BitRaser^® Knowledge Base

How to Erase Self Encrypting Drives?

Published On Feb 27, 2024

In this KB, we will share step-by-step instructions on how to erase SED or Self-Encrypting Drive using BitRaser Drive Eraser software.

Self-Encrypting Drive (SED) is a hard disk or solid-state drive that automatically encrypts and decrypts the drive data. SEDs don’t require any manual intervention, nor do they need any encryption software. These drives are encrypted at the hardware level, making them more efficient and reliable than software-based encrypted drives. SEDs are extensively used by industries that handle sensitive data, like defense, healthcare, finance, and government organizations. Most SEDs use the Advanced Encryption Standard (AES), developed by the National Institute of Standards and Technology (NIST). Some SEDs may also use FIPS 140-2 standards or the Trusting Computing Group Opal 2.0 standard. Some of the popular SED models include Kingston Ironkey D300S, diskAshur Pro, Samsung Portable SSD T7 Shield, DataLocker DL4 FE, Aegis Secure Key 3NX Secure Drive, SecureData SecureUSB Duo USB Drive, NGD NVMe SED, Seagate Exos X, MEMKOR M+ Secure.

It is essential to ensure that self-encrypted drives are wiped efficiently when they reach end-of-life or are disposed of or reallocated. IT administrators, IT asset managers, or technicians must know how to wipe data stored on self-encrypting drives to mitigate data breach risks.

BitRaser Drive Eraser software wipes data from all SEDs using global data erasure standards like NIST. However, to erase SEDs, one must know either the ‘Encryption Key’ or the ‘PSID’ (Physical Security Identification), a unique 32-character string usually printed on the SED label.

Let us see the steps of erasing internal SED using BitRaser Drive Eraser. We have divided this KB into 2 stages to make it easier to understand and navigate:

Stage 1: Download & Create a BitRaser Bootable ISO
Stage 2: Erase SED With BitRaser

Stage 1: Download & Create a BitRaser Bootable ISO

Download the BitRaser Drive Eraser ISO file from the BitRaser Cloud Console. Use the login credentials received in the mail post-purchase to log in to your BitRaser Cloud account. (Refer to Image 1)

Image 1: Download BitRaser Drive Eraser ISO
Insert a USB (Min 2 GB) into your laptop or desktop and download the free utility Rufus. Open Rufus and select your USB from the ‘Device’ section, then select ‘BitRaser ISO’ in ‘Boot Selection’. Click on ‘START’ to create a BitRaser bootable USB. (Refer to Image 2)

Image 2: Select USB and BitRaser ISO, then Click START

Now that you have created a bootable USB shut down your device.

Stage 2: Erase Internal SED with BitRaser

Now restart your laptop/desktop and boot it with BitRaser bootable USB. To access the Boot menu, repeatedly press the F-8 key (The key may vary according to your device manufacturer), select the BitRaser USB, and click ‘enter’. (Refer to Image 3)

Image 3: Select BitRaser Bootable USB in UEFI
The device will boot with BitRaser, and you will see your internal SED listed on the BitRaser main screen. The application will display the connected drive as SED under the ‘Attribute’ section. (Refer to Image 4)

Image 4: BitRaser-Main-Interface-With-Connected-SED
Connect the software to the Internet via settings and selecting the ‘Network’ tab. Internet connectivity is required to connect with the BitRaser Cloud server to download erasure licenses. You can use Ethernet or Wi-Fi. (Refer to Image 5)

Image 5: Connect BitRaser Application to the Internet
Go to the ‘BitRaser Server’ tab. Use the BitRaser Cloud credentials received in the mail post-purchase to log in and access ‘Erasure Licenses’ to wipe SED and save the ‘Erasure Report’ on the cloud. (Refer to Image 6)

Image 6: Connect Application to BitRaser Cloud
Now, select the SED to erase, the erasure method, and the verification type, and then click ‘Erase’. (Refer to Image 7)

Image 7: Select Drive to Wipe, then Click Erase

Note: If your system storage is in RAID configuration, you must convert it to AHCI before beginning the erasure process. This can be done through the BIOS, but the steps vary according to the device manufacturer.

The moment you click the ‘erase’ button, you will asked to enter the ‘Disk Key’ or the ‘PSID’; under the ‘Key/PSID’ section, click twice to enter your SED key or PSID, then click ‘Save’. (Refer to Image 8)

Image 8: Enter PSID, then Click Save
An alert window pops up confirming erasure. Click ‘Yes’ to proceed. (Refer to Image 9)
Image 9: Click Yes in Alert Windows to Erase SED

The application will erase your self-encrypting drive within a few seconds. (Refer to Image 10)

Image 10: BitRaser Erased Self-Encrypting Drive

You can view and download the SED erasure report from your BitRaser Cloud account from any internet-enabled location globally. (Refer to Report)

FAQs

What is a self-encrypting drive (SED)?

Self-Encrypting Drive or SED is a type of HDD or SSD that can automatically encrypt and decrypt drive data without manual intervention or encryption software.

Self-Encrypting Drive or SED is a type of HDD or SSD that can automatically encrypt and decrypt drive data without manual intervention or encryption software.

Yes, you can erase a self-encrypting drive using BitRaser Drive Eraser software. However, you must either know the encryption key or the PSID of the SED.

How do I find the encryption key or the PSID for my SED?

Physical Security Identification is a unique 32-character string usually printed on the SED label.

How long does it take to erase a SED with BitRaser Drive Eraser?

It takes BitRaser Drive Eraser software a few seconds to erase a SED.

BITRASER^® IS AN INNOVATION FROM STELLAR

Stellar Brings to The World Future-Ready Data Solutions

0M⁺

Customers
0⁺

Years of Experience
0⁺

R&D Engineers
0⁺

Countries
0⁺

Partners
0⁺

Awards Received

BITRASER IS AN INNOVATION FROM Stellar Data Care Experts since 1993