How to Safely Wipe Server Drives Before Selling

Data breaches from improperly sanitized storage media cost organizations millions every year. Before any server leaves your control — whether sold, returned from lease, or recycled — every byte of data must be irrecoverably destroyed.

This guide covers the three levels of NIST 800-88 media sanitization and when to use each.

Understanding NIST 800-88 Sanitization Levels

The National Institute of Standards and Technology defines three sanitization levels, each providing increasing assurance that data cannot be recovered.

Clear

Protects against simple data recovery using standard tools. Applies logical techniques (overwriting) to all user-addressable storage locations.

Use when: Equipment stays within your organization or goes to a trusted partner under NDA.

Purge

Protects against laboratory-level data recovery attempts. Uses physical or logical techniques that make data recovery infeasible even with state-of-the-art tools.

Use when: Equipment is sold to unknown third parties — the standard for most resale scenarios.

Destroy

Renders the media physically unable to store data. Disintegration, incineration, melting, or shredding.

Use when: Dealing with classified data, or when media is damaged and can't be reliably purged.

Wiping HDDs (Spinning Disk)

Traditional hard drives are the simplest to securely erase because the magnetic storage medium responds well to overwrite-based methods.

Method: Software Overwrite (Purge Level)

Tools like nwipe (open source, included in ShredOS boot media), DBAN, or Blancco perform multiple-pass overwrites across the entire drive surface.

For Purge-level compliance on HDDs:

# Using nwipe with DoD 5220.22-M method (3 passes)
nwipe --method=dod522022m --verify=all /dev/sda

A single full overwrite pass is technically sufficient per NIST 800-88 for the Purge level, but many compliance frameworks still reference multi-pass standards.

Method: Secure Erase via ATA Command

Modern HDDs support a built-in Secure Erase command that triggers the drive's firmware-level erase:

# Check if Secure Erase is supported
hdparm -I /dev/sda | grep -i erase

# Issue Secure Erase (drive must not be frozen)
hdparm --user-master u --security-set-pass p /dev/sda
hdparm --user-master u --security-erase p /dev/sda

Wiping SSDs and NVMe Drives

Flash-based storage is fundamentally different from spinning disk. SSDs use wear leveling, over-provisioning, and garbage collection — all of which can leave data in areas not accessible through normal write operations.

Traditional multi-pass overwrite is NOT sufficient for SSDs. The drive's flash translation layer (FTL) means overwriting logical sectors doesn't necessarily overwrite all physical NAND cells.

Method: Cryptographic Erase (Preferred for SSDs)

If the drive supports hardware encryption (self-encrypting drives / SEDs), a cryptographic erase destroys the encryption key, rendering all data on the drive cryptographically unrecoverable in seconds.

For NVMe drives:

# NVMe Secure Erase (Crypto Erase)
nvme format /dev/nvme0n1 --ses=2

For SATA SSDs with TCG Opal support:

# Using sedutil for TCG Opal drives
sedutil-cli --PSIDrevert /dev/sda

Method: ATA Secure Erase Enhanced

For SSDs without encryption support, the Enhanced Secure Erase command triggers the drive controller to erase all NAND cells, including over-provisioned areas:

hdparm --user-master u --security-set-pass p /dev/sda
hdparm --user-master u --security-erase-enhanced p /dev/sda

Dell PowerEdge R730xdView current valuations

→

Server-Level Erasure Tools

Most enterprise servers include built-in lifecycle management tools that can perform drive erasure:

Dell PowerEdge

Dell's Lifecycle Controller includes a System Erase feature that can wipe all drives, iDRAC settings, and BIOS configuration. Access it through iDRAC or the F10 boot menu.

HPE ProLiant

HPE's Intelligent Provisioning includes an erase utility. For remote management, iLO can trigger One-button Secure Erase on Gen10 and newer platforms, which erases all drives, firmware settings, and logs.

HPE ProLiant DL380 Gen9View current valuations

→

RAID Arrays

If drives are configured in a RAID array, you have two options:

1. Delete the RAID configuration first, then erase individual drives
2. Erase at the RAID controller level using the controller's management utility

Option 1 is preferred because it allows per-drive verification and generates individual certificates per serial number.

Verification and Documentation

Erasure without verification is incomplete. Every drive must be verified after sanitization.

Verification Methods

• Read-back verification: Read the entire drive after erasure to confirm all sectors return zeros (or the overwrite pattern)
• Sampling verification: Read random samples across the drive surface
• Drive health report: Check SMART data to confirm the erase operation completed

Certificate of Destruction

Generate a certificate for each drive containing:

• Drive serial number and model
• Parent server serial number
• Sanitization method and standard referenced
• Date, time, and duration of erasure
• Verification method and result
• Technician name and signature

Dell EMC PowerStore 500TView current valuations

→

Common Mistakes to Avoid

1. Assuming a "factory reset" erases data — it doesn't. Server factory resets typically only clear BIOS and management settings, not drive contents.

2. Using HDD methods on SSDs — multi-pass overwrite gives false confidence on flash storage. Always use cryptographic erase or vendor-specific secure erase for SSDs.

3. Forgetting RAID controller cache — some RAID controllers have battery-backed write cache that can contain data fragments. Clear the controller cache as part of your process.

4. Skipping NVMe namespaces — NVMe drives can have multiple namespaces. Ensure all namespaces are erased, not just the primary one.

5. Not verifying — an erase command that fails silently is worse than no erase at all, because you think the data is gone.