Securely Erasing a Mac SSD

I've recently made the switch to an SSD for my boot drive. And, yes, it is good. Everything feels all buttery smooth now; I don't feel like I'm waiting for my system to catch up to me as much. It was a bit of a hassle, but totally worth it. But that's not what I'm here to talk about.

The Problem

If you ever want to, say, sell your now SSD-equipped computer, you're probably going to want to erase its contents as securely as possible. Back in the HD days, this was very well-understood and relatively easy to do. You simply overwrote every bit of data on your Hard Drive numerous times with zeroes or random data or what have you. There are command-line tools that allow you to do this, as well as Disk Utility's Secure Erase Options, which allow very secure and thorough erasure of a drive. But because of the way that SSDs work, all this goes out the window.

I'm not a Hard Drive or SSD expert, but, in a nutshell, in order to maintain performance and increase longevity, SSDs add another level of abstraction between the device and the filesystem that makes it impossible for the OS to accurately know the location of a given file on the actual device. This means that it's virtually impossible to securely erase individual files. So the question becomes: How do I securely erase the entire drive?

We Want... Information (-ation, -ation)

The tools and procedures for securely erasing SSDs are not self-evident. I poured over a pretty hefty amount of literature before arriving at a method that I think will work fairly effectively. Since there's no way to accurately erase individual files, this method erases the entire SSD. And since the best way to do this, while still balancing usability and effectiveness, is to use encryption, we'll be enabling FileVault 2 in Lion, as well as, of all things, Find My Mac in iCloud. I'll go over all of this in a bit, but let me first talk a bit about my thinking.

My Thinking

The most secure way to delete an SSD is to find a way to scrub the drive, to go through every cell on the SSD and overwrite the data, similar to how you would securely delete a typical hard drive, but at the hardware level. Out of the box the Mac has no way to do this. There are a variety of Linux and Windows utilities — some of which come directly from the drive vendors — that allow you to do this, but they require a huge number of hoops to jump through, not the least of which is creating a Linux LiveCD or Windows machine to boot from, as well as a significant time investment. Using this method, while perhaps a more secure deletion of the data, will be time consuming, difficult and error-prone.

As I mentioned, there's a ton of literature on the topic of securely erasing SSDs, but the vast majority of it is theoretical. There are very few articles that actually tell you, practically, how to go about securely erasing your SSD. What got me thinking in the right direction was an article from Ars Technica that very broadly discussed the various difficulties with and methods for secure SSD erasure. In it, they talk about drive scrubbing approaches, but then they also mention using an encryption-based approach:

"The most popular option for protecting data, absent of robust secure erasing tools that scrub right down into the over-provisioned cracks, is to encrypt the SSD's contents. This way, if someone's coming after your data, the only thing you need to make sure is off the drive is the security key (128- or 256-bit AES is recommended) and your bits will be safe, unless whoever wants your data is up to cracking that code."

This caught my attention, because it sounds very much to me like the secure erase procedure that newer iPhones use. If you've ever securely erased an iPhone 3GS or later, you may have noticed that it goes extremely fast. Older phones take a long time because they're actually scrubbing the SSD clean of data, but newer ones are really fast because all they're actually doing is deleting the encryption key, making the data virtually impossible to access.

Finding a similar procedure for an SSD-equipped Mac was no easy feat, but I think I've dug one up that may work for most typical users who just want to pass on their SSD-equipped Macs without worrying about someone accessing their private data. The thing that's tricky about doing this is that Apple has provided no similar utility for erasing SSDs as they have for the iPhone. On an iPhone you simply go to your Settings and choose:

General->Reset->Erase All Content and Settings.

There is no such utility on a Mac.

Or is there?

Enter: FileVault 2

Mac OS X10.7, Lion, has a new feature called full disk encryption, now popularly known as FileVault 2. What FileVault 2 does is take all the data on your boot drive — which in my case is my SSD — and encrypts it. The encryption key is stored on the disk and is only accessible with your home account password (or any other user's password that you allow). In and of itself, in fact, assuming you have a reasonably secure password, simply enabling FileVault 2 on your boot drive provides a pretty decent degree of security: No one can access the contents of your disk without your password.

Encryption key deletion, a la the iPhone, provides the final layer of security, but how do you go about doing such a thing? The Apple literature on FileVault 2 makes reference to something called "Instant Wipe:"

"With FileVault 2, instant wipe removes the encryption key from your Mac instantaneously, making the data completely inaccessible."

Enter: iCloud & Find My Mac

I have yet to find a way to access this "Instant Wipe" from my Mac, nor is there any reference to it in the Help files. But with the addition of the Find My Mac feature, now freely available via iCloud, a Mac can securely erase a drive in a fashion quite similar to that of the iPhone. Find My Mac allows Mac users to remotely locate and lock, send messages and alert sounds to, and — most important for our purposes — wipe a lost Mac. Of course, this functionality works perfectly well with Macs that aren't lost as well.

Sending the "Wipe" command to your Mac from Find My Mac (either via a browser logged in to iCloud or from Find My iPhone on your iPhone) will do the same thing to your Mac that Secure Erase does on your iPhone. It will erase the encryption key that protects the data on your SSD.

"The Remote Wipe command is, of course, a last resort, as it instantly destroys the boot drive's contents by erasing the encrypted volume's key, rendering the drive's contents unusable."

This means that, once the encryption key is deleted, even you will no longer be able to access your data with your password. Once this happens, the only way to access the data is to decrypt it, and without the key, this is a monumental task far beyond the capabilities of most users. The XTS-AES 128 bit encryption that Lion uses is extremely difficult and time consuming to crack. In fact, though there are more secure options out there, I believe this one has yet to be cracked at this point.

Also, once the encryption key is wiped, the wipe command apparently goes through and deletes all the data as well:

"Instant wipe removes the encryption key from your Mac — making the data completely inaccessible — then proceeds with a thorough wipe of all data from the disk."

It's unclear exactly how this wipe is performed. Does it happen at the hardware level clearing data from each and every cell of the SSD? Are the files overwritten multiple times with random data or are they just marked offline? It's hard to tell from the scant online literature I've seen; even the developer docs seem to be out of date. But whatever the case, this is pretty durned good security for the average joe.

So, how to get all this working? There are only two things you need to set up: FileVault 2 and iCloud with Find My Mac

This article is already long enough, so I won't go into FileVault 2 or iCloud setup here. They're easy to do and there's already plenty of information about the procedures. Here are some great links to get you started:

Set Up Filevault 2

Set Up iCloud's Find My Mac

Suffice to say, once these services are configured, erasing your SSD, when the time comes, should be as simple as logging in to iCloud, locating the Mac in question using Find My Mac, and issuing the Wipe command. After a very short amount of time, the encryption key will be deleted, and some time later (how long depends on a number of variables, some of which we don't actually know), your disk will, in theory, be wiped clean of data.

One caveat: I have yet to actually try the Wipe command. Oh, believe me, I intend to. But we're talking about a day out of my life, and that's a day I just don't have to spare. And you know what they say about good intentions. Yeah.

If I do manage to get around to this, I'll certainly post my findings here. I encourage others to do likewise in the comments section of this article.

MORE:

http://arstechnica.com/apple/reviews/2011/07/mac-os-x-10-7.ars/13

http://en.wikipedia.org/wiki/Whole_Disk_Encryption

iBooks Author

I've been poking around a bit with iBooks Author. It's something I find very interesting. See, I've actually been working on a book myself, though maybe not the sort of book you might imagine. It's not a tech book at all. It's actually a comic.

While I'm nowhere near ready to publish, I'm nevertheless understandably interested in digital publishing options. The ePub format is how I've envisioned digitally publishing my book thus far, but iBooks Author offers a whole new wrinkle.

The iBooks Author Format

Like a lot of folks, I was a bit irked when I heard that iBooks Author creates files in a proprietary format only accessible to iOS. It would certainly have been possible for Apple to make iBooks Author create standard ePub formatted content. And that would be nice, but the more I look at the tools, the more I realize that using the ePub format would completely miss the point of this platform. What Apple is trying to do here is change the standard. In the same way they want to revolutionize the world of textbooks, Apple wants to change the way books are made and read. By making them interactive. This is clearly the goal for iBooks Author. Sure, you can make non-interactive books with it, but that misses the point entirely. iBooks Author makes something no other tool can make. And that something is made to run on an iPad.

iBooks Author Beefs

You may note that I said iPad in that last sentence. That was no mistake. From what I can tell, iBooks Author content is not just iOS only, it's iPad only. The Textbook category doesn't even show up in iBooks on the iPhone. Nor can you export from iBooks Author to iPhone. In fact, it's so iPad-centric that even vertical and horizontal orientation are authored for different appearances and behaviors. That's right, a horizontally held iBooks Author product will appear and behave differently than a vertically help one. The iPhone doesn't do this. This is pure iPad, folks.

There are two reasons I put this in the "Beefs" category. The first is that, well, I don't have an iPad, so I have no real way to play with the full iBooks Authoring process. I hope to have this issue corrected eventually, when I finally do end up getting an iPad. I can tell you, iBooks Author is one more reason to do so, and I can see getting one soon.

The other reason is that, somewhat oddly, portrait mode seems to be geared toward reading text. In this mode, text dominates the page and images and other media are added to the sidebar. Tap one of these sidebar items and you'll see the full-screen version, but this layout does not work well for making comics, which are single images on a vertical page. This may make iBooks Author less than ideal for making traditional comics digitally. (And actually, I should point out, making a traditional e-book from a comic is probably the easiest kind of book you can make.) To further illustrate iBooks Author's landscape-centricity, there's even a setting to disallow vertical orientation. But not the other way around.

But this just underscores the point I'm trying to make about iBooks Author. iBooks Author is not about making traditional books. It's about making something new, something specific to the iPad, a new reading experience entirely. One that's rich and interactive. And that's got me thinking about my book in new ways.

iBooks Author Coolness

What ultimately is cool about iBooks Author is this: If you think about it, it's a lot more than just a textbook creation tool, or even just a book creation tool; it's essentially a media wrapper for building simple interactives for iPad. The confusion comes from the name. iBooks Author creates books, right? But again I say, Apple wants us to re-envision the book. This is a book in name only. And this new book lies somewhere between book and application.

What these "books" remind me of more than anything else are the interactive kiosks we have here at the museum. These interactive screens aim to educate and entertain simultaneously by creating an engaging personal experience. The visitor chooses and interacts with the content. They have a certain level of control and agency not afforded by static displays, nor by straight video. And I believe this approach, when done well, can encourage learning.

Using iBooks Author

iBooks Author is very much in the iWork vein. In fact, using it is very, very similar to using Keynote. Keynote projects — as well as Word docs and Mac OS X Dashboard Widgets, for that matter — can even be embedded right into iBooks Author projects. Essentially, as in Keynote, you have an outline on the left and a viewer in the center where you add and modify text and other media. Perhaps the biggest difference is that you'll be authoring in iBooks Author for both vertical and horizontal views. But otherwise, it's very similar.

Conclusion

I have high hopes for iBooks Author. I actually see it as a way to make interactive content that goes far beyond our typical notions of what books are. I suspect  a lot of people will find a lot to like with this tool and the potentially magical things you can create with it with ease and simplicity.

Things I Hate About the Mac App Store

I don't mean to imply with that title — or anything I've written, really — that I think the Mac App Store is all bad. It's not. I like the idea of it quite a bit, and in some cases, particularly that of the Lion upgrade, and also in terms of license handling for individual users, the Mac App Store is quite good. But let's be honest: as a piece of software it's half-baked. It doesn't even seem like a finished application, never mind a system service that will handle core functionality like system software updates. It's sub-iTunes, and that's pretty sub if you ask me. So what are some specfic things I hate?

Unresponsiveness

Launch the Mac App Store and be prepared to wait. Wait while the app loads. Click on a link in the Mac App Store and be prepared to wait some more while whatever you clicked loads. Search for something in the App Store and... Well, you get the idea. I typically wait anywhere from 3 to 10 — you heard me, 10! — seconds for the App Store to fully load on launch. On a new MacBook Pro with 8 Gigs of RAM, no less.

Uncommunicativeness

Not only will you wait after clicking a link, but there will be almost no indication that you've done anything at all. That's right, during the wait time between clicking something and something actually happening, there will be very little to tell you that you've actually initiated an action. The only hint is a small throbber in the toolbar, and it doesn't even always work.

Forgetfulness

Quit the Mac App Store and the next time you launch it it will not return you to your last visited page. No, instead you will see the Featured page, every time, even though Lion is supposed to remember the last state of apps, and even though App Store is a Mac app. This is not only annoying, it's not conducive to shopping.

Unhelpfulness

The Mac App Store in general, in fact, doesn't seem particularly conducive to anything but the most cursory and shallow of shopping endeavors. There is no way to look at more then one item at a time. There is no way to see a list of recently viewed items. There is no way to keep a list of items I'm interested in for perusal and possible purchase later. This is a piece of software that behaves very much like a browser, and, I believe, is even based on WebKit, but has no history or bookmarks. See something you like? Want to save it for later so you can shop around a bit or do some comparison shopping? Better get out a pen and some paper, 'cause this computerized shopping program can't even make wish lists.

Unintentional Humor

I guess the final irony for me is this: How do you expect to sell software with such a shitty piece of software? That just seems like bad salesmanship.

Lion ASR

Call me crazy, but I still prefer ASR for disk cloning. It's simple and accurate. But ASR in Lion no longer allows file-level cloning. This means that block copying is now the only option. Block copying is great, but it requires the unmounting of both disks. This means that cloning a boot drive while booted from that drive is no longer possible in Lion.

This Lion-specific problem has a Lion-specific solution: boot from the Recovery Partition. Despite the fact that Lion's ASR has been inexplicably hobbled, the Recovery Partition is quite full featured and provides many SysAdmin-friendly tools, including a full featured Terminal and ASR command.

Running ASR from the Recovery Partition allows you to unmount and, thus, block copy your boot partition without reaching for an external boot drive or DVD.