Parted Magic Secure Erase
ATA, NVMe, SCSI, and eMMC/SD Drive Secure Erase Utility
Parted Magic Secure Erase is a hardware-driven secure erase and data sanitization utility that irreversibly destroys all data on ATA, NVMe, SAS/SCSI, and eMMC/SD storage. As a result, IT asset disposal shops, data-center operators, and security teams can retire drives with full NIST SP 800-88r2 Purge-level assurance and a signed PDF certificate for every drive. To get started, download Parted Magic and boot from a USB stick.
Secure Erase Overview
The Erase utility permanently destroys all data on ATA (SATA), NVMe, SCSI (SAS), and eMMC/SD drives using the drive’s built-in hardware erase command. Unlike software-based wiping tools, hardware erase instructs the drive’s own controller to wipe every storage cell — including remapped sectors and areas the operating system cannot see — so recovery becomes impossible even with forensic equipment.
Sanitization levels follow NIST SP 800-88r2 (September 2025). In addition, technology-specific sanitization techniques conform to IEEE 2883.
The utility supports eight erase paths, and it selects one automatically based on each drive’s capabilities:
| Erase Path | Description |
|---|---|
| ATA Sanitize | Drives supporting hdparm --sanitize-block-erase. Most modern SATA SSDs and HDDs. Preferred method. |
| ATA Secure Erase | Fallback for drives without Sanitize support. Uses hdparm --security-erase (standard) or --security-erase-enhanced (Enhanced Secure Erase) where supported. |
| NVMe Sanitize | NVMe drives with Sanitize capability (sanicap bit 1). Uses nvme sanitize --sanact=2 (Block Erase). |
| NVMe Format | Fallback for NVMe drives without Sanitize support. Uses nvme format --ses=2 (User Data Erase). |
| SCSI Sanitize | SAS/SCSI drives supporting the SCSI Sanitize command. Uses sg_sanitize --block (Block Erase). |
| SCSI Format | Fallback for SAS/SCSI drives without Sanitize support. Uses sg_format --format (Format Unit). |
| eMMC / SD Erase | eMMC and SD cards detected as /dev/mmcblkN. Uses mmc erase for hardware secure erase. If a card does not support hardware erase, the utility falls back to Block Wipe automatically. |
| Block Wipe | Software fallback for drives with no hardware erase command — including USB flash drives, legacy drives, and SD cards without erase support. Uses dd. Meets NIST SP 800-88r2 Clear (standard write interface). Note that this method may take many hours on large drives. |
Hidden Area Coverage (HPA / DCO)
ATA drives can reserve sectors that the operating system cannot see using two mechanisms: Host Protected Area (HPA) and Device Configuration Overlay (DCO). As a result, these hidden areas may still contain data that persists through a normal format or partition delete.
Fortunately, the ATA Sanitize and ATA Secure Erase commands — both defined in the ACS specification — operate on the entire media at the firmware level, which includes HPA, DCO, remapped sectors, and overprovisioned flash. Therefore, the utility requires no userspace reset; the drive controller handles full-media coverage internally.
However, Block Wipe writes through the standard block device (/dev/sdX) and can only reach sectors the operating system can see. Consequently, when a drive has HPA or DCO configured, those hidden sectors remain untouched. For this reason, NIST SP 800-88r2 classifies Block Wipe as Clear rather than Purge.
If you still need to handle HPA manually, Parted Magic ships hdparm, which can detect and reset HPA from the command line:
# Check for HPA (compare "native max" vs "accessible" sectors):
hdparm -N /dev/sdX
# Reset HPA to expose all sectors (replace MAX with the native max value):
hdparm -N pMAX /dev/sdXFor most users, however, ATA Sanitize or ATA Secure Erase is the recommended approach — the drive firmware covers HPA and DCO automatically, so no manual steps are required.
⚠ Warning — Data Loss
THIS OPERATION IS PERMANENT AND CANNOT BE UNDONE.
Once the erase process has started, however, nothing can stop or reverse it. The utility will completely and unrecoverably destroy all data on the selected drives. Therefore, make sure you have selected the correct drives before confirming.
Moreover, do not power off, reboot, or put the computer to sleep while an erase operation is in progress.
Step 1 — Drive Selection
The utility detects drives automatically at launch and groups them by erase type. However, by default, the utility selects no drives — you must explicitly check each drive you want to erase. In TUI mode, for example, press a to select all eligible drives, or alternatively use --select on the command line to pre-select specific drives.
Secure Erase Drive Groups
| Group | Contents |
|---|---|
| ATA Drives | ATA Sanitize drives and ATA Secure Erase drives. FROZEN drives appear here but remain unselectable until you unfreeze them (see Sleep below). |
| NVMe Drives | NVMe Sanitize and NVMe Format drives. |
| eMMC / SD Drives | eMMC and SD cards (/dev/mmcblkN) that support hardware secure erase via the mmc tool. If a card lacks hardware erase support, it appears in Block Wipe instead. |
| Block Wipe | Hidden by default. To reveal drives with no hardware erase support, click “Show Block Wipe” in the Options bar. This section only appears when the utility detects such drives. Click “Hide Block Wipe” to collapse it again. |
Each drive card shows the device path, model name, capacity, and erase-method badge. For more detail, hover over any card to see the full serial number, NIST level, and exact erase command the utility will use.
Secure Erase Badge Colors
| Badge | Color | Meaning |
|---|---|---|
| ATA SANITIZE | Blue | ATA Sanitize Block Erase |
| SECURE ERASE | Green | ATA Security Erase |
| ADV SECURE ERASE | Green | ATA Enhanced Security Erase |
| NVME SANITIZE | Purple | NVMe Sanitize Block Erase |
| NVME FORMAT | Orange | NVMe Format (fallback) |
| MMC ERASE | Cyan | eMMC/SD hardware secure erase |
| SCSI SANITIZE | Green | SAS/SCSI Sanitize Block Erase |
| SCSI FORMAT | Light Green | SAS/SCSI Format Unit fallback |
| PSID REVERT | Magenta | Locked SED — PSID revert |
| BLOCK WIPE | Violet | Software wipe (dd) |
| BOOT DRIVE | Red | System drive, cannot be erased |
| MOUNTED | Yellow | Drive has mounted partitions |
| FROZEN | Red | Drive is frozen; must unfreeze |
| HDD / SSD | Grey | Drive media type |
Block Wipe Methods
In normal mode, Block Wipe cards include a method dropdown so you can select how the utility wipes the drive. However, NIST Purge mode locks the method to 3-pass dd (zeros/random/zeros), so the dropdown does not appear.
| Method | Passes | Description |
|---|---|---|
| Zero Fill | 1 | All zeros (fast, default) |
| Random Fill | 1 | Pseudorandom data |
| RCMP TSSIT OPS-II | 8 | Alternating passes — RCMP standard |
| DoD Short (3-pass) | 3 | Zeros, random, zeros |
| DoD 5220.22-M | 7 | DoD 5220.22-M standard |
| Gutmann | 35 | Gutmann method (very slow) |
| PRNG Stream | 1 | Isaac PRNG stream |
Note: NIST SP 800-88r2 §3.1.1 confirms that a single-pass overwrite suffices for Clear. Multi-pass schemes such as DoD 5220.22-M and Gutmann provide no additional assurance on modern media — in fact, DoD removed overwriting specs from NISPOM in 2006. Furthermore, Gutmann originally targeted 1990s magnetic media. Consequently, if you select Gutmann for an SSD or eMMC drive, the utility triggers a caution notice because the method offers no security benefit over a single-pass wipe on flash storage.
Asset Tags
Each drive card shows a small “Asset Tag” field below it. Specifically, you enter the IT asset tag, barcode, or inventory number for each individual drive. As a result, the utility prints asset tags in each drive’s record block on its certificate. However, the utility stores them in state for the session only (not persisted across launches).
Secure Erase Options
| Option | Description |
|---|---|
| Verify after erase | Runs post-erase read-back verification on all erased drives. Uses Disk Verifier if installed; otherwise, runs an internal read-back check. Always enabled in NIST Purge mode. |
| Auto Start / Auto Close | (Disk Verifier only) Starts and closes Disk Verifier automatically without prompting. |
| Sample | Percentage of each drive to verify (10%–100%). At 100%, the utility reads every sector. Default: 100%. |
| Show / Hide Block Wipe | Toggles the Block Wipe drive section. Only appears in the Options bar when block-wipe drives are present. |
| Email log to | If you enter an email address, the utility emails all log files and certificates on completion via mailx. It also saves the address to ~/.config/email and pre-fills it on relaunch. |
Secure Erase Action Bar — Row 1: Compliance and Workflow
| Button | Description |
|---|---|
| NIST SP 800-88r2 (Purge) | Toggles NIST SP 800-88r2 Purge compliance mode. When active, verification is forced on, block wipe uses fixed 3-pass dd, and all certificates record “Purge” as the standard. In addition, enabling NIST mode automatically disables DoD mode. Persists via /tmp/nist_purge_mode. |
| DoD 5220.22-M | Toggles DoD 5220.22-M certificate compliance mode. Certificates then record “DoD 5220.22-M” as the sanitization standard. However, this is a certificate annotation only — it does not change which erase commands run. In addition, enabling DoD mode automatically disables NIST mode. Persists via /tmp/dod_mode. |
| Certificate Info… | Opens a popover where you enter organization name, location, phone, work order, media destination, data backup status, and chain-of-custody names/titles (technician, validator, witness). The utility saves all values to ~/.config/cert_info.json. |
| Destroy… | Opens the Physical Destruction workflow (see Physical Destruction Logging below). |
| Continue | Advances to the Confirmation screen. Also saves all preferences to ~/.config/cert_info.json. |
Action Bar — Row 2: Utility and Notifications
| Button | Description |
|---|---|
| Sleep | Suspends the computer to RAM for ~5 seconds and restarts the app. Use this to unfreeze ATA drives, because most drives unfreeze automatically on power cycle. |
| Re-detect Drives | Re-runs drive detection without restarting the app. In addition, the utility automatically deselects previously selected drives that are no longer present. |
| Help | Opens the built-in manual. |
| [Light] / [Dark] | Toggles between dark and light theme. |
| Sound | Plays a completion chime when all drives finish erasing. |
| Summary Popup | Shows a pass/fail summary dialog on completion. |
| Test | Previews the success chime. |
| Quit | Saves all preferences and exits the application. |
Step 2 — Confirmation
This screen lists every drive scheduled for erase along with its serial number, capacity, erase method, and compliance level. Review the list carefully before proceeding.
SMART Health Gate
As soon as the confirmation screen opens, a SMART health check runs in the background on all selected drives (smartctl -H and -A). Specifically, the check covers two independent conditions:
Health Failures
However, if any drive reports SMART FAILED, a red danger box lists the affected drives. In addition, a second override checkbox appears: “I understand these drives are failing — proceed anyway and attempt erase.” As a result, the Start Erase button remains locked until you check both the consent checkbox and the SMART override checkbox.
Drive Temperature
Specifically, the utility reads temperature from SMART attribute 190/194 (ATA/SCSI) or the NVMe Temperature field:
| Threshold | Severity | Behavior |
|---|---|---|
| ≥ 50 °C | Amber advisory | Shown but does not block erase. Improving airflow is recommended. |
| ≥ 60 °C | Red danger — CRITICAL | You must check a second override checkbox before Start Erase becomes active, because erasing at extreme temperatures risks firmware damage and incomplete data destruction. |
The utility records the temperature at time of erase in the log (TEMP: field) and prints it on each drive’s certificate.
Consent Checkbox
Before Start Erase becomes active, you must check the consent checkbox: “I understand that all data on the selected drives will be permanently and irreversibly destroyed.”
The confirmation screen has three buttons: Back (returns to drive selection without erasing), Quit (exits the application), and Start Erase (begins the erase operation on all selected drives in parallel).
Step 3 — Secure Erase Progress
Furthermore, a per-drive status card appears for every drive the utility is erasing. All drives erase in parallel regardless of erase type — ATA, NVMe, SCSI, eMMC, and Block Wipe drives all start simultaneously. In addition, the progress bar and status message update in real time.
| Status | Meaning |
|---|---|
| Spinning / Erasing… | Drive erase is in progress |
| ✓ Done | Drive erased successfully |
| ✗ Failed | Erase command returned an error |
Throughout the wipe, block wipe cards show live progress: current completion percentage, estimated time remaining, and current pass description (for example, “pass 2/3 — random”). The utility calculates ETA from the current write rate and suppresses it for the first second of each pass while the rate stabilizes.
If you enabled verification, the window switches to verification mode once all erases complete. The utility uses Disk Verifier if installed at /usr/share/diskverifier; otherwise, it runs an internal read-back check.
Step 4 — Secure Erase Results
This screen shows the final erase result (Successfully Erased or Erase Failed) for every drive, followed by log file paths and certificate paths.
Secure Erase Log Files
The utility always generates three log files:
| Log File | Contents |
|---|---|
Advanced Log (*-Advanced.txt) | Full erase session log with drive identity data (hdparm -I / nvme id-ctrl / mmc extcsd read), erase results, smartctl output, and an MD5 checksum at the end. In addition, block wipe and eMMC drives include their full tool output. |
Basic Log (*-Basic.txt) | Summary log with erase results and the MD5 checksum of the Advanced Log. |
CSV Log (*-Basic.csv) | Spreadsheet-compatible summary with one row per drive: model, serial, capacity, OS, software, finish time, MD5, result, verification, method. |
Secure Erase Certificates
The utility generates one PDF certificate per erased drive, named <dev>-Erase-Certificate-<timestamp>.pdf. Each certificate contains:
- Organization name, location, and phone
- Host system information (from
dmidecode) - Sanitization session timestamps and compliance standard
- Drive record: serial, capacity, media type, operational status, sanitization method (Clear/Purge/Destroy), sanitization technique, NIST/DoD level, verification result
- Media destination and data backup status
- Log file paths and MD5 integrity checksum
- Attestation statement referencing the active standard (NIST SP 800-88r2 or DoD 5220.22-M)
Chain-of-Custody Signature Block
The certificate also includes two signature rows:
| Row | Fields |
|---|---|
| Row 1 | Technician | Validator |
| Row 2 | Witness | Date |
If you entered names and titles in Certificate Info, they pre-print on the signature lines. Otherwise, blank entries leave underscore lines for handwritten signatures. In addition, the witness row supports formal chain-of-custody requirements where a third party observes and countersigns the sanitization.
Secure Erase Save Options
By default, the utility saves all files to /home/partedmagic/. To copy files to an external location, expand “Save Options”:
| Format | Description |
|---|---|
| Uncompressed | Copies all files as-is |
| Gzip (.gz) | Compresses each file with gzip before copying |
| Zip (.zip) | Wraps each file in a zip archive before copying |
Next, use Browse… to select the destination directory, or alternatively click Mount to launch Parted Magic Mount and mount an external drive first. The results screen also provides View Log (opens logs in leafpad), View Certificate (opens PDFs in LibreOffice), and Save & Close (copies selected files to the save directory and exits). If you also need full-disk imaging, see Parted Magic Clonezilla.
Finally, if you entered an email address on the selection screen, the utility automatically emails all logs and certificates on completion.
Secure Erase Compliance and Standards
Sanitization levels follow NIST SP 800-88r2 (September 2025). In addition, technology-specific sanitization techniques conform to IEEE 2883.
| Erase Method | NIST SP 800-88r2 Level |
|---|---|
| ATA Sanitize (SSD) | Purge |
| ATA Sanitize (HDD) | Purge |
| ATA Secure Erase (SSD) | Purge |
| ATA Secure Erase (HDD) | Purge |
| ATA Enhanced Secure Erase | Purge (crypto-erase) |
| NVMe Sanitize | Purge |
| NVMe Format -s2 | Purge (fallback) |
| eMMC Secure Erase | Purge |
| SCSI Sanitize (SSD) | Purge |
| SCSI Sanitize (HDD) | Purge |
| SCSI Format Unit (SSD) | Purge |
| SCSI Format Unit (HDD) | Purge |
| PSID Revert + re-erase | Inherits level of the post-unlock erase method |
| Block Wipe (any method) | Clear |
Under r2, all dedicated device sanitize commands (ATA Sanitize, ATA Secure Erase, NVMe Sanitize/Format, SCSI Sanitize/Format, eMMC Secure Erase) qualify as Purge regardless of media type, because they bypass the standard read/write interface and address all storage areas including overprovisioning and remapped sectors. In contrast, only software block wipe via standard write commands (dd) falls under Clear.
When DoD 5220.22-M mode is active, all certificate fields reference DoD 5220.22-M regardless of erase method used. However, the erase commands themselves do not change — DoD mode affects certificate output only. In addition, certificate fields conform to the NIST SP 800-88r2 Appendix C sample Certificate of Sanitization form.
Physical Destruction Logging
To open the Physical Destruction workflow, click Destroy… on the drive selection screen. No erase runs here — this workflow only logs that the drives underwent physical destruction and generates a signed certificate for your records.
When to Use This
Use physical destruction logging when someone will shred, degauss, incinerate, or otherwise destroy the drives rather than erase them. NIST SP 800-88r2 classifies physical destruction as the “Destroy” sanitization method (Section 3.1.3), which applies when no one will reuse the media.
Destruction Methods
- Shredding — Industrial cross-cut or granular shredder
- Degaussing — Electromagnetic field erasure (tape / HDD)
- Disintegration — Granulator / disintegrator
- Incineration — High-temperature combustion
- Crushing / Bending — Hydraulic press or manual bending
- Drilling / Punching — Physical perforation of platters/chips
- Degaussing + Shredding — Combined (highest assurance for HDDs)
- Other — Free-text notes field available
Session Fields
| Field | Description |
|---|---|
| Date of Destruction | Date the destruction was carried out |
| Contractor / Facility | Name of the destruction facility or vendor |
| Contractor Ref # | Manifest or job reference from contractor |
| Authorized By | Name of person authorizing destruction |
| Witness | Independent witness to the destruction |
| Work Order | Links the certificate to a broader asset disposal job |
Drive Fields (per drive)
Each drive row includes: device node (pre-filled from detected drives, editable), model, serial number, capacity, asset tag (pre-filled from selection screen if set), and notes. The utility pre-populates detected drives automatically. In addition, click + Add Drive Manually to add drives that are not currently attached — for example, already-destroyed drives you are documenting retroactively.
Physical Destruction Certificate
The generated PDF uses a distinct deep-red header to distinguish it from sanitization certificates. It includes organization and contractor information, per-drive record with serial number and destruction method, NIST SP 800-88r2 Destroy disposition attestation, authorized-by and witness signature lines, and also a QR code encoding key certificate fields for verification. The utility saves the certificate as Physical-Destruction-Certificate-YYYY-MM-DD-HHMM.pdf.
Dark / Light Theme
To toggle between themes at any time, click [Light] or [Dark] in the action bar of the drive selection screen. The change takes effect immediately across all open windows without restarting. In addition, the utility saves the selected theme to ~/.config/cert_info.json and restores it automatically on the next launch.
Both themes are fully self-contained — the utility uses no system GTK theme, Adwaita, or external stylesheet. Instead, the app defines every color internally, so the appearance stays consistent regardless of the desktop environment or GTK settings.
Dark (default)
Deep navy/charcoal backgrounds with blue accent (#2a7fff). Optimized for low-light environments and data-center work.
Light
Clean white/light-grey backgrounds with the same blue accent. Better legibility under bright fluorescent lighting or when capturing screenshots for reports.
Sound and Notification on Completion
Two optional alerts fire automatically when all drives finish erasing. You will find the checkboxes in the bottom action bar of the drive selection screen.
Sound on Completion
The utility plays a synthesized two-note chime via ffplay. No audio files are required because the utility generates tones in real time.
| Outcome | Sound |
|---|---|
| Success (all drives passed) | Rising chime — 880 Hz → 1320 Hz |
| Failure (any drive failed) | Falling tone — 440 Hz → 220 Hz |
To preview the success chime before erasing, click Test next to the checkbox. However, if ffplay is not installed, the utility silently skips this option. In addition, sound also plays in --tui mode.
Summary Popup
A small non-blocking dialog appears over the results window, listing the pass/fail status of every erased drive. The popup appears about 350 ms after the results window opens, and you can dismiss it independently without closing the main window. Both options default to off and persist across sessions via ~/.config/cert_info.json.
Secure Erase Command-Line Options
Secure Erase Modes
| Flag | Description |
|---|---|
(default) | GUI mode — full GTK3 windowed interface. |
--tui | Terminal UI (curses) — no X11 or GTK required. Provides an interactive Select → Confirm → Erase → Results flow entirely in the terminal. Exit code 0 = all drives succeeded; exit code 1 = one or more drives failed. |
Drive Selection
| Flag | Description |
|---|---|
--select sda,sdb | Pre-selects the named drives for erase. Names can include or omit the /dev/ prefix. You can still toggle other drives interactively. |
--list | Prints all detected drives and their erase methods, then exits (no erase performed). |
--check-deps | Verifies that all required external programs and Python packages are installed, then exits. Prints OK or MISSING for each dependency. Exit code 0 = all required deps present; 1 = one or more missing. |
Erase Options
| Flag | Description |
|---|---|
--nist | NIST SP 800-88r2 Purge mode (same as the NIST toggle). |
--dod | DoD 5220.22-M certificate annotation. |
--verify PCT | Post-erase verification: 10, 25, 50, or 100 percent. |
--method KEY | Block wipe method for all block-wipe drives. Keys: zero, random, ops2, dod_short, dod, gutmann, prng. Default: zero. |
--work-order WO | Work order number embedded in every certificate. |
--log-dir DIR | Writes logs and certificates to DIR instead of ~/. |
Certificate Options
| Flag | Description |
|---|---|
--org-name NAME | Organization name for certificates. |
--org-location LOC | Organization location (city / facility). |
--org-phone PHONE | Organization phone number. |
--technician NAME | Technician name for signature block. |
--technician-title T | Technician title for signature block. |
--email ADDR | Email address the utility records on the certificate and also uses to send log files via mailx on completion. |
PSID Unlock
To supply PSID codes for locked SED drives, use --psid-code DEV:CODE[,DEV:CODE…]. You will find the 32-character code printed on the drive label. The utility pre-selects and unlocks drives listed here for erase. However, without --psid-code, PSID-locked drives appear as frozen and remain unselectable.
Secure Erase Examples
# List all detected drives without erasing:
erase --list
# TUI — interactive terminal drive selection and erase:
erase --tui
# TUI — pre-select drives, NIST Purge, verify 100%, log to USB:
erase --tui --nist --verify 100 \
--select sda,sdb --log-dir /mnt/usb/logs --work-order WO-2024-0042
# TUI — DoD mode, full cert info, email results:
erase --tui --dod \
--work-order WO-2024-0042 \
--org-name "Acme Corp" --org-location "New York, NY" \
--technician "Jane Doe" --technician-title "IT Specialist" \
--email reports@acme.com --log-dir /mnt/usb/logs
# TUI — block wipe with Gutmann method:
erase --tui --select sda --method gutmann
# TUI — unlock and erase a PSID-locked SED:
erase --tui \
--psid-code sda:12345678901234567890123456789012Secure Erase Notes
- The utility always excludes boot/system drives regardless of
--select. - The utility never auto-selects PSID-locked drives; instead, use
--psid-codeto include them. - CLI options (
--org-name,--technician, and so on) override values saved in~/.config/cert_info.jsonfor the current run only.
Saved Files and Configuration
| Path | Purpose |
|---|---|
~/.config/email | Last-used email address |
~/.config/cert_info.json | Organization and chain-of-custody info, theme, sound/popup preferences, and block wipe method selections |
/tmp/nist_purge_mode | Presence enables NIST Purge mode |
/tmp/dod_mode | Presence enables DoD 5220.22-M mode |
/tmp/pmagic_gtk3_erase.lock | Single-instance lock (PID) |
By default, the utility writes log and certificate files to /home/partedmagic/. However, you can override this with --log-dir.
Secure Erase Troubleshooting
If you hit a problem not covered below, also see the Parted Magic support page.
Drive Detection Issues
| Problem | Solution |
|---|---|
| Drive not listed | The drive may be in RAID mode in BIOS/UEFI (change to AHCI), or fully encrypted (use PSID Revert — the drive will then appear in the “Locked Drives” section). In addition, click Re-detect Drives after connecting a drive without rebooting. |
| Drive shows BOOT DRIVE | The drive contains the running OS, so the utility protects it from selection automatically. Therefore, boot from a different device (for example, a Parted Magic USB) if you need to erase it. |
| Drive shows MOUNTED | One or more partitions on this drive are currently mounted. You can still select the drive, but the confirmation screen will show a warning. Therefore, unmount partitions before erasing where possible. |
| USB drive not listed | USB drives appear in the Block Wipe section. To reveal them, click “Show Block Wipe” in the Options bar. |
| eMMC not listed | The card may not advertise SEC_ERASE_SUPPORT in its extended CSD register, and as a result it appears in Block Wipe instead. In addition, the mmc tool must be installed for hardware erase. |
| Drive shows FROZEN | The BIOS has frozen the drive’s ATA security. Therefore, click Sleep — the utility suspends briefly and restarts. Most drives unfreeze on power cycle. |
Erase Operation Issues
| Problem | Solution |
|---|---|
| SMART gate blocking Start Erase | One or more selected drives failed the SMART health check. Check the red warning box on the confirmation screen. Then either tick the override checkbox to proceed, or go Back and deselect the failing drive. |
| Erase Failed | The drive firmware rejected the erase command. For details, check smartctl output in the Advanced Log. The drive may be locked, failing, or unsupported. |
| Certificate not generated | ReportLab is required. Install with: pip install reportlab --break-system-packages |
| Email not sent | You must configure mailx with a working MTA. Therefore, check /etc/mailx.rc or sendmail. |
© 2026 Patrick J. Verner, Waupaca, WI, USA. All rights reserved.