TECH BRIEF
APRIL 2016
Instant Secure Erase
Instant Secure Erase (ISE) is a new standard feature for HGST HDDs & SSDs. The feature is included
in HGST’s newest capacity and performance enterprise drives: Ultrastar® 7K6000 (6TB/5TB/4TB/2TB),
Ultrastar He10 (10TB/8TB), Ultrastar He8 (8TB/6TB), Ultrastar C15K600 (up to 600GB) and C10K1800 (up
to 1.8TB). It provides several benefits, and is available in both SATA and SAS configurations.
Data Encryption
Drives with the ISE feature allow users to instantly erase the drive
by using industry-standard commands and options. This feature is
beneficial compared to the alternative of overwriting a drive with
new data, which can take hours, especially for higher capacity
hard drives.
HGST offers comprehensive data encryption solutions on both
SATA and SAS drives.
Another benefit of using the new feature is that it can effectively
erase both user accessible data, as well as potentially hidden user
data that the drive maintains, but the user cannot easily access,
such as re-allocated blocks, spare blocks, etc.
• TCG Encryption (TCG) is offered as an option for SAS HDDs
and SSDs.
• Bulk Data Encryption (BDE) is offered as an option for SATA
HDDs.
HGST also offers FIPS 140-2 Level 2 certification, a U.S.
government security standard which includes tamper-evidence
protection, on certain TCG drive models (TCG-FIPS).
Neither Instant Secure Erase (ISE) nor Secure Erase (SE) drive
models provide encryption, but ISE functionality is included on
all BDE, TCG and TCG-FIPS HDDs and SSDs from HGST.
Implementation
Instant Secure Erase is HGST’s implementation of the industry
standard T10/T13 SANITIZE command. The host can determine
if the feature is available in SATA drives by calling Identify Device
to determine if the SANITIZE device feature set is supported,
and what optional features are supported. With SAS drives,
the Sanitize Service Action Codes can be used to determine
features. Refer to the HGST HDD and SSD OEM specification for
specific bit/byte assignments.
The SANITIZE command supports three options:
1. Crypto Scramble (SATA)/ Crypto Erase (SAS)
How Does Instant Secure Erase
Work?
In order to securely erase the data, the drive first creates an
internal cipher key that is used to cryptographically scramble
(or unscramble) the data as it is written to (or read from) the
disk. During normal drive operation, all data is scrambled (or
unscrambled) using that internal key. When the operator uses
Instant Secure Erase to wipe the drive clean, the HDD deletes the
internal key, rendering all user data unreadable.
It is important to note that while Instant Secure Erase uses
cryptographic techniques to securely erase data, it does not offer
data encryption to protect data at rest.
2. Overwrite (for HDDs)
3. Block Erase (for SSDs)
Crypto Scramble/Erase uses cryptographic techniques to
securely erase the drive.
• T13 SATA specification uses the term Crypto Scramble.
• T10 SAS specification uses the term Crypto Erase.
Both features are similar. To simplify things, both are used
interchangeably in this document to describe the same feature.
When the drive is SANITIZED (wiped clean) using the Crypto
Erase option, the HDD deletes the internal key, rendering data
unreadable.
Information & Technical Support
Partners First Program
www.hgst.com
www.hgst.com/support
channelpartners@hgst.com
www.hgst.com/partners
TECH BRIEF
APRIL 2016
Instant Secure Erase
Overwrite is a secondary erasure method for HDDs. It erases
the drive by overwriting existing data with a bit pattern. This
method erases the existing magnetic bits by overwriting them
with new data. The host can provide a specific bit pattern to use
for overwriting.
Block Erase is the secondary erasure method for SSDs. SSDs
can be erased by performing a block erase, which “electrically”
erases each block by using internal SSD functions.
In normal operation, the host can query the device to determine
if SANITIZE is supported, and if so, which of the three options
(Crypto Erase, Overwrite, Block Erase) are supported.
With ISE HDDs, both Crypto Erase and Overwrite are supported.
Block Erase does not apply to HDDs.
With ISE SSDs, both Crypto Erase and Block Erase are
supported. Overwrite does not apply to SSDs.
Secure Erase
Secure Erase (SE) is a subset of Instant Secure Erase, where the
Crypto Erase option has been disabled. Thus, there is no longer
an “instant” option. The SANITIZE command is still supported,
but only with “Overwrite” or “Block Erase” options. The SE
feature provides an advantage over a “manual overwrite” by
ensuring that any current non-accessible user data areas are
also overwritten.
HGST provides Instant Secure Erase (ISE) as a standard feature
in our latest enterprise-class HDD and SSD products. Secure
Erase (SE) drives provide an option for customers who do not
want the Crypto Erase option, but still desire to support the
SANITIZE Feature with Overwrite only (or Block Erase only for
SSDs).
With SE HDDs, Overwrite is supported. With SE SSDs, Block
Erase is supported.
More Information
For more information on the SANITIZE command, please refer to
the OEM Specifications for the specific drive of interest.
OEM Specifications can be found on the Resources tab on our
website for the following products:
Ultrastar He10:
http://www.hgst.com/products/hard-drives/ultrastar-he10
Ultrastar He8:
http://www.hgst.com/products/hard-drives/ultrastar-he8
Ultrastar 7K6000:
http://www.hgst.com/products/hard-drives/ultrastar-7K6000
Ultrastar C15K600:
http://www.hgst.com/products/hard-drives/ultrastar-c15k600
Ultrastar C10K1800:
http://www.hgst.com/products/hard-drives/ultrastar-c10k1800
SATA: See manual sections titled “SANITIZE Device Feature Set”.
This section explains the command parameters as well as the
state machine for various conditions that occur when using the
SANITIZE command. Do not confuse “Instant Secure Erase”
using the SANITIZE command (what we are describing in this
document) with the similarly named “SECURITY ERASE Unit”
which is part of the Security Mode Feature Set found on HGST
SATA HDDs & SSDs.
SAS: See sections titled “SANITIZE (48)”
Industry Standards
The T10/T13 technical committees define the SAS/SATA drive
standards respectively, and the technical committees publish
these specifications. The SANITIZE feature is one of the
commands available within the specification. More information
can be found at the links below:
www.T13.org (SATA)
www.t10.org (SAS)
© 2016 HGST, Inc., 3403 Yerba Buena Road, San Jose, CA 95135 USA, Produced in the United States 08/15, revised 4/16. All rights reserved.
Ultrastar is a registered trademark of Western Digital Corporation and its affiliates in the United States and/or other countries. Other trademarks are the property of their respective owners.
References in this publication to HGST-branded products, programs, or services do not imply that they are intended to be made available in all countries. The information provided does not
constitute a warranty. Information is true as of the date of publication and is subject to change. Actual specifications for unique part numbers may vary. Please visit the Support section of our
website, www.hgst.com/support, for additional information on product specifications. Photographs may show design models.
TB01-EN-US-0815-03
Open as PDF
Similar pages