Parted Magic Secure Erase
ATA, NVMe, SCSI, and eMMC/SD Drive Secure Erase Utility
Parted Magic Secure Erase is a hardware-driven secure erase and data sanitization utility that irreversibly destroys all data on ATA, NVMe, SAS/SCSI, and eMMC/SD storage. As a result, IT asset disposal shops, data-center operators, and security teams can retire drives with full NIST SP 800-88r2 Purge-level assurance and a signed PDF certificate for every drive. To get started, download Parted Magic and boot from a USB stick.
Secure Erase Overview
The Erase utility permanently destroys all data on ATA (SATA), NVMe, SCSI (SAS), and eMMC/SD drives using the drive’s built-in hardware erase command. Unlike software-based wiping tools, hardware erase instructs the drive’s own controller to wipe every storage cell — including remapped sectors and areas the operating system cannot see — so recovery becomes impossible even with forensic equipment.
Sanitization levels follow NIST SP 800-88r2 (September 2025). In addition, technology-specific sanitization techniques conform to IEEE 2883.
The utility supports eight erase paths, and it selects one automatically based on each drive’s capabilities:
| Erase Path | Description |
|---|---|
| ATA Sanitize | Drives supporting hdparm --sanitize-block-erase. Most modern SATA SSDs and HDDs. Preferred method. |
| ATA Secure Erase | Fallback for drives without Sanitize support. Uses hdparm --security-erase (standard) or --security-erase-enhanced (Enhanced Secure Erase) where supported. |
| NVMe Sanitize | NVMe drives with Sanitize capability (sanicap bit 1). Uses nvme sanitize --sanact=2 (Block Erase). |
| NVMe Format | Fallback for NVMe drives without Sanitize support. Uses nvme format --ses=2 (User Data Erase). |
| SCSI Sanitize | SAS/SCSI drives supporting the SCSI Sanitize command. Uses sg_sanitize --block (Block Erase). |
| SCSI Format | Fallback for SAS/SCSI drives without Sanitize support. Uses sg_format --format (Format Unit). |
| eMMC / SD Erase | eMMC and SD cards detected as /dev/mmcblkN. Uses mmc erase for hardware secure erase. If a card does not support hardware erase, the utility falls back to Block Wipe automatically. |
| Block Wipe | Software fallback for drives with no hardware erase command — including USB flash drives, legacy drives, and SD cards without erase support. Uses dd. Meets NIST SP 800-88r2 Clear (standard write interface). Note that this method may take many hours on large drives. |
Hidden Area Coverage (HPA / DCO)
ATA drives can reserve sectors that the operating system cannot see using two mechanisms: Host Protected Area (HPA) and Device Configuration Overlay (DCO). As a result, these hidden areas may still contain data that persists through a normal format or partition delete.
Fortunately, the ATA Sanitize and ATA Secure Erase commands — both defined in the ACS specification — operate on the entire media at the firmware level, which includes HPA, DCO, remapped sectors, and overprovisioned flash. Therefore, the utility requires no userspace reset; the drive controller handles full-media coverage internally.
However, Block Wipe writes through the standard block device (/dev/sdX) and can only reach sectors the operating system can see. Consequently, when a drive has HPA or DCO configured, those hidden sectors remain untouched. For this reason, NIST SP 800-88r2 classifies Block Wipe as Clear rather than Purge.
If you still need to handle HPA manually, Parted Magic ships hdparm, which can detect and reset HPA from the command line:
# Check for HPA (compare "native max" vs "accessible" sectors):
hdparm -N /dev/sdX
# Reset HPA to expose all sectors (replace MAX with the native max value):
hdparm -N pMAX /dev/sdXFor most users, however, ATA Sanitize or ATA Secure Erase is the recommended approach — the drive firmware covers HPA and DCO automatically, so no manual steps are required.
⚠ Warning — Data Loss
THIS OPERATION IS PERMANENT AND CANNOT BE UNDONE.
Once the erase process has started, however, nothing can stop or reverse it. The utility will completely and unrecoverably destroy all data on the selected drives. Therefore, make sure you have selected the correct drives before confirming.
Moreover, do not power off, reboot, or put the computer to sleep while an erase operation is in progress.
Step 1 — Drive Selection
The utility detects drives automatically at launch and groups them by erase type. However, by default, the utility selects no drives — you must explicitly check each drive you want to erase. In TUI mode, for example, press a to select all eligible drives, or alternatively use --select on the command line to pre-select specific drives.
Secure Erase Drive Groups
| Group | Contents |
|---|---|
| ATA Drives | ATA Sanitize drives and ATA Secure Erase drives. FROZEN drives appear here but remain unselectable until you unfreeze them (see Sleep below). |
| NVMe Drives | NVMe Sanitize and NVMe Format drives. |
| eMMC / SD Drives | eMMC and SD cards (/dev/mmcblkN) that support hardware secure erase via the mmc tool. If a card lacks hardware erase support, it appears in Block Wipe instead. |
| Block Wipe | Hidden by default. To reveal drives with no hardware erase support, click “Show Block Wipe” in the Options bar. This section only appears when the utility detects such drives. Click “Hide Block Wipe” to collapse it again. |
Each drive card shows the device path, model name, capacity, and erase-method badge. For more detail, hover over any card to see the full serial number, NIST level, and exact erase command the utility will use.
Secure Erase Badge Colors
| Badge | Color | Meaning |
|---|---|---|
| ATA SANITIZE | Blue | ATA Sanitize Block Erase |
| SECURE ERASE | Green | ATA Security Erase |
| ADV SECURE ERASE | Green | ATA Enhanced Security Erase |
| NVME SANITIZE | Purple | NVMe Sanitize Block Erase |
| NVME FORMAT | Orange | NVMe Format (fallback) |
| MMC ERASE | Cyan | eMMC/SD hardware secure erase |
| SCSI SANITIZE | Green | SAS/SCSI Sanitize Block Erase |
| SCSI FORMAT | Light Green | SAS/SCSI Format Unit fallback |
| PSID REVERT | Magenta | Locked SED — PSID revert |
| BLOCK WIPE | Violet | Software wipe (dd) |
| BOOT DRIVE | Red | System drive, cannot be erased |
| MOUNTED | Yellow | Drive has mounted partitions |
| FROZEN | Red | Drive is frozen; must unfreeze |
| HDD / SSD | Grey | Drive media type |
Block Wipe Methods
In normal mode, Block Wipe cards include a method dropdown so you can select how the utility wipes the drive. However, NIST Purge mode locks the method to 3-pass dd (zeros/random/zeros), so the dropdown does not appear.
| Method | Passes | Description |
|---|---|---|
| Zero Fill | 1 | All zeros (fast, default) |
| Random Fill | 1 | Pseudorandom data |
| RCMP TSSIT OPS-II | 8 | Alternating passes — RCMP standard |
| DoD Short (3-pass) | 3 | Zeros, random, zeros |
| DoD 5220.22-M | 7 | DoD 5220.22-M standard |
| Gutmann | 35 | Gutmann method (very slow) |
| PRNG Stream | 1 | Isaac PRNG stream |
Note: NIST SP 800-88r2 §3.1.1 confirms that a single-pass overwrite suffices for Clear. Multi-pass schemes such as DoD 5220.22-M and Gutmann provide no additional assurance on modern media — in fact, DoD removed overwriting specs from NISPOM in 2006. Furthermore, Gutmann originally targeted 1990s magnetic media. Consequently, if you select Gutmann for an SSD or eMMC drive, the utility triggers a caution notice because the method offers no security benefit over a single-pass wipe on flash storage.
Asset Tags
Each drive card shows a small “Asset Tag” field below it. Specifically, you enter the IT asset tag, barcode, or inventory number for each individual drive. As a result, the utility prints asset tags in each drive’s record block on its certificate. However, the utility stores them in state for the session only (not persisted across launches).
Secure Erase Options
| Option | Description |
|---|---|
| Verify after erase | Runs the built-in post-erase read-back verifier on all erased drives. Always enabled in NIST Purge mode. See Post-Erase Verification below for details. |
| Sample | Percentage of each drive to verify (10%–100%). At 100%, the utility reads every sector. Default: 100%. |
| Show / Hide Block Wipe | Toggles the Block Wipe drive section. Only appears in the Options bar when block-wipe drives are present. |
| Email log to | If you enter an email address, the utility emails all log files and certificates on completion via mailx. It also saves the address to ~/.config/email and pre-fills it on relaunch. |
Secure Erase Action Bar — Row 1: Compliance and Workflow
| Button | Description |
|---|---|
| NIST SP 800-88r2 (Purge) | Toggles NIST SP 800-88r2 Purge compliance mode. When active, verification is forced on, block wipe uses fixed 3-pass dd, and all certificates record “Purge” as the standard. In addition, enabling NIST mode automatically disables DoD mode. Persists via /tmp/nist_purge_mode. |
| DoD 5220.22-M | Toggles DoD 5220.22-M certificate compliance mode. Certificates then record “DoD 5220.22-M” as the sanitization standard. However, this is a certificate annotation only — it does not change which erase commands run. In addition, enabling DoD mode automatically disables NIST mode. Persists via /tmp/dod_mode. |
| Certificate Info… | Opens a popover where you enter organization name, location, phone, work order, media destination, data backup status, and chain-of-custody names/titles (technician, validator, witness). The utility saves all values to ~/.config/cert_info.json. |
| Destroy… | Opens the Physical Destruction workflow (see Physical Destruction Logging below). |
| Continue | Advances to the Confirmation screen. Also saves all preferences to ~/.config/cert_info.json. |
Action Bar — Row 2: Utility and Notifications
| Button | Description |
|---|---|
| Sleep | Suspends the computer to RAM for ~5 seconds and restarts the app. Use this to unfreeze ATA drives, because most drives unfreeze automatically on power cycle. |
| Re-detect Drives | Re-runs drive detection without restarting the app. In addition, the utility automatically deselects previously selected drives that are no longer present. |
| Help | Opens the built-in manual. |
| [Light] / [Dark] | Toggles between dark and light theme. |
| Sound | Plays a completion chime when all drives finish erasing. |
| Summary Popup | Shows a pass/fail summary dialog on completion. |
| Test | Previews the success chime. |
| Quit | Saves all preferences and exits the application. |
Step 2 — Confirmation
This screen lists every drive scheduled for erase along with its serial number, capacity, erase method, and compliance level. Review the list carefully before proceeding.
SMART Health Gate
As soon as the confirmation screen opens, a SMART health check runs in the background on all selected drives (smartctl -H and -A). Specifically, the check covers two independent conditions:
Health Failures
However, if any drive reports SMART FAILED, a red danger box lists the affected drives. In addition, a second override checkbox appears: “I understand these drives are failing — proceed anyway and attempt erase.” As a result, the Start Erase button remains locked until you check both the consent checkbox and the SMART override checkbox.
Drive Temperature
Specifically, the utility reads temperature from SMART attribute 190/194 (ATA/SCSI) or the NVMe Temperature field:
| Threshold | Severity | Behavior |
|---|---|---|
| ≥ 50 °C | Amber advisory | Shown but does not block erase. Improving airflow is recommended. |
| ≥ 60 °C | Red danger — CRITICAL | You must check a second override checkbox before Start Erase becomes active, because erasing at extreme temperatures risks firmware damage and incomplete data destruction. |
The utility records the temperature at time of erase in the log (TEMP: field) and prints it on each drive’s certificate.
Consent Checkbox
Before Start Erase becomes active, you must check the consent checkbox: “I understand that all data on the selected drives will be permanently and irreversibly destroyed.”
The confirmation screen has three buttons: Back (returns to drive selection without erasing), Quit (exits the application), and Start Erase (begins the erase operation on all selected drives in parallel).
Step 3 — Secure Erase Progress
Furthermore, a per-drive status card appears for every drive the utility is erasing. All drives erase in parallel regardless of erase type — ATA, NVMe, SCSI, eMMC, and Block Wipe drives all start simultaneously. In addition, the progress bar and status message update in real time.
| Status | Meaning |
|---|---|
| Spinning / Erasing… | Drive erase is in progress |
| ✓ Done | Drive erased successfully |
| ✗ Failed | Erase command returned an error |
Throughout the wipe, block wipe cards show live progress: current completion percentage, estimated time remaining, and current pass description (for example, “pass 2/3 — random”). The utility calculates ETA from the current write rate and suppresses it for the first second of each pass while the rate stabilizes.
If you enabled verification, the window switches to the verification phase once all erases complete. See the next section for how that works.
Post-Erase Verification
When Verify after erase is enabled (or NIST Purge mode forces it on), the verifier runs automatically on every erased drive once all erase commands complete. Verification is built directly into the Erase utility — nothing additional to install or configure.
Verification Modes
The verifier automatically chooses the correct check mode for each drive based on the erase method used. Drives erased with ATA Enhanced Secure Erase (cryptographic erase) are checked for sector readability — the encryption key has been destroyed, so byte values are indeterminate after erase. All other erase methods are checked for all-zero bytes:
| Erase Method | Check Mode | What It Verifies |
|---|---|---|
| ATA Sanitize | Zeros check | Every sampled sector contains all-zero bytes. |
| ATA Secure Erase (standard) | Zeros check | Every sampled sector contains all-zero bytes. |
| ATA Enhanced Secure Erase | Readability check | Every sampled sector returns data without I/O error. (Enhanced Secure Erase is a cryptographic erase — the encryption key is destroyed, so post-erase byte values are indeterminate and a zeros check would always fail. Confirming that all sectors remain readable is the correct verification for crypto-erase, in line with NIST SP 800-88r2.) |
| NVMe Sanitize | Zeros check | Every sampled sector contains all-zero bytes. |
| NVMe Format | Zeros check | Every sampled sector contains all-zero bytes. |
| SCSI Sanitize | Zeros check | Every sampled sector contains all-zero bytes. |
| SCSI Format Unit | Zeros check | Every sampled sector contains all-zero bytes. |
| eMMC / SD Erase | Zeros check | Every sampled sector contains all-zero bytes. |
| Block Wipe | Zeros check | Every sampled sector contains all-zero bytes (after the final zero pass). |
| PSID Revert + re-erase | Inherits the mode of the post-unlock erase method. | — |
Sampling
Set the Sample percentage on the drive selection screen to control how much of each drive the verifier reads:
- 100% (default) — Every sector is read. Slowest but most thorough.
- 50%, 25%, 10% — The verifier reads evenly-distributed sample ranges spanning the full LBA range of the drive, so sampling covers the beginning, middle, and end of the media rather than only the first portion.
For NIST SP 800-88r2 Purge certification, 100% sampling is recommended.
Verification Progress
When verification starts, the window switches to a per-drive progress view. Each drive card shows its check mode badge (ZEROS CHECK or READABLE CHECK), a live progress bar, and the result once the scan finishes:
| Result | Meaning |
|---|---|
| ✓ Pass | Every sampled sector matched the expected check mode. |
| ✗ Mismatch | (Zeros check) The verifier found at least one non-zero byte. The drive’s final result on the certificate is set to Erase Failed. |
| ✗ Error | (Readable check) The verifier encountered an I/O error during the read. The drive’s final result on the certificate is set to Erase Failed. |
All drives verify in parallel, just like during the erase phase. The verifier runs in a background thread per drive and updates the GTK UI without blocking, so large drives at 100% sampling do not freeze the interface.
TUI Verification
The same verifier runs under --tui mode as well, using a curses-based progress display instead of GTK. Pass/fail results, sampling, and check-mode selection all behave identically.
Step 4 — Secure Erase Results
This screen shows the final erase result (Successfully Erased or Erase Failed) for every drive, followed by log file paths and certificate paths.
Secure Erase Log Files
The utility always generates three log files:
| Log File | Contents |
|---|---|
Advanced Log (*-Advanced.txt) | Full erase session log with drive identity data (hdparm -I / nvme id-ctrl / mmc extcsd read), erase results, smartctl output, and an MD5 checksum at the end. In addition, block wipe and eMMC drives include their full tool output. |
Basic Log (*-Basic.txt) | Summary log with erase results and the MD5 checksum of the Advanced Log. |
CSV Log (*-Basic.csv) | Spreadsheet-compatible summary with one row per drive: model, serial, capacity, OS, software, finish time, MD5, result, verification, method. |
Secure Erase Certificates
The utility generates one PDF certificate per erased drive, named <dev>-Erase-Certificate-<timestamp>.pdf. Each certificate contains:
- Organization name, location, and phone
- Host system information (from
dmidecode) - Sanitization session timestamps and compliance standard
- Drive record: serial, capacity, media type, operational status, sanitization method (Clear/Purge/Destroy), sanitization technique, NIST/DoD level, verification result
- Media destination and data backup status
- Log file paths and MD5 integrity checksum
- Attestation statement referencing the active standard (NIST SP 800-88r2 or DoD 5220.22-M)
Chain-of-Custody Signature Block
The certificate also includes two signature rows:
| Row | Fields |
|---|---|
| Row 1 | Technician | Validator |
| Row 2 | Witness | Date |
If you entered names and titles in Certificate Info, they pre-print on the signature lines. Otherwise, blank entries leave underscore lines for handwritten signatures. In addition, the witness row supports formal chain-of-custody requirements where a third party observes and countersigns the sanitization.
Secure Erase Save Options
By default, the utility saves all files to /home/partedmagic/. To copy files to an external location, expand “Save Options”:
| Format | Description |
|---|---|
| Uncompressed | Copies all files as-is |
| Gzip (.gz) | Compresses each file with gzip before copying |
| Zip (.zip) | Wraps each file in a zip archive before copying |
Next, use Browse… to select the destination directory, or alternatively click Mount to launch Parted Magic Mount and mount an external drive first. The results screen also provides View Log (opens logs in leafpad), View Certificate (opens PDFs in LibreOffice), and Save & Close (copies selected files to the save directory and exits). If you also need full-disk imaging, see Parted Magic Clonezilla.
Finally, if you entered an email address on the selection screen, the utility automatically emails all logs and certificates on completion.
Secure Erase Compliance and Standards
Sanitization levels follow NIST SP 800-88r2 (September 2025). In addition, technology-specific sanitization techniques conform to IEEE 2883.
| Erase Method | NIST SP 800-88r2 Level |
|---|---|
| ATA Sanitize (SSD) | Purge |
| ATA Sanitize (HDD) | Purge |
| ATA Secure Erase (SSD) | Purge |
| ATA Secure Erase (HDD) | Purge |
| ATA Enhanced Secure Erase | Purge (crypto-erase) |
| NVMe Sanitize | Purge |
| NVMe Format -s2 | Purge (fallback) |
| eMMC Secure Erase | Purge |
| SCSI Sanitize (SSD) | Purge |
| SCSI Sanitize (HDD) | Purge |
| SCSI Format Unit (SSD) | Purge |
| SCSI Format Unit (HDD) | Purge |
| PSID Revert + re-erase | Inherits level of the post-unlock erase method |
| Block Wipe (any method) | Clear |
Under r2, all dedicated device sanitize commands (ATA Sanitize, ATA Secure Erase, NVMe Sanitize/Format, SCSI Sanitize/Format, eMMC Secure Erase) qualify as Purge regardless of media type, because they bypass the standard read/write interface and address all storage areas including overprovisioning and remapped sectors. In contrast, only software block wipe via standard write commands (dd) falls under Clear.
When DoD 5220.22-M mode is active, all certificate fields reference DoD 5220.22-M regardless of erase method used. However, the erase commands themselves do not change — DoD mode affects certificate output only. In addition, certificate fields conform to the NIST SP 800-88r2 Appendix C sample Certificate of Sanitization form.
Physical Destruction Logging
To open the Physical Destruction workflow, click Destroy… on the drive selection screen. No erase runs here — this workflow only logs that the drives underwent physical destruction and generates a signed certificate for your records.
When to Use This
Use physical destruction logging when someone will shred, degauss, incinerate, or otherwise destroy the drives rather than erase them. NIST SP 800-88r2 classifies physical destruction as the “Destroy” sanitization method (Section 3.1.3), which applies when no one will reuse the media.
Destruction Methods
- Shredding — Industrial cross-cut or granular shredder
- Degaussing — Electromagnetic field erasure (tape / HDD)
- Disintegration — Granulator / disintegrator
- Incineration — High-temperature combustion
- Crushing / Bending — Hydraulic press or manual bending
- Drilling / Punching — Physical perforation of platters/chips
- Degaussing + Shredding — Combined (highest assurance for HDDs)
- Other — Free-text notes field available
Session Fields
| Field | Description |
|---|---|
| Date of Destruction | Date the destruction was carried out |
| Contractor / Facility | Name of the destruction facility or vendor |
| Contractor Ref # | Manifest or job reference from contractor |
| Authorized By | Name of person authorizing destruction |
| Witness | Independent witness to the destruction |
| Work Order | Links the certificate to a broader asset disposal job |
Drive Fields (per drive)
Each drive row includes: device node (pre-filled from detected drives, editable), model, serial number, capacity, asset tag (pre-filled from selection screen if set), and notes. The utility pre-populates detected drives automatically. In addition, click + Add Drive Manually to add drives that are not currently attached — for example, already-destroyed drives you are documenting retroactively.
Physical Destruction Certificate
The generated PDF uses a distinct deep-red header to distinguish it from sanitization certificates. It includes organization and contractor information, per-drive record with serial number and destruction method, NIST SP 800-88r2 Destroy disposition attestation, authorized-by and witness signature lines, and also a QR code encoding key certificate fields for verification. The utility saves the certificate as Physical-Destruction-Certificate-YYYY-MM-DD-HHMM.pdf.
Dark / Light Theme
To toggle between themes at any time, click [Light] or [Dark] in the action bar of the drive selection screen. The change takes effect immediately across all open windows without restarting. In addition, the utility saves the selected theme to ~/.config/cert_info.json and restores it automatically on the next launch.
Both themes are fully self-contained — the utility uses no system GTK theme, Adwaita, or external stylesheet. Instead, the app defines every color internally, so the appearance stays consistent regardless of the desktop environment or GTK settings.
Dark (default)
Deep navy/charcoal backgrounds with blue accent (#2a7fff). Optimized for low-light environments and data-center work.
Light
Clean white/light-grey backgrounds with the same blue accent. Better legibility under bright fluorescent lighting or when capturing screenshots for reports.
Sound and Notification on Completion
Two optional alerts fire automatically when all drives finish erasing. You will find the checkboxes in the bottom action bar of the drive selection screen.
Sound on Completion
The utility plays a synthesized two-note chime via ffplay. No audio files are required because the utility generates tones in real time.
| Outcome | Sound |
|---|---|
| Success (all drives passed) | Rising chime — 880 Hz → 1320 Hz |
| Failure (any drive failed) | Falling tone — 440 Hz → 220 Hz |
To preview the success chime before erasing, click Test next to the checkbox. However, if ffplay is not installed, the utility silently skips this option. In addition, sound also plays in --tui mode.
Summary Popup
A small non-blocking dialog appears over the results window, listing the pass/fail status of every erased drive. The popup appears about 350 ms after the results window opens, and you can dismiss it independently without closing the main window. Both options default to off and persist across sessions via ~/.config/cert_info.json.
Secure Erase Command-Line Options
Secure Erase Modes
| Flag | Description |
|---|---|
(default) | GUI mode — full GTK3 windowed interface. |
--tui | Terminal UI (curses) — no X11 or GTK required. Provides an interactive Select → Confirm → Erase → Results flow entirely in the terminal. Exit code 0 = all drives succeeded; exit code 1 = one or more drives failed. |
Drive Selection
| Flag | Description |
|---|---|
--select sda,sdb | Pre-selects the named drives for erase. Names can include or omit the /dev/ prefix. You can still toggle other drives interactively. |
--list | Prints all detected drives and their erase methods, then exits (no erase performed). |
--check-deps | Verifies that all required external programs and Python packages are installed, then exits. Prints OK or MISSING for each dependency. Exit code 0 = all required deps present; 1 = one or more missing. |
Erase Options
| Flag | Description |
|---|---|
--nist | NIST SP 800-88r2 Purge mode (same as the NIST toggle). |
--dod | DoD 5220.22-M certificate annotation. |
--verify PCT | Post-erase verification: 10, 25, 50, or 100 percent. |
--method KEY | Block wipe method for all block-wipe drives. Keys: zero, random, ops2, dod_short, dod, gutmann, prng. Default: zero. |
--work-order WO | Work order number embedded in every certificate. |
--log-dir DIR | Writes logs and certificates to DIR instead of ~/. |
Certificate Options
| Flag | Description |
|---|---|
--org-name NAME | Organization name for certificates. |
--org-location LOC | Organization location (city / facility). |
--org-phone PHONE | Organization phone number. |
--technician NAME | Technician name for signature block. |
--technician-title T | Technician title for signature block. |
--email ADDR | Email address the utility records on the certificate and also uses to send log files via mailx on completion. |
PSID Unlock
To supply PSID codes for locked SED drives, use --psid-code DEV:CODE[,DEV:CODE…]. You will find the 32-character code printed on the drive label. The utility pre-selects and unlocks drives listed here for erase. However, without --psid-code, PSID-locked drives appear as frozen and remain unselectable.
Secure Erase Examples
# List all detected drives without erasing:
erase --list
# TUI — interactive terminal drive selection and erase:
erase --tui
# TUI — pre-select drives, NIST Purge, verify 100%, log to USB:
erase --tui --nist --verify 100 \
--select sda,sdb --log-dir /mnt/usb/logs --work-order WO-2024-0042
# TUI — DoD mode, full cert info, email results:
erase --tui --dod \
--work-order WO-2024-0042 \
--org-name "Acme Corp" --org-location "New York, NY" \
--technician "Jane Doe" --technician-title "IT Specialist" \
--email reports@acme.com --log-dir /mnt/usb/logs
# TUI — block wipe with Gutmann method:
erase --tui --select sda --method gutmann
# TUI — unlock and erase a PSID-locked SED:
erase --tui \
--psid-code sda:12345678901234567890123456789012Secure Erase Notes
- The utility always excludes boot/system drives regardless of
--select. - The utility never auto-selects PSID-locked drives; instead, use
--psid-codeto include them. - CLI options (
--org-name,--technician, and so on) override values saved in~/.config/cert_info.jsonfor the current run only.
Saved Files and Configuration
| Path | Purpose |
|---|---|
~/.config/email | Last-used email address |
~/.config/cert_info.json | Organization and chain-of-custody info, theme, sound/popup preferences, and block wipe method selections |
/tmp/nist_purge_mode | Presence enables NIST Purge mode |
/tmp/dod_mode | Presence enables DoD 5220.22-M mode |
/tmp/pmagic_gtk3_erase.lock | Single-instance lock (PID) |
By default, the utility writes log and certificate files to /home/partedmagic/. However, you can override this with --log-dir.
Recovering a Drive After an Interrupted ATA Erase
ATA Secure Erase is a two-step firmware operation: the utility first sets an ATA security user password on the drive, then issues the erase command, and finally disables security once the erase finishes. The password Parted Magic uses is pmagic. Under normal operation this all happens automatically and the password is removed before the drive leaves the Results screen — you never see it.
If an ATA Secure Erase is interrupted — by power loss, reboot, sleep, a cable disconnect, or an app crash — the drive can be left with the security password still set.
The drive is now locked. It may show a tiny capacity, refuse to mount, report “security frozen,” or vanish from the OS entirely. The drive is not dead. The password Parted Magic set is pmagic, and removing it restores the drive to normal use.
This only applies to the ATA Secure Erase path. ATA Sanitize, NVMe, SCSI, and eMMC erases do not set a security password, so they cannot leave a drive locked this way.
The Password Is pmagic
Before every ATA Secure Erase, the utility runs hdparm --security-set-pass pmagic /dev/sdX to set the drive’s user password, then runs hdparm --security-disable pmagic /dev/sdX after the erase completes to clear it. If the process stops between those two steps, the password pmagic remains active on the drive’s firmware. Knowing this value is the key to recovery — you do not need the manufacturer master password or any special equipment.
Recovery — ATA Security Disable
Parted Magic ships a dedicated tool for exactly this situation: ATA Security Disable (pmagic_ata_security_disable). It unlocks the drive with the supplied password, then fully disables security so the drive returns to normal read/write operation. It does not erase any data — it only removes the ATA password.
- If the drive shows as frozen, power-cycle the machine first (or use the Sleep button in the Erase app), because security commands cannot run on a frozen drive.
- Launch ATA Security Disable and select the locked drive.
- Leave the password field at its pre-filled default of
pmagic— this is the password Parted Magic set. Only change it if you know the password was set to something else. - Leave Use master password unchecked. The user password (
pmagic) is the correct one for a Parted Magic erase. - Confirm. The tool unlocks the drive, disables security, and writes a log recording the exact
hdparmcommands issued and the drive’s security state before and after.
Once security is disabled, the drive returns to its full capacity and can be partitioned, re-erased, or used normally. If you intended to sanitize the drive, simply run the Erase utility again — an interrupted erase leaves data in an indeterminate state and should never be treated as complete.
Warning — retry counter: Entering the wrong password increments the drive’s internal security counter. Most drives lock permanently after about 5 consecutive wrong attempts and require a full power cycle before further attempts are accepted. Do not guess passwords repeatedly. For a Parted Magic erase the password is always pmagic — enter it exactly once.
If neither the user password (pmagic) nor the manufacturer master password is known — for example, on a drive locked by some other tool — a PSID Revert may be the only remaining option. PSID Revert is destructive: it cryptographically erases the drive. Use the PSID Revert path in the Erase utility (badge PSID REVERT) with the 32-character PSID code printed on the drive label.
ATA Security Disable — Command Line
| Command | Description |
|---|---|
pmagic_ata_security_disable | Launch the GUI. |
pmagic_ata_security_disable --list | List eligible drives and exit. |
pmagic_ata_security_disable --check-deps | Verify required programs are installed. |
pmagic_ata_security_disable --manual | Print the full manual to stdout. |
Secure Erase Troubleshooting
If you hit a problem not covered below, also see the Parted Magic support page.
Drive Detection Issues
| Problem | Solution |
|---|---|
| Drive not listed | The drive may be in RAID mode in BIOS/UEFI (change to AHCI), or fully encrypted (use PSID Revert — the drive will then appear in the “Locked Drives” section). In addition, click Re-detect Drives after connecting a drive without rebooting. |
| Drive shows BOOT DRIVE | The drive contains the running OS, so the utility protects it from selection automatically. Therefore, boot from a different device (for example, a Parted Magic USB) if you need to erase it. |
| Drive shows MOUNTED | One or more partitions on this drive are currently mounted. You can still select the drive, but the confirmation screen will show a warning. Therefore, unmount partitions before erasing where possible. |
| USB drive not listed | USB drives appear in the Block Wipe section. To reveal them, click “Show Block Wipe” in the Options bar. |
| eMMC not listed | The card may not advertise SEC_ERASE_SUPPORT in its extended CSD register, and as a result it appears in Block Wipe instead. In addition, the mmc tool must be installed for hardware erase. |
| Drive shows FROZEN | The BIOS has frozen the drive’s ATA security. Therefore, click Sleep — the utility suspends briefly and restarts. Most drives unfreeze on power cycle. |
Erase Operation Issues
| Problem | Solution |
|---|---|
| SMART gate blocking Start Erase | One or more selected drives failed the SMART health check. Check the red warning box on the confirmation screen. Then either tick the override checkbox to proceed, or go Back and deselect the failing drive. |
| Erase Failed | The drive firmware rejected the erase command. For details, check smartctl output in the Advanced Log. The drive may be locked, failing, or unsupported. |
| ATA erase interrupted — drive now locked | An interrupted ATA Secure Erase can leave the drive locked with the password pmagic still set (small capacity, won’t mount, or “security frozen”). The drive is not dead. Run ATA Security Disable (pmagic_ata_security_disable), leave the password at the default pmagic, and disable security to restore the drive. See Recovering a Drive After an Interrupted ATA Erase above. |
| Verification reports Mismatch | The verifier found non-zero bytes on a drive after a zeros-mode erase. This usually means the drive firmware reported success but did not fully zero the media. Check the Advanced Log for the erase command output, and try the alternate erase path if one is available (for example, ATA Secure Erase on a drive that failed ATA Sanitize verification). |
| Certificate not generated | ReportLab is required. Install with: pip install reportlab --break-system-packages |
| Email not sent | You must configure mailx with a working MTA. Therefore, check /etc/mailx.rc or sendmail. |
© 2026 Patrick J. Verner, Waupaca, WI, USA. All rights reserved.