How to cryptographically sanitize a system with all self-encrypting disks (SEDs)
Applies to
- SED
- NSE
- Encryption
Description
Sanitizing one or more self-encrypting disks (SEDs), renders the existing data on the SEDs impossible to retrieve. This operation employs the inherent erase capability of SEDs to perform all of the following changes:
- Changes the disk encryption key to a new random value
- Resets the power-on lock state to false
- Sets the data authentication key (AK) to the default manufacture secure ID (MSID).
There is no method to restore the disk encryption key to its previous value, meaning that you cannot recover the data on the SED.
Use this command with extreme care.