Pricing Features Reviews Affiliates Account
Resources
Blog Update Log Documentation
Support

Nvme Format Secure Erase Better -

NVMe drives operate differently than their SATA predecessors. To properly sanitize them, you need to understand the command.

After the process completes, the drive will report that it is unallocated. You can verify the wipe by attempting to read raw sectors or simply checking the SMART data to ensure the drive reports a clean state.

NVMe status: Security Violation (0x182)

: The controller erases all user data across the NVM subsystem. This typically involves physically resetting the NAND cells. nvme format secure erase

There are generally three levels of secure erase defined by the NVMe specification:

nvme format /dev/nvme0n1 --ses=1 --lbaf=1

This leaves "ghost" data in previously used blocks, creating a security hole. NVMe drives operate differently than their SATA predecessors

When it comes to retiring or repurposing an NVMe drive, old habits die hard. If you are still using tools like DBAN or standard "shred" utilities designed for spinning hard drives (HDDs), you aren't just wasting time—you are potentially shortening the lifespan of your storage.

For absolute forensic-proof erase (including metadata, caches, and possibly overprovisioning area), NVMe also has a command ( nvme sanitize ), which is more thorough than format secure erase — but takes longer.

In NVMe, the command (opcode 0x80 ) is the primary way to perform a secure erase — but it’s not identical to ATA Secure Erase. You can verify the wipe by attempting to

nvme id-ctrl /dev/nvme0 -H | grep -i "crypto"

This command tells the drive’s own controller to erase the data. Because the controller is the authority on where data lives (due to wear-leveling and over-provisioning), it is the only entity capable of guaranteeing a complete wipe.

Traditional wiping tools work by overwriting every sector of a drive with zeros or random data. This was effective for HDDs because the data was written magnetically to a specific physical location.

| SES Value | Name | Effect | |-----------|------|--------| | 0 | No secure erase | Just change LBA format, keep data | | 1 | User Data Erase | All user-accessible LBAs set to a vendor-defined pattern (usually all zeroes) | | 2 | Cryptographic Erase | Change the media encryption key → all previously written data becomes permanently undecryptable |