
Select appropriate install destination, then enter the drive encryption.In general, just follow the prompts, making selections asĪppropriate, taking note of the following: Now you’re ready to actually install macOS, so boot from the USB installer (holdĭown Alt during startup to select the boot drive), select Install macOS andįollow the prompts. Note also confirms our suspicion that APFS encryption = FileVault.) Secure erase one last time, but you shouldn’t need to do it ever again. Wipe first (for reasons as outlined above). With unencrypted data on it, that you now want to re-use and need to securely This is good advice, but it fails to address the situation where you have a disk Consider using APFS encryption (FileVault). Strongly-encrypted data can be instantly "erased" by destroying (or losing) the key (password), because this renders your data irretrievable in practical terms. The modern solution for quickly and securely erasing your data is encryption. Modern devices have wear-leveling, block-sparing, and possibly-persistent cache hardware, which cannot be completely erased by these commands. NOTE: This kind of secure erase is no longer considered safe. The diskutil man page offers this warning on the use of diskutil secureErase: Format the drive as usual using Disk Utility (APFS (Encrypted) if.See the diskutil man page (not available in Recovery mode)įor more options, but all other options take an inordinate amount of time for Level 0 = overwrite with 0s, which takes around two hours for a 1TB SSD on aĢ012 MacBook Air.

To erase free space enter diskutil secureErase freespace 0 volumemountpoint, where volumemountpoint is the mount point noted above,Į.g.: diskutil secureErase freespace 0 /Volumes/Ardbeg.Use diskutil list to list available volumes, and note the mount point of.In Recovery mode, go to Utilities > Terminal.If you nevertheless want to erase free space: Unless you are setting up a hardened machine where an attacker may have physicalĪccess, it’s probably safe to skip this step. Even then, though, because of the wayĭata are written to SSDs, the original data will quickly become unreadable so However, if reusing a drive that was previously used unencrypted, it mayīe useful to overwrite the free space. The free space on the disk as any data written there will have been encryptedĪnyway. For a drive that has previously been encrypted, it is not necessary to overwrite
