none
Sanitize bitlocker-enabled SSD disk RRS feed

  • Question

  • Hi, since sanitizing SSD disks is a bit more tricky than magnetic ones, I kindly need help in the following scenario:

    - I have a win10 laptop with bitlocker enabled and pin as pre-boot authentication method. It has TPM too.
    - I need to sanitize the drive and NIST suggests crypto-erase is the solution.

    What can I do to be PERFECTLY sure that old encryption key and data (even if the user has the recovery key) are lost forever ?

    Is format, remove bitlocker, format, re-encrypt with bitlocker enough ? Does TPM generate a new key or it will use the old one ?

    What is your suggestion ?

    Any help appreciated

    Wednesday, August 16, 2017 2:30 PM

All replies

  • In my opinion, as you said, format, remove Bitlocker, format, re-encrypt with Bitlocker is enough, I don’t think data recovery organization can recover data after these steps.

    But, if you still feel worried, I suggest to use another security software to encrypt again, such as Symantec. After encryption, execute a low level format by some disk tool, it should be the most perfect method to Sanitize disk.

    Finally, about your concern in last paragraph, TPM will generate a new key, old key doesn’t work anymore.

    Regards

     


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Thursday, August 17, 2017 2:04 AM
    Moderator
  • SSDs offer tools to securely erase them - that is a fast solution and safe as well.

    If your SSD brand does not offer that (Samsung and intel will offer such tools), just remove the recovery key and then format the drive. You will have to setup another protector (like for example a long password) before you remove the recovery key protector.

    Monday, August 28, 2017 7:54 PM