Welcome to our peer-to-peer forums, where owners help owners. Need help now? Visit eSupport here.

English Community

ThinkPad NotebooksThinkPad: P and W Series Mobile Workstations
All Forum Topics

33 Posts


United States of America

135 Signins

1291 Page Views

  • Posts: 33
  • Registered: ‎01-02-2014
  • Location: United States of America
  • Views: 1291
  • Message 1 of 2

Drive Erase Utility for the Resetting the Cryptographic Key and the Erasing the Solid State Drive

2014-01-17, 4:52 AM



Knowing a little about the ATA Security command set, SED SSDs, etc., I would like some clarification on what, exactly, the two functions (1 - Normal Erase and 2- Resetting the Cryptographic Key) do.


The standard ATA Security commands are "SECURITY ERASE UNIT" and "ENHANCED SECURITY ERASE UNIT". Both can be used, if supported, via specialty utilities such as the DOS-based HDDErase, recent releases of linux-based Partition Magic, etc. Most drives report the same amount of time required to execute each one, if available, and the time is generally scaled to drive size for HDDs (sometimes > 2 hrs for large drives) but is reported as a pretty standard 2 minutes for SSDs (though running usually takes less time than that on SSDs).


My question:


When I boot the utility on my W520 and choose option #1 from the lenovo utility that sets up the BIOS function on reboot, only item #1 indicated it will take two minutes and \item #1 takes at least 20 second or more. Pretty good evidence that item #1 is a SECURE ERASE UNIT call.


Item #2, "Resetting the Cryptographic Key", however, takes < 5 seconds. This indicates to me that it may not actually be a call to "ENHANCED SECURITY ERASE UNIT", but some other call.


Alternately, it might be "ENHANCED SECURITY ERASE UNIT" and the drives (different models) aren't being up front about the time it takes to do this.


Any ideas from folks experienced in this area or from Lenovo reps?







9 Posts


United States of America

6 Signins

26 Page Views

  • Posts: 9
  • Registered: ‎12-12-2016
  • Location: United States of America
  • Views: 26
  • Message 2 of 2

Re:Drive Erase Utility for the Resetting the Cryptographic Key and the Erasing the Solid State Drive

2020-10-21, 0:38 AM

I wish you had a solid answer for this: I'd like some assurance that I am correct in what I am writing...
The way I understand it, a self-encrypting drive is always encrypted, but if you don't turn on the disk password, it metaphorically leaves the key in the lock.
Resetting the crypto key should be the secure erase option and should be faster than the normal erase: an encrypted SSD without a key is an SSD with essentially a random wipe. Whereas a normal wipe would involve actually changing the data on the disk. Because it is an SSD, normal multipass wiping methods that take forever are irrelevant.
In summary: Choose option 2. It is faster & more secure.

Forum Home

Community Guidelines

Please review our Guidelines before posting.

Learn More

Check out current deals!

Go Shop





No, I don’t want to share ideas Yes, I agree to these terms

Most Liked Authors

(Last 7 days)

View All