DataGuard
PCIe/SATA
WriteProtect feature in PCIe and SATA uses a "dummy write" mechanism. Normally, the host writes data to NAND Flash, but in WriteProtect mode, the controller writes only to the cache buffer. The data is accessible temporarily but lost after a power-off. This ensures the write command completes without errors while keeping NAND Flash unchanged.
The feature connector (1.27mm pitch pin header) enables write protection at power-up or anytime during operation. In WriteProtect mode, the SSD is read-only, preventing data writes. Without the connector, the SSD operates normally.
CFast/CF Card
As the specific design of CFast and CF cards, they include a functional switch for the Write Protection feature. This switch allows the device to be set as write-protected after power-up. When the switch is set to the Write Protect position, the card enables a Write-Bypassing mechanism, dummy write, where write commands are acknowledged and completed without error reporting, but no actual data is written—preserving the original content. In this mode, the card operates as read-only. Conversely, when the switch is set to the normal position, the card functions as usual, allowing both reading and writing of data.
SD Card
Silicon Power Industrial SD card provides two major functions: Security Hidden Partition and Security Write Protect.
- Security Hidden Partition: Some devices operate with restricted access to programs stored on SD cards. Security Hidden Partition provides an effective solution for managing such requirements.
- Security Write Protect: As a convenient storage device, an SD card may require data protection to prevent unauthorized modifications. The Security Write Protect feature offers a reliable solution for managing this requirement.
2. QuickErase
QuickErase for SSDs is a rapid data-erasure method that ensures deleted data cannot be recovered, making it an essential feature for secure data management. Unlike traditional hard drives, which store data on magnetic disks, SP Industrial SSDs utilize flash memory chips and employ specialized algorithms for data management and access. QuickErase guarantees the complete and irreversible deletion of all stored data, including data in locations that may be hidden or inaccessible through standard file deletion methods. This provides robust protection against advanced recovery techniques and ensures data privacy.
There are four different techniques for sanitizing an entire SSD:
1.1 Built-in sanitize commands
Most modern drives include built-in sanitize commands that instruct the firmware to perform a thorough data erasure process. Traditionally, security commands specify an "erase unit" operation, which overwrites all accessible areas with zeros or ones. Additionally, an "erase unit enhance" command allows manufacturers to define a specific data pattern, such as a 1MB file filled with 0x55. As part of the sanitization standards, a "block erase" command is designed to erase all memory blocks containing user data, including those that are typically inaccessible. Industrial SSDs adhere to these standards, enabling efficient sanitization through high-speed, multi-block erasure. For instance, a 1TB or 512GB pSLC SSD can be fully sanitized in approximately 10 seconds when triggered via a feature connector, initiating a 4-way simultaneous block erase process across the entire drive.
1.2 Repeatedly writing over the drive
The second method for sanitizing a drive involves using standard input/output (I/O) commands to overwrite each logical block address (LBA) multiple times. Repeatedly overwriting the entire drive with different patterns is a fundamental approach in many disk sanitization standards and tools. Most of these standards specify sequential overwrites using patterns ranging from 1 to 35 bits. A notable example is the U.S. Air Force System Instruction 5020, which first fills the drive with zeros, then ones, and finally a random character. The data is then read back to verify that only the random character remains. Using varied bit patterns helps toggle as many physical bits as possible, making data recovery through analog methods significantly more difficult.
However, due to the complexity of SSD firmware translation layers, the effectiveness of this technique can be influenced by how the drive was used prior to overwriting. In our tests, we wrote the initial data pass either sequentially or randomly before performing 20 sequential overwrites. For the random writes, each LBA was written only once in a random order.
1.3 Leveraging encryption
SP Industrial SSDs feature self-encrypting drives (SEDs) equipped with an AES-256 encryption engine, ensuring robust hardware-based data protection without compromising performance. These drives adhere to the TCG Opal standard for trusted computing. While encryption is always active, the encryption keys remain unmanaged until security features from TCG Opal or ATA are enabled. Deleting the encryption key effectively renders the data inaccessible, as it removes the key required for decryption. This makes wiping the drive a fast and secure method for permanently erasing all data.
1.4 Electrically destroying the drive via a high voltage generator
Degaussing is a fast and effective method for destroying hard drives by erasing their low-level formatting and damaging the motor, thereby eliminating all stored data. However, unlike hard drives, solid-state drives (SSDs) do not rely on magnetism to store data, so degaussing has no direct effect on erasing flash memory cells.
An alternative approach would be to design an SSD with a high-voltage generator and controller capable of physically destroying the NAND flash chips. However, this is not a standard design for SSDs. SP Industrial’s industrial-grade SSDs feature a built-in power management unit, ensuring more stable power delivery compared to discrete circuits. They also provide comprehensive protection against overvoltage, overcurrent, surges, and short circuits, offering greater safety than traditional fuse-based designs. As a result, using high voltage to erase an entire SSD is neither practical nor recommended.
.......
If you are interested in this content, feel free to click the download button on the left.
