZE commands.

Neither the classic ATA Secure Erase/Enhanced Secure Erase nor SANITIZE is of use for NVMe drives, because, as the name implies, these commands are for (S)ATA HDDs and SSDs only (and probably also SCSI drives) - but not for SSDs that use the NVMe/PCIe interface. *However*, nowadays, the NVMe protocol has it's own command set NVMe-CLI - which I mentioned in my first reply. And this command set has it's own "Secure Erase" feature set, which can be used to secure erase/reset NVMe-SSDs. It's either included in recent Linux distributions or it's repository can be manually downloaded/fetched afterwards;)

But I'm NOT sure, ASUS Secure Erase is the same or uses the same interface/protocol for it's actions...

* = for SATA-based devices only; so, only SATA-SSDs can use this command set appropiately/safely. DON'T USE these commands for NVMe/PCIe-SSDs or any other drive that's not connected via SATA interface!

Guitarmageddon888 wrote:

Older drives could only secure erase while newer can also sanitize. Secure erase would just remove the drives mapping table, while sanitize for newer drives actually removes the table plus all data.


Yup, newer drives should support SANITIZE and yes, it seems to be better than classic "Secure Erase" - but it is also slower and possibly also more dangerous (according to tinyapps.org, some HDDs were bricked after being issued the "SANITIZE OVERWRITE" command), so use it with extreme caution!

T.S.O.M.