You can’t fill the drive. The drive decides when to use its buffered free storage blocks. It’s at the hardware level and only the Secure Erase command will clear it.
I’m not sure if filling up the entire drive is necessary. Nothing wrong with doing a ddif=/dev/urandom of=/dev/nvme1 to randomise the drive itself, but I don’t think most people are affected by the kind of information you can derive from what sectors are/aren’t written to.
Writing zeroes to every bit is useless because of the automatic remapping; it mostly serves to wear down the device if you use decent encryption. There are only so many write+erase cycles each cell can go through before it breaks, so I try to avoid doing large writes on purpose. Try a secure erase from either your UEFI GUI, but good encryption prevents the need for a full format.
Personally, I let my drives fill up over time. I trust LUKS enough to handle the encryption, and I don’t think anyone who’s going to be buying this SSD off me is going to send it off to a forensic data lab to analyse what the average size of the files I worked on was. So, my personal approach:
Buy a drive from a reputable brand with no known obvious firmware bugs (Sandstorm, anyone?)
If you want to keep/sell the drive…
Is that the best strategy? Or is anything outside of 2 and 3 redundant?
You can’t fill the drive. The drive decides when to use its buffered free storage blocks. It’s at the hardware level and only the Secure Erase command will clear it.
Right, I read some more of the comments and realized that’s what some of the “unreported space” is used for. Makes sense, thanks!
You fill up the usable space. Or the visible space. No one will disamble the device and read from the raw storage.
Then why do that when you can do a secure erase in seconds?
“Best” depends on your needs.
I’m not sure if filling up the entire drive is necessary. Nothing wrong with doing a
dd if=/dev/urandom of=/dev/nvme1
to randomise the drive itself, but I don’t think most people are affected by the kind of information you can derive from what sectors are/aren’t written to.Writing zeroes to every bit is useless because of the automatic remapping; it mostly serves to wear down the device if you use decent encryption. There are only so many write+erase cycles each cell can go through before it breaks, so I try to avoid doing large writes on purpose. Try a secure erase from either your UEFI GUI, but good encryption prevents the need for a full format.
Personally, I let my drives fill up over time. I trust LUKS enough to handle the encryption, and I don’t think anyone who’s going to be buying this SSD off me is going to send it off to a forensic data lab to analyse what the average size of the files I worked on was. So, my personal approach:
That makes sense. Thank you!