NIST SP 800-88 ATA Secure Deletion Tool
Enterprise-grade data sanitization tool implementing NIST SP 800-88 Rev. 1 guidelines for ATA devices (SATA HDDs and SSDs).
This tool provides hardware-based secure deletion for ATA devices using native drive commands, addressing limitations of software-only solutions. It implements the three NIST sanitization levels with automatic device capability detection and compliance certificate generation.
- NIST Compliance: Implements CLEAR, PURGE, and DESTROY sanitization levels
- Hardware Commands: Uses ATA SECURITY ERASE UNIT and SANITIZE commands
- Device Detection: Automatic capability detection for optimal sanitization method
- Audit Trail: Generates NIST-compliant certificates for compliance documentation
- Device Type Aware: Handles both SSDs and HDDs with appropriate methods
- SATA HDDs (Hard Disk Drives)
- SATA SSDs (Solid State Drives)
- NVMe SSDs
- IDE/PATA drives
NOT Supported:
- USB drives (ATA passthrough not reliable)
- SCSI devices
- Protection: Against basic data recovery tools
- Method: ATA SECURITY ERASE UNIT
- Use Case: Internal reuse within organization
- Reusable: Yes
- Protection: Against advanced laboratory recovery techniques
- Method: ATA SANITIZE commands or Enhanced Security Erase
- Use Case: Media leaving organizational control
- Reusable: Yes
- Protection: Against nation-state level threats
- Method: Physical destruction guidance
- Use Case: Highest security requirements
- Reusable: No (media is destroyed)
# Required packages
sudo apt install build-essential gcc
# Optional: for examining ATA capabilities
sudo apt install hdparm smartmontoolsmakemake cleanWARNING: This tool PERMANENTLY DELETES all data. There is no recovery.
# Root privileges required
sudo ./jd <device> <method># CLEAR level sanitization
sudo ./jd /dev/sda clear
# PURGE level sanitization
sudo ./jd /dev/sdb purge
# Physical destruction guidance
sudo ./jd /dev/sdc destroyThe tool requires explicit confirmation before proceeding:
Type 'CONFIRM NIST SANITIZATION' to proceed:
ATA drives may be in "security frozen" state, preventing security commands.
Solutions:
- Hot-plug the SATA cable while system is running
- Suspend and resume the system:
sudo systemctl suspend # Wake system, then run tool
After successful sanitization, a certificate is generated:
NIST_800-88_ATA_<device>_Certificate_<timestamp>.txt
The certificate includes:
- Device identification (model, serial, firmware)
- Sanitization method and level
- Timestamp and operator information
- Compliance statement
main.c - CLI interface and orchestration
├── detectDevice.c - ATA device capability detection
├── nist.c - NIST sanitization level implementation
└── ata.c - Low-level ATA command execution
- 0xEC: IDENTIFY DEVICE - Device capability detection
- 0xF1: SECURITY SET PASSWORD - Password initialization
- 0xF2: SECURITY ERASE UNIT - Standard secure erase
- 0xB4: SANITIZE DEVICE - Advanced sanitization (Block Erase, Crypto Scramble)
Uses ATA PASS-THROUGH (16) command (0x85) to send ATA commands through SCSI layer.
- Software fallback: No software overwriting fallback when hardware commands fail
- USB devices: Most USB-to-SATA adapters block ATA passthrough
- NVMe drives: Require different tooling (nvme-cli)
- Hidden areas: Some firmware-controlled areas may not be accessible
- Requires root privileges
- Direct hardware access to storage devices
- Bypasses filesystem and OS-level protections
- Irreversible data destruction
This tool follows:
- NIST SP 800-88 Rev. 1 "Guidelines for Media Sanitization"
- ATA/ATAPI Command Set standards
- Industry best practices for data sanitization
- Hot-plug SATA cable or suspend/resume system
- Verify device is SATA/IDE, not USB or NVMe
- Check device permissions and root access
- Older drives may not support SANITIZE commands
- Falls back to SECURITY ERASE UNIT
- Check device capabilities with:
sudo hdparm -I /dev/sdX
This tool is designed for legitimate data sanitization purposes. Users are responsible for:
- Ensuring proper authorization before sanitizing devices
- Compliance with organizational data retention policies
- Following applicable laws and regulations
- Maintaining proper chain of custody documentation
This project is intended for educational and enterprise use. Ensure compliance with your organization's policies and applicable regulations.
For bug reports or feature requests, ensure you include:
- Device model and type (HDD/SSD)
- Output of
sudo hdparm -I /dev/sdX - Complete error messages
- Operating system and kernel version
DATA DESTRUCTION IS PERMANENT AND IRREVERSIBLE. Always verify device selection and maintain backups before sanitization. The authors assume no liability for data loss or hardware damage resulting from use of this tool.