help re using nvme-cli to sanitize SSD

Deane Coleman deanewcoleman at gmail.com
Sun Apr 21 19:08:17 PDT 2024 

Hi Gang,

I'm pre-novice when it comes to command lines, let alone nvme-cli, and
respectfully seek your assistance to successfully achieve the objective now
described.

I have an Acer laptop containing 1 x internal Samsung NVMe PCIe SSD running
Win11 OS and I wish to completely sanitize the SSD of all user data,
including over-provisioned / non-allocated space, whilst leaving vendor boot
capability intact (if possible) and causing least wear on the SSD. Once
sanitized, I wish to clean install Win 11 OS on the SSD. This is the
objective.

Win11 reports the SSD has 3 unencrypted partitions, as follows: 1) Fat32 EFI
system partition / volume; 2) NTFS data partition / boot volume; and 3) NTFS
MS recovery partition.

My limited use of nvme-cli identifies the SSD has only one controller
'nvme0' (with nvme0 containing all SSD data) and one namespace 'nvme0n1',
however I presume (and please correct me if I'm wrong) the 3 above mentioned
partitions in Linux = nvme0n1p1 + nvme0n1p2 + nvme0n1p3.

Based on above info (and presuming that info is sufficient), I respectfully
ask whether the following procedure will 'smoothly' achieve the objective:

1: backup all user data currently on SSD
2: have bootable Win11 ISO file prepped on USB drive via Rufus
3: boot laptop using Ubuntu Live USB
4: Open command terminal and run command - 'nvme sanitize -a 2 /dev/nvme0n1'
to start block erase sanitize operation
5: when sanitize operation is complete, exchange Ubuntu Live USB for Win11
USB and reboot laptop
6: Follow Win11 install procedures
7: Install Acer drivers
8: Install target apps

Additional questions arising from above:
- If any above element won't achieve objective, please clarify what needs
amending?
- I currently understand 'nvme sanitize -a 4 /dev/nvme0n1' (crypto erase)
causes least SSD wear but because all user data on the SSD is currently
unencrypted, I presume crypto erase is pointless to achieve objective?
- I've tried researching the following sanitize options but am currently
unable to appreciate their significance or relevance for the objective: 'No
Deallocate After Sanitize' and 'Sanitize Action...001b - Exit Failure Mode'.
Would you please help me discern whether I need to include either of these
options to meet the objective and, if so, the correct syntax placement in
the sanitize command for it/ them.

As I'm so novice, please respond in most simplistic terms for my sake.
Thanks for considering my request and kind regards,

Deane Coleman

More information about the Linux-nvme mailing list