With the update to OS X El Capitan, Apple has rewritten Disk Utility. The pre-10.11 Disk Utility used to have an option to securely erase a disk – a feature I needed because I plan to throw a faulty disk away.
Now, Apple still documents the option in KB article PH22241, but has implemented code that hides the “Security Options” button in certain situations. Unfortunately, they did not document which conditions need to be fulfilled for the button to be shown, which leads to the situation that I do not see it on any of my disks. My guess would be that the option is not available for encrypted disks, but since I do not have any unencrypted drives I cannot verify that assumption.
Why would you wipe an encrypted disk?
For an encrypted volume, wiping the header that contains the master encryption key should be enough to ensure that no data can be recovered. Conveniently, Apple does not provide an option to wipe the volume’s encryption header and documentation on Apple’s CoreStorage format it scarce, which means I don’t know where the header actually is. So a full wipe it is.
Luckily just because the GUI does not support the feature anymore does not mean that it cannot be
diskutil command line tool still has a
secureErase option that supports overwriting
entire volumes. Because I was doing this with CoreStorage volumes, I first had to delete that volume
secureErase would unmount the physical disk below:
1 2 3 4 5 6
Once the logical volume was gone, I was able to start the wipe with
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18
I did a little research that suggests that a single wipe is sufficient to prevent data recovery on modern disks, so the DoD 7-pass I used might seem like overdoing it, but since I’m throwing the disk out because it was causing write errors I am also using this as a last benchmark to see if it would trash the disk completely.