Professional Documents
Culture Documents
Blancco Drive Eraser Manual en-US
Blancco Drive Eraser Manual en-US
1. General information 11
2.2.2 Multitasking 15
3. Header Area 17
4.1 Processes 28
4.1.1 Manual 28
4.1.2 Semi-automatic 28
4.1.3 Automatic 29
4.1.4 Workflow 29
4.2 Erasure-step 29
4.2.3.1 Erase-button 32
4.2.3.3.2 Verification 38
4.2.3.4 Hexviewer-button 38
4.4.2.2 Update-button 48
4.5 Report-step 48
4.5.2.2 Save-button 50
4.5.2.3 Send-button 53
4.6 Restart/Shutdown-step 54
4.7.4 Network 57
4.7.5 BMC 57
4.7.6 Licenses 58
5. Keyboard Controls 60
5.4.1 Erasure-step 62
5.4.1.1 Ctrl + R 62
5.4.1.2 Ctrl + M 62
5.4.1.3 Ctrl + F 62
5.4.1.4 Ctrl + A 62
5.4.1.5 Ctrl + L 62
5.4.1.7 Ctrl + H 62
5.4.1.13 Ctrl + G 63
5.4.1.14 Ctrl + E 63
5.4.2.1 Ctrl + T 63
5.4.2.2 Ctrl + A 63
5.4.3.1 Ctrl + D 63
5.4.4 Report-step 63
5.4.4.1 Ctrl+S 63
5.4.4.2 Ctrl+N 63
5.4.4.3 Ctrl + M 63
6. Screensaver 64
6.1 Presentation 64
7.1.1 Description 71
7.17 CD-eject 83
8.2 SSDs 89
8.7 Chromebooks 94
9. Hardware Tests 95
9.1.3 CPU 96
9.1.4 Memory 97
9.1.5 Motherboard 97
9.2.1 Display 97
Blancco Drive Eraser can also be booted from a USB flash drive. A bootable USB flash drive can be created
with the help of Blancco USB Creator tool. Contact Blancco for more information.
If there is a dedicated network for erasing machines, Blancco Drive Eraser can also boot via a Preboot
eXecution Environment or PXE (as long as the machines to be erased support PXE booting). Contact
Blancco for more information.
As of version 6.3.0, UEFI Secure Boot is supported.
Version 6.6.0 and newer releases are fully compatible with Blancco Management Console (BMC)1 4.8.0
and newer releases. Older (<4.8.0) BMC releases are not compatible with version 6.6.0 and newer,
because of the updated Digital Signature of the version 6.6.0. Starting from version 6.12, the digital sig-
nature can also be customized via DECT 2.12 or newer (see the DECT user manual for more details).
1Centralized data management reporting solution to store and manage data erasure reports. Also used for monitoring and controlling
ongoing data erasures.. Please see the BMC manual for more information.
l Check that all the drives are attached properly to the computer. See the manufacturer’s guide for
this.
l Check that the BIOS clock’s time is up to date.
l If you have a laptop computer, plug in the power adapter. There may be problems when erasing a
laptop on battery power.
l Disable or type the BIOS passwords requested during the booting up phase. This refers to the pass-
words that some computers require even before the actual booting starts. Other kinds of BIOS pass-
words do not usually prevent erasing the drive.
l Disable power saving features from the BIOS.
l Set the storage configuration as "AHCI" (not as "RAID").
l Note. This step is usually not needed, but some hardware may have problems if power saving is
enabled, so if you have just one license, it is prudent to do this. In a recycling center or corporate
environment this should be done only if there are problems with the given computer model when the
power saving is on.
l If your Blancco Drive Eraser software is in *.iso image form, make a bootable USB-stick or burn it to a
CD.
l Switch-on the computer power, put in the Blancco Drive Eraser CD and boot the system from the CD
(or use the booting that suits you best).
l Follow the user instructions in order to start erasing the data. Double-check that all data storage
devices have been detected correctly so that all the data will be correctly erased from them.
Note Blancco provides the SHA256 checksum of the ISO image in the delivery email. To verify that the
SHA256-checksum for your image is correct, please use a SHA256 checksum verification tool.
Warning! Shutting the computer down, exiting the program, disconnecting the drive(s) or paus-
ing/cancelling the process when Blancco Drive Eraser is performing an erasure on the drive(s) with NIST
800-88 Purge6 - ATA, BSI-GS/E, (Extended) Firmware based erasure or Blancco SSD Erasure, can
1Serial ATA or SATA is an evolution of the Parallel ATA physical storage interface. SATA is a serial link – a single cable with a min-
imum of four wires creates a point-to-point connection between devices.
2Short for Small Computer System Interface, a parallel interface standard used by Apple Macintosh computers, PCs, and many UNIX
systems for attaching peripheral devices to computers.
3Short for Serial Attached SCSI, it is a communication protocol used to move data to and from computer storage devices such as hard
drives and tape drives. SAS is a point-to-point serial protocol that replaces the parallel SCSI bus technology.
4A serial data transfer architecture. The most prominent Fibre Channel standard is Fibre Channel Arbitrated Loop (FC-AL).
5NVM Express (NVMe) is a logical device interface specification for accessing non-volatile storage media attached via a PCI Express
(PCIe) bus. NVM, stands for non-volatile memory, which is commonly flash memory that comes in the form of solid-state drives
(SSDs).
6A level of security defined by NIST that protects against laboratory attacks.
For more information about the booting options, see the chapter “Booting Options”.
If the memory test is enabled, the system memory (RAM) is tested during this phase. A message about
ongoing memory test is displayed on the screen (works mostly on BIOS machines). Note that if the device
has a large amount of RAM, this test might take a long time to complete.
When Blancco Drive Eraser is booted, the main view is shown after the loading screen. It is divided into
three main areas: the header area, the process area and the work area.
1. Erasure – Choosing what to erase and how and starting the erasure
2. Hardware tests – Testing the main components of the machine (not available in all modes, can be
turned off)
3. Custom fields – Report filling and updating (can be turned off)
4. Report – Checking the report and sending and/or saving it.
2.2.2 Multitasking
Blancco Drive Eraser’s user interface makes multitasking possible by letting the user navigate freely
between the tabs during an active erasure process.
Pressing the button opens the Settings-window. The Settings-window has several tabs. The General tab
contains information related to the User Interface and screensaver:
1Blancco Drive Eraser Configuration Tool. Blancco software used to configure the Drive Eraser ISO image to best fit the user’s needs.
Please read the DECT manual for more information.
The Operation tab contains information related to erasure and power saving:
The Networking tab contains information related to wired network, DNS and VLAN settings:
DNS Settings:
Item Example Description
Primary IP 8.8.8.8 Primary IP-address for the DNS-server.
Secondary IP 4.4.4.4 Secondary IP-address for the DNS-server.
VLAN Settings:
Item Example Description
ID of the Virtual LAN (VAN). Acceptable value range is 1-
VLAN ID 1234
4094.
The Network security tab contains information related to proxy, Remote SSH and IEEE 802.1x authen-
tication settings:
l Select media from the "Drive" dropdown menu, and select the appropriate media device (USB-stick)
to save the issue report.
l Filename field, which defines the file name of the report. The default name of the report follows the
format: Date(yyyymmdd)_time(hh24miss)_report
l A report named “20210527_092742_report” was created 27th of May, 2021 at 9:27:42 AM.
l This name can eventually be changed before saving the issue report to the external media.
l Send button, for sending the issue report to the BMC. This requires:
l A network connection and a server running the BMC.
l Correct Management Console settings filled in the Settings window.
l The chapter Send-button has more general information about report sending.
l Cancel button, to cancel the issue report generation and exit the window.
l The USB stick has been preformatted by the user to FAT32 (most suitable format).
l The USB stick has a single partition.
l The USB stick name is not empty. Use preferably a name containing characters in the range a-zA-
Z0-9.
l The USB stick is in a good condition, if you have any doubt re-format it or replace it.
Issue report can also be fetched by using Blancco Management Console (requires a working connection to
the BMC).
Pressing this button opens the Help-window. This window contains general information about the software.
The Help window consists of two columns:
If the report has not been saved or sent or if there are unsaved changes to the erasure report, then a popup
will be displayed informing the user about the situation. To continue to the shutdown dialog, click “Yes”. To
cancel and return to the main menu, click “No”.
After pressing the button, a confirmation popup window will appear. Confirm that you really wish to shut
down the machine by clicking on “Shut down” or restart the machine by pressing “Restart”. The machine
then powers off or restarts.
4.1.1 Manual
In this mode, everything is done manually. The erasure must be started by the user. The user must then
manually send the report to the BMC or save it to a USB memory stick. Running hardware tests or updating
the report fields must also be done manually.
Step Behavior
1 - Erasure Must be run manually.
2 - Hardware Tests Must be run manually.
3 – Custom fields Must be run manually.
4 - Report Must be run manually.
5 - Shutdown Must be run manually.
4.1.2 Semi-automatic
In this mode the erasure is automatically started. This process automatically skips the manual hardware
tests. However, the user can still do the tests manually if required, in which case the process will wait until
this step is completed. Updating the report fields must be done manually. The report is automatically sent to
the BMC after the report fields have been updated. Report saving is optional and must be done manually. A
popup to shut down or restart the machine is always shown in the end.
If one of the automatic steps doesn’t finish successfully, then the process is interrupted and must be fin-
ished manually.
Step Behavior
1 - Erasure Automatically run.
2 - Hardware Tests Can be run manually 1, automatically skipped otherwise.
3 – Custom fields Must be run manually.
4 - Report Automatically run (report sending)2.
This behavior can be modified through the DECT. For more
5 - Shutdown
information, see the chapter “Automatic Restart/Shutdown”.
4.1.4 Workflow
The process is managed by a workflow which is fetched from BMC/Blancco Cloud. See chapter “Workflow
Process” for more information.
4.2 Erasure-step
The Erasure-step is the first defined default step. When clicking on this step, the user can see in the work
area the drives available for erasure. If the software has been configured to display drive partitions, then all
detected drive partitions are displayed and they can be erased separately. The erasure step’s tab also
shows some information about the erasures’ overall process.
If there are multiple drives in different states, then the erasure-tab may look like the next picture:
The default option is List-view and that view is used in the majority of the screen shots in this doc-
umentation.
The listed drives can be narrowed down by using the search bar. To start a search, click on the Search-field,
or use press CTRL+F. For example, using the term SATA would only display drives with that term on their
information:
The search bar can search all the drive information available in GUI (Number of drives, Vendor, Model,
Type, Size, Serial number) and by status. Note that when searching by status, an exclamation mark is
required: for all drives with successful-status, type "!successful".
If the computer has empty drive slots, which are visible to the software, the visibility of those slots can be
toggled on/off by using the "Show empty slots" button or by pressing CTRL+M:
All the drives connected and running in the computer are shown in the view. Please check that the drives
have been correctly identified. The drive information available in the GUI is:
l Number of drives,
l Vendor/Model – vendor or the model of the drive,
l Type – connection type (SATA, SPI, SSD…),
l Size – size of the drive (in GB),
l Serial number – serial number of the drive.
l The controller detected in first position by the OS will get the value 1-*, the controller in second pos-
ition will get the value 2-* and so on.
l Similarly, the drive detected in first position will get the value *-1, the drive detected in second pos-
ition will be *-2 and so on.
l Therefore, "2-13" would correspond to the drive detected in 13th position on the controller detected
in second position.
l This numbering changes between boots and it is not consistent.
4.2.3.1 Erase-button
The erasure process is always started from the “Erase” button, which is located on the bottom right of the
screen, or press the Ctrl + E combination.
After the “Erase”-button is pressed a confirmation window is shown: pressing “Yes” continues to the eras-
ure, pressing “No” exits the window and does not start the erasure. The Blancco EULA can also be
accessed from the confirmation window.
When the locate drive button or CTRL + L is pressed, the selected drives will start on the UI.
If keyboard shortcut CTRl + ALT + L is pressed, then all detected drives start blinking their LEDs’:
The button’s operation follows these rules:
l User can start blinking a drive that is not erasing, or is erasing but paused.
l If the drive is erasing (not paused), the button is disabled.
l Blinking will continue for 30 seconds or until the user stops it or erasure is started on that drive.
l There is no limit on the amount of drives that can be blinking at one time.
The actual LED blinking for a drive will happen in one of two possible ways:
l If there is an enclosure with LEDs available, the actual LED on the enclosure will do the blinking (the
enclosure has to be supported by Blancco Drive Eraser).
In-process options:
l Choose erasure standard and verification level. For info, see the chapters Erasure standard and Veri-
fication.
l Erase remapped sectors – If this option is turned on, the remapped sectors are erased during the pro-
cess. This option is turned off by default.
l Fail erasure if unsuccessful – This option is available only if the option “Erase remapped sec-
tors” is activated:
l If this option is turned on, and the drive has at least one remapped sector, and the eras-
ure of remapped sector fails or it is not supported by the drive, then the whole erasure
will fail immediately and the report will display the error message "Drive doesn't sup-
port remapped sectors erasure".
l If this option is turned off (default), and the drive has at least one remapped sector, and
the erasure of remapped sector fails or it is not supported by the drive, then the erasure
continues but in the end the report will display the exception "Drive doesn't support
remapped sectors erasure".
l Remove hidden areas – If this option is turned on, hidden areas of the drive (e.g. HPA, DCO) are
removed.
l Enforce Blancco SSD method on SSDs – If this option is turned on, all drives detected as SSDs are
systematically erased with the “Blancco SSD Erasure” standard, other drives (e.g. HDDs) are erased
with the (pre)selected erasure standard. Note that NVMe drives are affected by this as they are a
type of SSD.
l Show Drive Partitions – If this option is turned on, the drive’s partitions are displayed and they can be
erased separately.
l Preserve recovery partition - If this option is turned on, any GPT partitioned drive that has a Windows
recovery partition is partially erased (the area of the drive containing the partition is preserved/not
erased while other areas are erased), other drives are erased normally.
Post-processing options
More information about the effects of these options can be found in the Blancco Drive Eraser Security fea-
tures chapter.
If the lock icon is displayed, then the erasure settings have been locked in DECT. This means that none of
the erasure settings can be changed by the user:
The erasure method or standard used to wipe out the drives can be selected from the “Erasure standard”
drop-down list:
Note that this list can be configured via DECT, where you can select a subset of standards (for example,
only standards that comply with your company policy), which will then be displayed in the drop-down list
instead of a full list of standards shown below.
Blancco Drive Eraser supports more than 20 erasure standards. See the detailed list below:
*: standard including a firmware based erasure step
**: See chapter “Sanitize Cryptographic Erasure Standard”
Erasure Standard Overwriting Rounds
Air Force System Security Instruction 5020 4
Aperiodic random overwrite 1
Blancco SSD Erasure 2+*
Bruce Schneier's Algorithm 7
BSI-2011-VS 1-2*
BSI-GS 1-2*
BSI-GSE 2-3*
CESG CPA – Higher Level 3
Sanitize Cryptographic Erasure 0**
DoD 5220.22-M 3
DoD 5220.22-M ECE 7
NIST 800-88 Clear 0-1*
NIST 800-88 Purge 0*
Firmware Based Erasure 0*
Extended Firmware Based Erasure 1*
HMG Infosec Standard 5, Higher Standard 3
HMG Infosec Standard 5, Lower Standard 1
4.2.3.3.2 Verification
The amount of verification done during or after the drives’ erasure can be selected from the “Verification”
slider:
4.2.3.4 Hexviewer-button
The Hexviewer is used to check the content of a storage media in hexadecimal format. Whenever a drive is
overwritten with Blancco Drive Eraser, a pattern (either static or random) is used to overwrite it: the hex-
format of this pattern (e.g. 0x00, 0xAA, 0x924924…) can be viewed with the Hexviewer thus providing a
visual verification of the performed erasure result. In order to access the Hexviewer, select one or several
drives (before or after the erasure) and press the Hexviewer button to check their content.
The Hexviewer can also be used to read the Digital Fingerprint information, please check chapter Digital
Fingerprint for more information.
.
Not started
In this state, the erasure has not been started or the selected drive is
not active.
Ongoing In this state, the erasure process is being performed. The progress is
shown by the progress bar. Current erasure percentage, remaining
time to complete the erasure, write speed and erasure standard are dis-
played above the progress bar.
In this state the, the progress bar has a looped animation and the drive
Ongoing Firmware is executing a firmware based command e.g. ATA secure erase, SCSI
Command format unit, Sanitize feature set command, TCG command, etc. If avail-
able, the percentage of completion of the firmware command is shown
above the progress bar.
When a firmware command is being executed, the drive cannot be
paused or canceled and the locate drive button is turned off.
Paused
In this state, the erasure has been paused by the user. The erasure can
be resumed by pressing the resume-button or canceled by pressing the
cancel-button.
Canceled
If the erasure has been canceled by the user.
Failed
If the erasure has failed (due to e.g. read/write errors during the eras-
ure).
Pause button
This button pauses an ongoing erasure. Select one or several drives
being erased and press the Pause button to pause the drive erasures.
Resume button
This button resumes a paused erasure. Select one or several drives
being paused and press the Resume button to resume the drive eras-
ures.
Cancel button
This button cancels an ongoing erasure. Select one or several drives
being erased or paused and press the Cancel button to cancel the drive
erasures.
Standby-mode If this icon is displayed. It means that the drive has been inactive for 5
minutes and has been spun down. This feature can be managed in the
Settings-window or in the DECT.
This icon will appear if remapped sectors are detected on the drive.
Remapped sectors The number displayed after the Remapped string is the number of
count remapped sectors detected on the drive.
The number of detected remapped sectors can change during the eras-
ure, as it is first detected before the erasure takes place but it can be
This icon will appear if read or write errors are detected on the drive.
Error count The number displayed after the Errors string is the number of read and
write errors occurring during the erasure.
The number of errors can change during the erasure, as it is detected
in real time.
These icons will appear if hidden areas are detected on the drive. The
Hidden areas possible hidden areas are DCO, HPA or both.
The detected hidden areas info can change after the erasure, as they
are first detected before the erasure takes place but they may be
removed during the erasure (and not be displayed after it).
Password protected
This icon is displayed when the drive is password protected. Blancco
drive
Drive Eraser cannot erase password protected drives, unless the pass-
word is entered by the user before the software boots.
This icon is displayed in case the drive does not support at least one of
the erasure options:
Erasure option is not
supported l E.g. selecting an erasure standard that enforces a firmware
based erasure while the drive doesn’t support it.
l E.g. selecting the "Erase remapped sectors" option while the
drive doesn’t implement commands to do it.
Drive Temperature
Displays the current temperature of the drive. Only available on NVMe
and SATA devices.
TCG Cryptographic
This icon is displayed, if the drive supports TCG Cryptographic Eras-
Erasure Supported
ure, which is used in “TCG Cryptographic Erasure” and “NIST 800-88
Purge” erasure standards.
This icon is displayed if the drive supports the TCG Opalite feature set.
TCG Opalite This feature set can cryptographycally erase the drive. The feature set
is detected and reported but presently the cryptographic erasure is not
supported yet, it will be supported within “TCG Cryptographic Erasure”
and “NIST 800-88 Purge” erasure standards in the coming releases.
This icon is displayed if the drive supports the TCG Pyrite feature set.
TCG Pyrite This feature set can cryptographycally erase the drive. The feature set
is detected and reported but presently the cryptographic erasure is not
supported yet, it will be supported within “TCG Cryptographic Erasure”
and “NIST 800-88 Purge” erasure standards in the coming releases.
This icon is displayed if the drive supports the TCG Ruby feature set.
TCG Ruby This feature set can cryptographycally erase the drive. The feature set
is detected and reported but presently the cryptographic erasure is not
supported yet, it will be supported within “TCG Cryptographic Erasure”
and “NIST 800-88 Purge” erasure standards in the coming releases.
On the right side of the tests names are their current state in the Results column. The state can be:
Not performed – The test has not yet been run.
[No icon is shown]
Successful – The test was run and the tested hardware worked correctly.
Cannot be performed - The test cannot be run with current hardware setup:
Custom fields tab – text has been filled into the fields but it is
not yet validated.
l Normal entry fields - Values can be freely typed in. Note that the maximum string length is 1023 char-
acters.
l Dropdown lists - Values are predefined and only one can be picked.
l Multi-selection dropdown lists – One or multiple predefined values can be selected from a list.
Custom fields are created with the DECT. The user can customize them:
l By giving them any name. Note that maximum length of the name is 238 characters.
l By filling them in with any default value.
l By setting them as normal or mandatory fields (the latter are highlighted with red color and marked
with *-sign: report can’t be sent / saved until those fields have been filled).
l Examples of custom fields’ names: “Asset ID”, “Asset type”, “Asset value”, “Destroy asset” etc…
Note that a custom field can be in a locked state, which means that it cannot be edited by the user. A locked
custom field has a predefined value, which cannot be edited by the user and the field itself is greyed out.
DECT must be used to edit the locked custom field.
Custom fields (normal entry fields) can also be configured to require that the input must follow predefined
rules. The rules are set in the DECT by using regular expressions. If the input does not follow the rules set
for that field, then the update process will fail until the user inputs a value that matches the rule.
For example, the custom field using regular expression (A|F)[0-9]{3} would require that the value is either
“A” or “F” followed by 3 numerical characters (e.g. A245 would be an accepted input). If the entered value is
invalid, i.e. it doesn’t match the specified regex, the frame around the field turns red.
If the regex itself is syntactically incorrect, it is purged from the field and a red warning-icon "!" is shown,
indicating that the user has committed a mistake during configuration:
Note that when an invalid regexp is purged, the field then becomes a normal textfield.
For more information, refer to the DECT user manual.
l All filled-in information will appear in all reports (“Report”-tab, PDF, XML).
l The fields that are left empty will be filtered out from the general reports (“Report”-tab, PDF) but will
be visible in the detailed XML report.
4.5 Report-step
The “Report”-step is the fourth and final defined default step. In this step, the report can be viewed before,
during and after the erasure.
Report tab – report can be viewed but has not yet been
backed up.
Note that the Advanced view can be set as the default view in the DECT.
From the advanced report view, the user will be able to access the Standard view by turning of the "Show
advanced report" from this button (or by pressing using Ctrl + M):
l Licensee/Customer/Operator information (info about the owner of the Blancco license, the owner of
the erased machines and the operator executing the erasure)
l Custom fields (information customized by the user/operator)
l Erasure result information (detailed information about the erasure results per erased drive)
l Hardware information (asset report about the host machine)
l While detected USB devices are listed in the report, the software cannot separate between
internally and externally connected USB-devices.
l USB hubs and HASP sticks are filtered out of the USB device listing.
l Note that the screen resolution is only detected on laptops and only the current resolution is
reported (this resolution might not be the maximum resolution of the display). If the device has
multiple displays, only the first one is reported.
l Self-monitoring attributes are reported for ATA drives (S.M.A.R.T) and for SCSI- and SAS-
drives (log pages).
l Hardware test results (results of the hardware tests)
l Report information (detailed information about the report file itself)
4.5.2.2 Save-button
The save button is used to save the report to an external physical media, such as a USB-stick.
l The USB stick has been preformatted by the user to FAT32 (most suitable format).
l The USB stick has a single partition.
l The USB stick name is not empty. Use preferably a name containing characters in the range a-zA-
Z0-9.
l The USB stick is in a good condition, if you have any doubt re-format it or replace it.
When the “Send” button is pressed (or the shortcut Ctrl + N is used), the report is sent to the BMC/BMP:
If the report sending fails, an error pop up is shown. If the report sending is tried but some of the Man-
agement Console settings are missing, an error pop up is shown. Note that the popup only shows one miss-
ing parameter at a time. The pop up will have information about the missing parameter:
1Centralized data management reporting solution to store and manage data erasure reports. Also used for monitoring and controlling
ongoing data erasures.. Please see the BMC manual for more information.
2Blancco Managemet Portal. A centralized data management reporting solution to store and manage data erasure reports. Please see
the BMP documentation for more information.
4.6 Restart/Shutdown-step
This step is only available if in the DECT, the "Process" has been set to "Automatic" and "Shutdown" or
"Restart" is selected.
When the process is finished, the system will automatically restart or shutdown when the timer runs out, or if
the "Restart now" or the "Shutdown now" button is pressed.
Note that the date and time is taken from MC, HASP or BIOS in that priority order. Also, when a time is
taken from a higher priority source, it is never changed to the time from a lower priority time source, unless
the machine is restarted, and the higher source is no longer available.
Discharging:
In addition to percentage value, the colored bar inside battery indicates the battery level:
When a charger is connected, a socket icon is added top left corner of the battery icon. Charging status for
individual batteries is shown inside the tool tip. Charging status is updated once every 5s and battery level
information once every 60s. Possible values for Status are: Discharging, Charging, Full and Unknown.
4.7.4 Network
The network icon shows whether or not Blancco Drive Eraser can reach the network. The icon can have two
states:
- Everything ok.
Note that if there is a problem with the network, then BMC/BMP cannot be reached either.
4.7.5 BMC
The BMC icon shows the connection to BMC1/BMP2. The icon can have three states:
1Centralized data management reporting solution to store and manage data erasure reports. Also used for monitoring and controlling
ongoing data erasures.. Please see the BMC manual for more information.
2Blancco Managemet Portal. A centralized data management reporting solution to store and manage data erasure reports. Please see
the BMP documentation for more information.
- Everything ok.
4.7.6 Licenses
The License icon shows the number of available licenses. The icon can have two states:
- No licenses available.
- Licenses available.
The tooltip displays the number of available licenses:
If the license container cannot be reached, the following messages will be displayed:
Note that the Enterprise Subscription Edition does not display the number of licenses. Instead it displays the
subscription status (subscription / not available).
Blancco Drive Eraser has several license types:
Blancco Drive Eraser license control is done either from a local HASP dongle, or from the BMC via the net-
work. There must be enough licenses in order to start the erasure or save/send an asset report.
l On an area that contains a horizontal and/or vertical scroll-bar (Report-step, Hexviewer, Help win-
dow, EULA window…):
l The Arrow keys can be used to go up/down/left/right inside that area.
l On a drop-down list (list of erasure standards, list of languages, list of keyboard layouts…):
l The Arrow keys can be used to scroll those lists.
l On a slider’s handle (verification slider):
l The Arrow keys can be used to move the handle.
l On a scrollable container with elements:
l The Arrow keys can be used to move from one element to another.
l Use the arrows keys to move between drives and hardware tests.
l On top of a check-box:
l The Space bar selects/deselects it.
l On top of a button:
l The Space bar pushes it.
l On top of a link:
l The Space bar opens it.
These buttons might differ depending on the version of the software. The logic always follows the same for-
mula: first button on the left of Shutdown-button is F1, next one on the left is F2, etc…
These buttons might differ depending on the configuration of the software. The logic always follows the
same formula: the first step is accessed with Ctrl + 1, the second step is Ctrl + 2, etc...
5.4.1.1 Ctrl + R
Refresh drives. Available when the "Report per Connected Device" and "Hotplug" options are enabled.
5.4.1.2 Ctrl + M
Toggle Show Empty Slots in Erasure-step.
5.4.1.3 Ctrl + F
Search-function (search visible drives).
5.4.1.4 Ctrl + A
This key combination selects/deselects all drives for erasure.
5.4.1.5 Ctrl + L
Locate the selected drive.
5.4.1.7 Ctrl + H
Opens the Hexviewer.
5.4.1.13 Ctrl + G
This key combination opens the erasure “Erasure settings” window.
5.4.1.14 Ctrl + E
This key combination pushes the Erase-button (starts the erasure).
5.4.2.1 Ctrl + T
This key combination activates the execution of marked tests.
5.4.2.2 Ctrl + A
Select/deselect all tests.
5.4.3.1 Ctrl + D
This key combination updates the report.
5.4.4 Report-step
The elements can be accessed with the Tab key. Use the Arrow keys to scroll the report content.
5.4.4.1 Ctrl+S
This key combination saves the report.
5.4.4.2 Ctrl+N
This key combination sends the report.
5.4.4.3 Ctrl + M
This key combination switches between Standard- & Advanced-views/modes.
6.1 Presentation
The following information is displayed:
The screensaver provides a good overview of the ongoing erasures and their final result, whether suc-
cessful (green icon) or failed/canceled (red icon). The screensaver can be turned on or off via the DECT
and from the “Settings” window. The screensaver timeout (in seconds) can also be defined in the “Settings”
window.
Ongoing erasures:
Paused:
If the remote erasure has been successfully completed, the a success symbol is displayed, with the remote
erasure message next to it.
7.1.1 Description
These options are:
1. Normal startup (safe resolution) – Blancco Drive Eraser is loaded using a standard/universal
graphical driver. The screen resolution of the GUI is static (1024*768). If any drive is locked, the
Freeze lock removal is attempted just before the erasure process (the screen turns black for few
seconds then restarts and the erasure begins, see the Freeze lock). This booting option has been
tested on several configurations, however the Freeze lock removal procedure may not work in all
machines (the standard/universal graphical driver often presents display problems when the
machine is awakened).
2. Normal startup (native resolution) – Blancco Drive Eraser is loaded using any available driver
that corresponds to the graphical card of the machine (the standard/universal graphical driver is just
a fallback). The screen resolution is the native resolution of the machine (1024*768 or higher). If any
of drives is locked, the Freeze lock removal is attempted just before the erasure process (the screen
turns black for few seconds then restarts and the erasure begins, see the Freeze lock). This booting
option works better than the first option in many/most cases when Freeze lock removal procedure is
needed.
3. FLR during startup – This is the default option. The Freeze lock removal process is carried out dur-
ing the booting phase, before loading all the system drivers, to increase the chances to wake up the
machine after the freeze lock removal. Then, Blancco Drive Eraser is loaded using any available
driver that corresponds to the graphical card of the machine. The screen resolution is the native res-
olution of the machine (1024*768 or higher). This booting option works better than the first option in
many/most cases when Freeze lock removal procedure is needed.
4. Show startup messages – This is the same option as the second one, except that startup mes-
sages are shown in the screen instead of the animated loading screen. This can be used as a
troubleshooting measure for machines where Blancco Drive Eraser hangs during the booting phase.
5. Customized startup - This option allows to create a customized booting where the user can
enable/disable the freeze lock removal at boot time and enable/disable extra kernel parameters. See
DECT manual for more information.
If problems arise during the booting phase (Blancco Drive Eraser hangs), try booting Blancco Drive Eraser
using the fourth option (Show startup messages), take note of the last messages shown in the screen
before the hanging and contact the Blancco Support.
These options are hidden by default and the time limit to select a booting option other than the default one is
5 seconds.
Note that a report has to always be backed up before the machine shuts down or restarts!
l The report created during the automatic report backup is not yet considered an official report, just a
backup. This is because the backup report is sent right after the erasure is finished and it doesn’t con-
tain the session ID at this point. The session ID is added after the possible Custom fields modi-
fications, when the report is sent/saved.
l The report is sent to BMC once the erasure of a single drive has been finished, failed or canceled.
l If the BMC cannot be reached, then all (whether they have already been sent or not) reports
are automatically saved to a connected USB stick.
l The automatically saved report will be identified by its report UUID (ex: d508BDE2e-
g052-5f63-0e4g-15ddf753e1g0_report.xml).
l Each time USB saving is done, all reports currently saved on the memory are saved to
the USB.
l If the USB-sticks are changed between saves, the new USB stick will then
receive all the old reports in addition to the new reports.
l If there are several USB stick connected simultaneously, then the reports are saved to
all of them.
l If no USB stick has been connected, the report is saved once a USB stick is connected.
l The reports will disappear if the machine is shut down or restarted.
l If there are already auto-saved reports on the USB and the BMC-connection starts working,
all the saved reports will be sent to BMC, whether or not they have already been saved to the
USB stick.
l If the “Report per Connected Device” mode is enabled, several reports might be automatically
sent/saved (one per connected drive). Otherwise expect one report containing all the erasure
information (one per session).
l If the BMC is changed, only the reports which have not yet been sent to BMC will be sent to the new
BMC. Reports are sent only once (if their content is not updated).
l If there are mandatory custom fields, their validation will be skipped and reports are sent without
those fields filled.
l The automatically sent reports are always sent/saved in XML-format, even if the default saving set-
tings have been set to PDF+XML.
l If an erasure is run multiple times, the report will be updated after each erasure and then sent or
saved, replacing the previous version of the report. Only one report with the specific entities is pro-
duced and maintained.
l Reports are also updated after custom field(s) are updated.
l Information about the sending/saving is shown on the UI with messages on the tabs. Note that
l A drive may contain damaged areas (also known as "bad sectors") that are not remapped and can-
not be accessed anymore with read or write commands.
l A drive (especially an HDD) which temperature has risen above a certain value can start producing
read and write errors randomly.
l A drive behind a RAID controller that does not accept read or write commands.
Those problematic sectors/areas/drives have one thing in common: although they can still contain data,
attempting to reach them generates write or read errors. Data erasure tools must be able to detect such
problems and report them.
Blancco Drive Eraser keeps track of the erasure process and informs if the data overwrite or verification can-
not be performed due to some error on the drive level. In case there is a problematic area on the drive, the
software will first try to write (read) data to (from) the defective area. If the area generates write (read)
errors, Blancco will try to write (read) a smaller block (half of the original block size) to (from) the area in
order to overwrite (verify) the maximum amount of data. The same procedure will continue until the software
tries to write (read) the smallest possible block to the drive and if unable to do so after three tries, the sector
will be considered unreachable and the software will count one error. In all cases, all the areas that can be
reached will be erased and only the areas that cannot be written/read will be reported. The sum of the errors
will be visible in the user interface (under the drive) and in the erasure report.
If there is at least a write/read error detected during the erasure process (during overwriting rounds or veri-
fication), the erasure result will be “Not erased”.
A threshold on the write error count can be configured in the DECT. The default threshold is 5 errors. If the
amount of write errors equals or exceeds the defined threshold, the erasure is immediately stopped and
marked as failed. This helps identifying problematic drives quickly and can save a lot of time, additionally
the report will show an error message informing about this.
A similar threshold exists on the read error count.
l An extra step running a specific firmware based erasure is added to the selected erasure standard
only in case:
l the drive has at least one remapped sector
l the erasure standard does not include any firmware based erasure step
l This additional step is capable of erasing the remapped sectors but is merely optional: if this extra
step fails, it will not fail the whole erasure process, which will continue nevertheless.
Note that erasing remapped sectors can be a time consuming process depending on the drive size and
speed.
A threshold on remapped sector count can be configured in the DECT. If before/after the erasure the
amount of remapped sectors equals or exceeds the defined threshold, the erasure is stopped and marked
as failed, additionally the report will show an error message informing about this.
Note that if the setting “Fail Erasure if Unsuccessful” is selected from the erasure options the whole erasure
will fail if a drive does not support the commands necessary for the remapped sector erasure or those com-
mands fail for some reason. Conversely, if this setting is turned off, erasure will start even on drives that do
not support the erasure of remapped sectors, nevertheless there will be an exception in the report informing
about this lack of support.
For more information about the erasure status, see Erasure status and exceptions .
Note. Assuming that the drive possesses the proper internal command, the erasure standards (Extended)
Firmware based erasure, BSI-GS/E, NIST 800-88 Purge – ATA and Blancco SSD Erasure include de facto
a remapped sector erasure.
Warning! Erasing the remapped sectors can also result in erasing any hidden area existing in the drive. Be
careful that you enable this option on drives where you also want to erase/remove any existing hidden area.
Warning! Avoid turning off the computer, exiting the program, disconnecting the drive(s), paus-
ing/cancelling the erasure during the Remapped Sector erasure process or the drive(s) may be damaged.
Blancco Drive Eraser can be configured to detect and automatically remove these areas by activating
internal drive commands. This functionality can be predefined via DECT or enabled via the setting “Remove
hidden areas”. The hidden areas removal can be selected along with any erasure standard that Blancco
Drive Eraser supports.
If an erasure is started with this option enabled, the following actions will happen:
l An extra step running a specific drive command to remove the hidden areas is added to the selected
erasure standard only in case:
l the drive has at least one hidden area
l the erasure standard does not include any hidden area removal step
l This additional step is merely optional: if this extra step fails, it will not fail the whole erasure process,
which will continue nevertheless.
Note that hidden areas defined with the Max Address Configuration feature set (available with the ACS-3
standard) can also be detected and removed (will be identified as HPA).
For more information about the erasure status, see Erasure status and exceptions .
Warning! Drives that contain HPA and/or DCO areas that have not been removed should not be erased
with NIST 800-88 Clear, NIST 800-88 Purge - ATA, BSI-GS/E, (Extended) Firmware based erasure,
Blancco SSD Erasure or any other standard with the “Erase remapped sectors” feature activated. Using
these options could end up erasing such areas.
Warning! Hidden are removal is not reliable if the storage is connected to the machine via an adapter (e.g.
external USB enclosure). Blancco recommends hidden are removal only for storage, which is directly con-
nected to the machine, with no adapter of any kind in the middle.
1. Disabled
2. Enabled and active
3. Enabled and inactive
If disabled, the area doesn't exist at the moment so no data can be kept in the Shadow MBR (no risk).
If enabled and active, the area exists, contains data and the area is presently mapped to the drive logical
space (the drive only sees the "Shadow MBR" area and does not see the user addressable area). The drive
requires a password to give access to the user data, providing it turns the "Shadow MBR" to inactive for the
rest of the session.
If enabled and inactive, the area exists, contains data but the area is presently not mapped to the drive
logical space (the drive only sees the user addressable area and does not see the "Shadow MBR" area). In
this scenario, the user addressable data can be erased, but this won't affect the "Shadow MBR" area. If the
machine is shut down and rebooted later, the "Shadow MBR" area becomes active again and the drive will
request the user to enter the password: at this point, the user may see information from the company that
enabled the "Shadow MBR" area (name, logo, etc.).
BDE 7.1.0 can detect this area:
l A new "Shadow MBR" icon is shown on the drive if this area is enabled, hovering on it provides addi-
tional information.
l The report contains three new fields: tcg_shadow_mbr_supported, tcg_shadow_mbr_enabled and
tcg_shadow_mbr_active
l These fields can be used within a Workflow to detect the presence of a "Shadow MBR" and
act accordingly.
l For each SSD, the default erasure standard is switched to the Blancco SSD Erasure standard.
l All other drives, which are not SSDs, are unaffected (erased with the default erasure standard).
l Detecting and displaying the drive partitions can be enabled via the setting “Show drive partitions”. It
works with all partitioning standards (MBR, GPT). When enabled, the drive is not displayed as a
single item, but as a multi-selection dropdown list containing all detected partitions (in Erasure step).
The partitions are shown (file system, label, size), can be selected, erased and reported individually
(if no partition is detected, the drive is displayed as normally as a single drive):
l Preserving the Windows recovery partition can be enabled via the setting “Preserve recovery par-
tition”. It works on GPT partitioned drives only (Windows 7/8 or above). When enabled, the software
will erase all partitions while leaving the recovery partition untouched and un-erased.
l The recovery partition can be reused later to reimage the machine.
l If a Windows recovery partition is detected on a drive, a “RECOVERY” icon is displayed under
the drive (in Erasure step), otherwise the drive is displayed as a normal drive.
Depending on the selected settings and the detected drive partitions there are three (3) main cases that can
happen, these cases can allow/prevent some erasure options as described in the table below:
l Case 1: “Show drive partitions” is enabled, partitions are detected, the user selects individual par-
titions for erasure.
l Case 2: “Show drive partitions” is enabled, partitions are detected, the user selects all the partitions
for erasure. Case 2 overrides Case 1.
(1): Available with plain overwriting standards like “HMG Lower Standard”, “DoD 5220.22-M”, etc. (check
the Appendix for details).
(2): Available in erasure standards such as “NIST 800-88 Purge” or “Blancco SSD Erasure” (check the
Appendix for details).
(3): Available on any erasure standard with the setting “Erase remapped sectors”.
(4): Available on any erasure standard with the setting “Remove hidden areas”.
(5): Available with the setting “Enforce Blancco SSD method on SSDs”.
(6): Setting available from DECT.
(a): Only the selected partitions are affected: the partition content, label and file system are erased but the
partition location on the drive (partition table) is left untouched. The erased partitions are also reported indi-
vidually, but an exception message will inform that there is data left on the drive.
(b): A red icon "NOT ALLOWED" is shown under the drive, attempting an erasure will display an error
popup and the erasure will not proceed. Only overwriting is possible in this case, check the option (1).
(c): This case does not differ from a normal erasure, the drive is erased as a whole including all partition
information (table, content, label, file system), the report will not mention any partition either.
(d): If “Show drive partitions” is enabled: this is the same as (a) with the difference that the Windows recov-
ery partition will be greyed out and won’t be erasable. If “Show drive partitions” is turned off: no partition will
be displayed, all partitions (but the Windows recovery) will be erased in the background, but an exception
message will inform that there is data left on the drive.
(e): This setting is simply ignored, the user will not get any notification.
l At boot phase, ensure that the selected booting option is any but “FLR during startup”.
l Once Drive Eraser has booted and before starting the erasure:
l Select an erasure standard with no firmware commands (normal overwriting only).
l Disable the erasure of remapped sectors.
l Disable the removal of hidden areas.
l Disable the enforcing of the Blancco SSD erasure on SSDs.
1. To begin the hot swap process, remove a drive or connect a new drive to the machine.
2. Press the Refresh drive list button (or Ctrl + R) in Blancco Drive Eraser’s Erasure-tab. Software will
indicate when process is complete.
Notes.
l Hot swap can be activated from the DECT only if the “Report per Connected Device” mode is
enabled.
l Pressing the Refresh drive list button disables all actions in the Erasure-tab and pauses all ongoing
erasures. The erasures are resumed and the Erasure-tab becomes active again, after the drive re-
detection has been completed. The following message is displayed:
l If one or more drives are executing firmware commands when the Refresh drive list button is
pressed, the refresh starts after those firmware commands have been finished. A pop up is
displayed, informing the user that the drives will be refreshed after the firmware commands
have been finished with the message: "A firmware command is being executed on one of the
drives. The list of drives will be refreshed after it finishes.".
l Drive Eraser provides hot swap support for SAS/SCSI/SATA/FC/USB/NVMe drives only, in case
they are visible as nodes in the system (it does not work if the drives are behind a RAID controller
l If the detection process fails three times in a row with the same drive, the hot plug service
goes into an error state and displays a notification to reboot the machine. The drive in ques-
tion is probably faulty and is compromising the stability of the software. The error state and the
notification may disappear if the faulty drive is removed and the drive list is refreshed. Other-
wise, subsequent detections will fail and a restart will be necessary. The error message looks
l Some drives (particularly some older EMC 1GB drives) produce inconsistent results with hot swap-
ping; these drives will need to be inserted prior to a full system boot or reboot.
l If the system still doesn’t recognise some drives, shutdown the system, connect the drives and boot
it with the drives already connected.
l Mandatory steps: these steps are considered as essential, according to the erasure standard
applied. They consist of overwriting steps, verification steps, firmware based erasure steps and hid-
den area removal steps.
l Optional steps: these steps are not necessary to achieve a successful erasure result as they are not
a vital part of the erasure standard. For example, some erasure standards do not explicitly require
remapped sectors erasure or the removal/erasure of hidden areas but they may be attempted any-
way, depending on the user’s configuration of the software.
If all mandatory steps succeed, the whole erasure process is considered a success (final status = "Erased").
Conversely, if any mandatory step fails, the whole erasure process fails (final status = "Not erased"). If any
optional step fails, the erasure process generates an exception (information message) acknowledging the
failure of this step but indicating that it was considered optional. The final status always depends on the suc-
cess or otherwise of the mandatory steps.
In some occasions, the status "Erased" will be accompanied by an information message such as e.g.
"Remapped sectors area erasure failed" or "DCO area removal failed". This is simply the result of the logic
described above. The description of the erasure standards’ steps is located in chapter Execution steps of
the erasure standards .
7.17 CD-eject
The CD-eject functionality can be enabled or disabled through the DECT. The CD-ejection can be con-
figured to occur at four different phases of the erasure process:
When the CD-eject is enabled, any optical media drive detected on the machine will be opened (tray ejects).
This way the user can check if a Blancco Drive Eraser boot CD or any other optical media has been left in
the machine. This also prevents the risk of forgetting to remove media from a machine before shipping it
away, since this presents a security risk as these media may contain personal/professional information.
Note. It is very important, that at least one option for ejecting the CD tray is selected, to prevent potential
data breaches.
The Digital Fingerprint is disabled by default. Enabling it, as well as setting its sector location, is done via the
DECT.
Note, that in order to create a Bootable Asset Report, the software writes data on the first 200 sectors of the
drive. This data can be viewed by using the Hexviewer or other similar tools. The sectors containing the
Bootable Asset Report will show a different pattern compared to the rest of the drive. This should not be con-
fused with data that Blancco Drive Eraser has failed to erase. If enabled, the Bootable Asset Report is
always written after a successful erasure and after a report is successfully saved or sent.
This verification is available in BDE, but the percentage of the verified area is configurable by the user (1-
100%, default value 1%).
Because replacing the data encryption key is a very fast operation, the “Cryptographic Erasure” standard is
very quick compared to a traditional overwriting (few minutes at worst, even on large drives). But given the
concerns described above, Blancco recommends using this standard in cases, such as in the following
cases:
8.2 SSDs
Although Blancco Drive Eraser can identify and erase all kind of Hard Disk Drives (where data is stored mag-
netically on rotating disks), there are some caveats involved regarding the erasure of Solid State Drives
(SSD). SSDs differ from HDDs in that data is stored electronically on transistor arrays. Please refer to the
chapter Guidelines for Using SSD Erasure Method for more information.
If the documentation does not help you, please engage with your local Blancco representative regarding the
erasure of these drives.
8.2.1 eMMCs
embedded Multi Media Card (eMMC) is a storage device that contains some NAND flash memory and an
embedded controller in an industry-standard BGA package. Operations such as wear leveling, bad block
management, and device mapping are all managed internally. In addition, error handling is also imple-
mented internally, which reduces the load on processor and as a result, improves the system performance.
eMMC has been developed for universal low-cost data storage and communication media and is currently
prevalent in most smartphones and tablets, although they may also appear in x86-based hybrid tablet
devices. When an eMMC drive is detected by Blancco Drive Eraser, the UI will display the drive as an
“eMMC” device.
There exist a few recommendations on how to erase eMMC drives. The Jedec standards on eMMC drives1
, describe the command Sanitize “used to remove data from the device according to Secure Removal Type
(see 7.4.120)… [and] requires the device to physically remove data from the unmapped user address
space” i.e. this command removes the data from both the user addressable area and area that the user can-
not access. Another command is the Secure Erase “included for backwards compatibility... requires the
device to execute the erase operation... requires the device and host to wait until the operation is com-
plete... [and] requires the device to do a secure purge operation, according to Secure Removal Type... out-
1<a href="https://www.jedec.org/standards-documents/technology-focus-areas/flash-memory-ssds-ufs-emmc/e-mmc">ht-
tps://www.jedec.org/standards-documents/technology-focus-areas/flash-memory-ssds-ufs-emmc/e-mmc</a>
l Regarding the clear-level operation, Blancco Drive Eraser handles an eMMC the same way it
handles any flash-based data storage device (such as SSD or NVMe). The device is detected, over-
written (from the first detected sector to the last detected sector) and verified. This procedure
addresses the whole user addressable area and protects the device against any keyboard attack.
l Regarding the purge-level operation, NIST mentions using commands such as “Secure Erase or
Secure Trim command, or some other equivalent method… [or] Cryptographic Erase [if supported]”.
Nevertheless, these recommendations apply to eMMCs embedded in devices running the Google
Android OS or the Windows Phone OS or the iOS (for the latter, only Cryptographic Erase is men-
tioned). NIST also mentions that purging “all other mobile devices including cell phones, smart
phones, PDAs, tablets… [depends on the device capabilities] and should be applied with caution…
the device manufacturer should be referred to in order to identify whether the device has a Purge cap-
ability… to ensure that data recovery is infeasible”.
Based on these recommendations, in order to clear eMMC devices you can use any Blancco Drive Eraser
overwriting standard. Blancco Drive Eraser also implements firmware-based erasure commands (Sanitize
and Secure Erase) as part of the "NIST 800-88 Purge" and "Blancco SSD Erasure" standards, which can
erase the eMMC beyond the clear-level. However, as explained above, even after a successful erasure
using the "NIST 800-88 Purge" or "Blancco SSD Erasure" standards, there are no guarantees that the
purge-level will be achieved in all situations: it is not possible to be certain that no data will be recoverable if
the eMMC undergoes an attack using state of the art laboratory techniques. Also, some eMMCs may dis-
play an extra recovery partition even after they have been purged. In some cases, these partitions may still
contain data.
1<a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-88r1.p-
df">http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-88r1.pdf</a>
l 1 (1-1) NVMeA
l 2 (2-1) NVMeB
Now one NVMe (C) is connected to the first physical slot. The UI will show:
l 1 (1-1) NVMeC
l 2 (2-1) NVMeA
l 3 (3-1) NVMeB
After this, one NVMe (D) is connected to the last empty physical slot (the third). The UI will show:
l 1 (1-1) NVMeC
l 2 (2-1) NVMeA
l 3 (3-1) NVMeD
l 4 (4-1) NVMeB
Finally, they are removed and a new NVMe (E) is connected to the second physical slot. The UI will show:
l 1 (empty)
l 2 (2-1) NVMeE
l 3 (empty)
l 4 (empty)
l And extra note: Nothing currently prevents the customer from connecting a second cable to that
SAS/SATA controller and taking those "ghost" slots into use in the software side as well. This would
make the maximum simultaneous erasures running: 4xNVME + 8xSAS/SATA
Other notes:
8.7 Chromebooks
Chromebooks are laptops or tablets running the Linux-based Chrome OS (designed by Google) as its oper-
ating system. The devices are primarily used to perform a variety of tasks using the Google Chrome
browser, with most applications and data residing in the cloud rather than on the machine itself.
Chromebooks can be processed in two different ways:
l The traditional way requires booting a generic BDE image into the Chromebook. After BDE has
booted, the Chromebook can be processed as any other machine (erasure of the internal drive, hard-
ware diagnostics, report, etc.). Bear in mind that only Intel-based Chromebooks can be processed
this way (ARM-based Chromebooks are not supported). Another thing to take into account: most
Chromebooks have a locked bootloader that will prevent them from booting any external operating
system. More information and tips to boot BDE on Intel-based Chromebooks are available in
https://support.blancco.com/
l While it's technically possible to boot BDE on a x86 based Chromebook, we recommend
using the modern process described below.
l The modern way does not require booting BDE into the Chromebook. The Chromebook needs to be
connected to the same network where BDE is running, then BDE can process the Chromebook via
factory resetting it and reporting the erasure result. This process is secure, fast, supports all Chrome-
books (Intel and ARM alike) and does not require reimaging the device after the erasure. More
information on this in the chapter "Processing Chromebooks with Drive Eraser".
l The test cannot be started if the battery charge is below 50%. The minimum charge for
ChromeBooks is 20%.
l The test will be automatically terminated if the battery charge level drops as defined by the pass
threshold or if it goes below 10% (minimum security charge, internal limit).
These two features are there to prevent a machine’s uncontrolled shutdown, which would mean losing both
the license(s) and the report.
l Case 1: If at the time when the test is run, the battery charge is 40%, it won't start (the minimum bat-
tery charge before the test is 50%).
l Case 2: If at the time when the test is run, the battery charge is 60%, it will start. If the pass threshold
is set by the user to 40%, the test will succeed if the charge at the end of the test is higher than 60-
40=20%.
l Case 3: If at the time when the test is run, the battery charge is 75%, it will start. If the pass threshold
is set by the user to 70%, the test should succeed if the charge at the end of the test is higher than
75-70=5%. Nevertheless, the minimum-security charge will fail the test if the charge reaches 10% or
less during the test (i.e. the charge should be at all times above 10%).
Note that the battery discharge test puts the CPU under heavy load which drains the battery. Running it on a
poor battery can fail the erasure, which might corrupt the drive. Consider applying an external heat dis-
sipation in case of CPU overheating.
Note that laptops with more than one battery are identified as having one battery. Depending on the mother-
boards battery manager, these batteries can be consumed serially or parallel. Hot-swapping batteries is not
supported by the software's battery testing.
9.1.3 CPU
The CPU test checks the functionality of the processor by checking its calculation capabilities. The result of
the CPU test is either Successful or Failed.
9.1.5 Motherboard
The motherboard test will check the following (if available):
If any of the tests are successful, then the result will be Successful. Otherwise the result will be Failed.
9.2.1 Display
The Display Test has been designed to test the color reproduction and the condition of the display attached
to the machine. The choice of the colors allows the user to easily identify any defective pixels (as displays
are based on the RGB color model).
The test itself consists of red, green, blue, black and white screens with the color currently being displayed
written in slowly flashing letters. After the colors, a grid of straight horizontal- and vertical-lines is shown.
Lastly the screen is continuously filled with different colored dots.
Press Space to continue to the next screen. Press Backspace to go to the previous screen. To exit the test
before the test’s end, press the Escape key.
All the test screens are shown below:
l Red-Green-Blue colors:
Pressing the "Skip" button will skip this test and leave the test's current status unchanged.
9.2.3 Keyboard
The keyboard test is used to test the functionality of the keyboard.
The keyboard layout is shown on the screen. There are several layouts currently available:
Note that the other default layouts are displayed only when the keyboard layout has been set to that specific
layout (for example, "Japanese (Japan) - jp").
When pressing a key, the color of the corresponding key in the screen changes from red (default, key is not
pressed yet) to yellow (key is pressed) to green (key is released):
l The Lock keys Scroll Lock, Caps Lock and Num Lock are enabled/disabled when pressed during
the test. Pressing these keys also tests the keyboard LEDs assigned to these buttons. Please make
sure that they are in a convenient position once the test has finished.
l The Function key Fn is also enabled/disabled when pressed during the test. This key does not usu-
ally trigger the keyboard’s background flashing but its use may be needed to activate e.g. the Num
Lock button or to emulate a full-sized keyboard with numpad. Please make sure that it is in a con-
venient position once the test has finished.
To exit and end the test, the Escape-key must be pressed twice.
Examples of the test at the start and after some keys have been pressed:
Pressing the "Skip" button will skip this test and leave the test's current status unchanged.
9.2.4 PC speaker
The system produces beep sounds from the PC-speaker after "Play sound" button or Space is pressed.
After this the user is asked to confirm whether the sounds were heard or not. To exit the test before the
test’s end the Escape key must be pressed.
Example of the test being run and the beeps being played:
l If the inserted disc is –RW, then the software can perform the writing and reading tests as well as
blanking the –RW disc at the end of the test.
l If the inserted disc is –R only, it has to be burnt previously to contain the Blancco pattern. Only the
reading test can be selected, the other tests are not possible and will generate error popups.
l If the optical drive doesn’t have write-capability, then only the reading test can be performed with a
disc containing the Blancco pattern.
The CD or DVD images for Blancco pattern can be downloaded from the following locations:
http://download.blancco.com/Test_media/Test_CD_for_HW_Test.zip
If the tests attempted on an optical drive are complete and OK, the test status will be Successful. If the
attempted tests are complete but errors have been found, the test status will be Failed.
Skipping completely the optical drive test or in case the test cannot be run (e.g. the optical drive tray is open,
the inserted disk is –R when attempting the writing test) will leave the test result as Not performed.
9.2.6 Webcam
The webcam tests the detected webcam.
When the test starts, the webcam is used to take a snapshot and display it on the screen. Taking a few snap-
shots (via pressing the Space bar) is sufficient to verify that the camera is functional. The test can be exited
by pressing the Escape-key.
The test has ended; the user can add extra info on the text field and pass the test (Successful status) or fail
it (Failed status) by pressing "Pass" or "Fail" from the dialog window:
Pressing the "Skip" button will skip this test and leave the test's current status unchanged.
Note: Continuous use of the same USB stick for USB port testing with write test enabled, may wear-out the
stick and result in failed tests. This is especially true for old models of USB flash devices, which lack wear
leveling technology.
First test will check if there is Wi-Fi software lock enabled and unlocks it. If Wi-Fi is locked with a hardware
lock, then test fails with error message. This is normally a physical slider on laptops, which cannot be
bypassed with software and requires user action. This also applies to external USB connected devices.
Note that some manufacturers require some extra firmware or special handling for them to work on network
level. In this case test will fail, even though there is nothing faulty in hardware. Drive Eraser cannot detect
this situation from software point of view and this is why some hardware fails.
The test result is passed if there is any detected Wi-Fi network. HW tests page shows number of detected
Wi-Fi networks by each adapter. List of detected SSID's is shown in the tooltip of network symbol. For secur-
ity purposes, this information is not available elsewhere, not even in issue reports or system logs.
Report shows test results for each Wi-Fi adapter. In case of failure, it shows reason in the comment field.
9.2.9 BIOS logo
BIOS logo test is used to check if the BIOS logo of the computer matches the manufacturer's logo, or if it
has been customized. The BIOS logo is only shown for UEFI machines. Apple devices, such as MacBooks,
will not show any images for the "BIOS logo".
Once run, the BIOS logo test will display the current BIOS logo for the machine, if one is available.
l There are loose drives to be erased e.g. drives that have been removed from their original computers
or drives removed from machines such as printers. Often such drives originate from different envir-
onments or different owners and they require individual reports. Such drives can be connected to an
erasure station where the erasure process takes place.
l There are Chromebooks to process. Chromebooks can be connected to BDE via network cables and
a switch to be processed quickly and securely. The process includes erasure, hardware diagnostics,
custom fields and report per device. There is a chapter dedicated to Chromebook processing: Pro-
cessing Chromebooks with Drive Eraser.
The "loose drive erasure process" is somewhat different to the generic "laptop erasure step-based pro-
cess", as the focus is not anymore the host machine but the connected device being processed.
The RPD mode can be enabled if:
Once activated, the reports for all selected drives are opened and they can be Saved (Ctrl+S) or Sent (Ctrl+
N).
Once activated, the Per Drive custom fields for all selected drives are opened and they can be Updated (Ctrl
+D). The amount of drives being updated and their IDs is shown in the dialog.
The Chromebook processing will happen mainly in the Blancco Drive Eraser user interface, but the operator
will have to prepare the Chromebook and connect it to Blancco Drive Eraser. Processing one machine
takes approximately 10 minutes. The Chromebook has to be connected to the network via an Ethernet
cable, Blancco Drive Eraser can be connected to the same network either via an Ethernet cable or via a
wireless connection.
1. Press Esc + Refresh + Power to enter the Recovery mode (Refresh is usually F3 in a standard
laptop), this will take you to a screen where you can enable the Developer mode.
2. Press Ctrl + D on your keyboard when asked to insert recovery media.
3. Press Enter when prompted.
4. When the device reboots, a message is displayed on the screen stating the OS verification is off.
5. Press Ctrl + D to continue booting, or wait and the device will boot on its own.
Note that some Chromebooks may require a different key combination, for example: Esc + Maximize +
Power.
root
This feature can be configured to run on a certain TCP port, which is by default 80. If the set port is 80, type
in the terminal:
Example:
If BDE has the IP address 192.168.1.10, type:
Example:
If BDE has the IP address 192.168.1.10 and the port 1234, type:
The icon's color describes it current state and mouse hovering over the icon will display a string with inform-
ation on the test state. The icon colors can be:
Color Hint Explanation
Hardware tests have not been started, run-
Gray Hardware tests not executed
ning or finished.
Hardware tests are currently running.
Yellow Hardware tests running Note that the icon is blinking when it is on
this state.
One or more of the hardware tests has
Red One or more hardware tests failed
failed.
Green Hardware tests successful All hardware tests were successful.
11.7 Troubleshooting
11.7.1 Required files not found
If the following messages are displayed:
Some of the required files were not found
Please reboot and wait longer for the ChromeOS welcome screen to appear before
switching to the terminal
If the problem persists, please create an issue report from Blancco Drive
Eraser and contact Blancco Support
12.1 Requirements
l Network connection and an BMC-installation (or a Blancco Cloud account and an internet con-
nection) for managing and storing workflows.
l The image must be configured with DECT with the following settings:
l Security / Erasure Process – Workflow
l Default workflow – Workflow set as default by the user will be used. Active by default.
l Workflow name - If “Default workflow” is disabled, then the workflow’s name
must be typed here.
l If BMC settings are not set in the “Communication” tab, then those settings must be manually
entered when the client software has booted.
l When BMC-connection is successful, workflow fetching is retried in 30 second inter-
vals.
l See DECT documentation for more information about the DECT-settings.
l
- Click to reduce/increase the size of the properties area.
Also, the top right contains the Workflow Editor version selector. It displays all Workflow Editor versions.
The workflow version selection requires an access to internet. If there is no access, only the bundled work-
flow editor will be available.
To change to a different Workflow Editor version, select it from the list:
Note that the version selected should match the client image version used to run the workflow. The work-
flow editor version, which was used to edit the workflow, is stored to the workflow file itself. Next time the
workflow is edited MC attempts to use that editor version. If not it will fall back to the most suitable editor.
Actions are added to the workflow by dragging and dropping them to the work area by using mouse. These
actions can be removed from the work area, by selecting them and pressing “Delete/Del”. To connect
actions, click on the output of the action and connect it to another action’s input.
Some of the actions have two outputs: positive (upper right corner and green) and negative (lower right
corner and red). On the action “Erasure”, the positive output (green) would be selected if erasure were suc-
cessful. The negative output (red) would be chosen if the erasure failed.
Create Custom l Title – Title of the custom field. This is used to identify the custom field in the report. Custom
Field field title cannot be empty. If it is, then the workflow will fail and "The custom field has an
empty title" error will be shown to the operator.
l Custom field type – The type of the custom field. The following types are available in the
dropdown menu:
l Text field
l Dropdown list
l Multidropdown list.
Field Type.
l Options – A comma separated list of choice options for the dropdown list. Only available if
“Dropdown list” or “Multidropdown list” is selected as the Custom Field Type.
l Regular expression – Regular expression used in the field. Only available if “Text field” is
selected as Custom Field Type.
l Regular expression hint – Hint for the user in the regular expression above.
l Do not Accept empty answer – If selected, empty answers are not accepted.
l Do not ask and use the default value – If selected, the value from “default value” will be
assigned to the custom field and the workflow will continue without asking operator for the
new value.
For more information about the custom fields, see the chapter “Custom fields” and the Drive Eraser
Configuration Tool manual.
Fetches a workflow with the name given in the “Subworkflow name” field and runs it. Once that sub-
workflow has been finalized, the current workflow will continue.
Note that:
l If subworkflow doesn't exist or cannot be fetched the parent workflow validation fails.
Subworkflow
l Starting the same workflow as a subworkflow is not permitted.
l lessThan(<REPORTPATH blancco_data.blancco_hardware_report.bat-
teries.battery.capacity>, 80)
l For information, see the chapter “Examples of Using “REPORTPATH” Attribute”.
l <DEVICECUSTOMFIELD Field Title> - Get value of custom field with the given title. For
custom fields of “Mutlidropdown list” type the value is represented as a comma separated
list of selected options.
l <ENTITYINFO Name> - Get value of ENTITYINFO with the given name.
l <MODEL> - Get current drive's model in Drive-level workflow and Computer model in Com-
puter-level workflow.
l <MANUFACTURER> - Get current drive's vendor in Drive-level workflow and Computer
vendor in Computer-level workflow.
The whole workflow is interrupted on the following cases:
l If an expression cannot be evaluated.
l An incorrect XML path will exit the action through Fail-exit.
l REPORTPATH with per-drive path fetches a value for the first found drive, and Condition
item returns its status.
Finalize the process. If this has not been set and the workflow is run, the whole workflow is inter-
rupted.
If “Show fail” is selected the device will display that the process has failed.
If “Restart” is selected, the system is restarted after the workflow has been completed. Only avail-
Finalize able in Computer-level mode.
If “shutdown” is selected, the system is shut down after the workflow has been completed. Only avail-
able in Computer-level mode.
The "Shutdown" option in a Finalize blob takes a precedence over the "Restart" option. If both
options are set, then a computer will be shutdown.
l Can contain variables enclosed in <>, which are substituted to actual values before sending
the request.
l Allowed protocols: HTTP and HTTPS. If HTTPS is used then server certificate validation is
not performed.
"Extra HTTP headers" - extra headers to include to the request.
l Several HTTP headers are separated with new lines. Maximum length is 2048 characters.
l Can contain tags enclosed in <>, which are substituted to actual values before sending the
request.
l "Content-type" and "Content-length" header values are always replaced with actual values
for POST method.
"Store HTTP return code to"
l Must be either empty or contain one of assignable variable tags (<VARIABLE Vari-
Server Message
ableName>, <ENTITYINFO InfoName>, <DEVICECUSTOMFIELD FieldName>). If con-
tains a tag and HTTP response code is received from the server, then the code is stored to
the variable.
l "JSON to send as POST payload"
l Can contain tags in JSON element values (not keys) enclosed in <> that will be replaced
with actual values, e.g. {"event":"connected","interface":"<REPORTPATH blancco_data.b-
lancco_hardware_report.disks.disk.interface_type>"}
"JSON reply from server"
l JSON values must be either empty or must contain assignable tags: <VARIABLE Vari-
ableName>, <ENTITYINFO InfoName>, <DEVICECUSTOMFIELD FieldName>
l If server reply has valid JSON payload and JSON structure in reply match with the structure
in this field, then variables get values assigned from reply.
Item result:
l If HTTP response code was received from the server then Action exits through OK(green)
point. The code can be any, e.g 404 or 500 is fine too. It is up to the user to check the status
code value and do further actions based on it.
{
"erasureStandard": "<VARIABLE standardId>",
"machineGrade": "<DEVICECUSTOMFIELD machineGrade>",
"someSubObject": {
"someArray": ["", "<ENTITYINFO someArrayElemTwo>", ""] <= we are
interested in value of the second element of the array
}
}
Corresponding reply:
{
"erasureStandard": "nist-purge",
"machineGrade": 5,
"someSubObject": {
"someIgnoredValue": true,
"someArray": [12.34, 34.56, 56.78]
}
}
{
"<MANUFACTURER>": "<VARIABLE someVariable>", <= Keys must be con-
stant
"manufacturer": "<REPORTPATH some.report.path>", <= REPORTPATH cannot
be assigned
"assetTag": "<VARIABLE someVariable> <DEVICECUSTOMFIELD assetTag>", <=
Only one variable can be specified
"serialNumber": 10203040 <= "10203040" does not specify an
assignable variable. If a value needs to be checked, first assign it to a variable
and then check in Condition action
"someSubObject": {
"someArray": ["One", "<ENTITYINFO someArrayElemTwo>", "Three"] <=
"One" and "Three" do not specify an assignable variable.
}
}
l String
l Integer
l Boolean
Floating point values are not supported at the moment, and are stored as Strings, i.e. no arithmetic oper-
ations on floats.
Variables are coupled with the target device the workflow is running on. For per-drive workflows it is the tar-
get drive. For computer-level workflows, it is the Host entity. Subsequently, all per-drive workflows running
on the same drive use the same variables context, e.g. main per-drive workflow and per-drive subworkflow.
Same for computer-level workflows: all computer level workflows can access other computer level work-
flow's variables.
If per-drive workflow needs access to a computer-level (global) variable, then the variable name must be
prefixed with the "G_" prefix. For computer-level workflows"G_" prefix is ignored.
Accessing computer-level variables from per-drive workflow is not possible.
Other notes:
Other notes:
An operand in an expression can be one of 4 types: String, Boolean, Integer or Invalid
Some functions perform type conversions, which are done according to the following rules:
l String to Boolean: if the String has a least one character the result is true, false otherwise
l Integer to Boolean: If the Integer is more than 0 the result is true, if it is equal or less than 0 the result
is false
l Boolean to String: true is converted to “true”, false to “false”
l Integer to String: Integer is converted to its String representation, e.g. 500 => “500”
l Boolean to Integer: true is converted to 1, false to 0
l String to Integer: the String must contain numeric characters only, otherwise the conversion fails
l Invalid type can only be converted to Boolean and result is always false
String literals outside of tags (<TAG>) must be in quotes (apostrophes or double quotes). If the string con-
tains apostrophes enclose it to double quotes and vice-versa.
Accepted:
<MODEL> == "VBOX"
<MODEL> == 'VBOX' <- same as line above
<MODEL> == '"VBOX"' <- resulting string is "VBOX"
<MODEL> == "'"
<MODEL> == VBOX
<MODEL> == """
In tag parameters quotes are optional. For example, DEVICECUSTOMFIELD is a tag with single string para-
meter and so all the characters after tag name up to the closing ">" are considered a string parameter. If the
parameter is in quotes, then the quotes are ignored:
Function can have non-const arguments, for example tags or results of other functions.
Example:
Set Value uses the same logic, it is possible to use expressions on the right side of Set Value.
Example:
In drive-level mode, the workflow is started when a new device is connected to the detected by the system
(newly attached drives can be detected by clicking “Refresh”. The start action is named as “Connected” in
this mode. This mode support hot-plugging drives.
In computer-level mode, the workflow is started when the system is booted. The start action is named as
“Booted” in this mode. This mode does not support hot-plugging drives.
The mode can be switched in the workflow’s settings, by selecting the “Start item” as “Booted” for Com-
puter-level or “Connected” for Drive-level mode:
blancco_data.blancco_hardware_report.disks.disk.interface_type
blancco_data.blancco_hardware_report.disks.disk.capacity
Erasure report:
blancco_data.blancco_erasure_report.erasures.erasure.state
blancco_data.blancco_erasure_report.erasures.erasure.firmware_rounds
moreThan(<REPORTPATH blancco_data.blancco_hardware_report.memory.total_memory>,
4194967295)
moreThan(<REPORTPATH blancco_data.blancco_hardware_report.processors.total_cores>,
3)
Note: only one battery will be checked in case the machine has several!
<REPORTPATH blancco_data.blancco_hardware_report.disks.disk.self_tests.self_test
[id=1].Value> == "[0x00] completed without error"
lessThan(<REPORTPATH blancco_data.blancco_hardware_report.disks.disk.smart_attrib-
utes.smart_attribute[name=Power On Hours].raw_value>, 1000)
12.8.5 Limitations
blancco_data.blancco_hardware_report.ports.port[1].type
‘.’, ‘[‘, ‘]’ are used as special delimiters and cannot be used in XML node names (e.g. custom field names).
The same goes for ‘<‘, ‘>’, ‘(‘, ‘)’symbols in Condition blob expressions.
Some XML report values are can be difficult to use, because of the way they are reported, e.g. timestamps,
resolutions, etc.
blancco_data.blancco_hardware_report.display.resolution = "1920x1080"
Note that only one error message is displayed in at a time. If there are more errors in a workflow, the second
error will be displayed after fixing the first error.
1. After the issue is reproduced, click on "Report issue" (or press F2).
2. Fill in a short description of the problem.
3. Save the issue report on a USB stick or send it to the Blancco Management Console.
4. Submit a ticket at http://support.blancco.com:
a. Press "Submit a Ticket".
b. Press "Next".
c. Dill in your details, the description of the problem, attach the issue report you have previously
generated.
d. Press "Submit".
l Currently the SSD Erasure Method is only designed to erase SSDs that use the ATA and SCSI inter-
face and support the firmware based erasure commands.
l For these drives, the recommended and most thorough erasure standard available in the soft-
ware is Blancco's SSD Erasure Standard. However, if your erasure policy mandates that a dif-
ferent process should be applied for these drives, other options can be selected but a
message will appear on the report highlighting that an SSD was erased.
l If the SSD you are trying to erase does not support the firmware command, it is not possible to
erase the SSD with Blancco’s SSD erasure method. This information will be displayed on the
UI.
l If it is not possible to remove an applied freeze lock on the SSD you are trying to erase, the
erasure using Blancco’s SSD erasure method will fail. This information will be displayed on
the report.
l If the SSD-drives are really old models (usually 64GB or smaller), it is recommended that only one
SSD should be erased per machine at a time. The success of erasure can be affected if two drives
are attempted to be erased simultaneously.
l The whole drive should be erased, do not erase individual partitions. The use of firmware based
erasure commands will not work on partitions on an SSD. The whole drive must be erased when
using Blancco’s SSD method.
l The SSD should not be connected to the machine through additional pieces of hardware such as
USB/FireWire docking stations or PATA/SATA/SCSI bridges. These could prevent the software’s
ability to issue the firmware erasure command, resulting in a failed process.
l There should also be no instance of a RAID configuration for SSDs being erased. If two SSDs are
attached to the host machine, erase a single drive at a time.
l For ATA SSDs, if the drive is not shown on the drive selection screen, or the erasure process cannot
be run due to non-access to firmware based erasure command, one possible solution is to change
the SSD's mode from IDE/ATA-mode to AHCI/Sata Native-mode (via the appropriate
BIOS/UEFI/EFI settings).
l Blancco Drive Eraser can detect and erase eMMCs to meet the requirements of Clear and Purge, as
specified by NIST.
l Note that if the eMMC has retired sectors, there is a risk that those sectors won’t be erased,
even after Purge-level erasure. Please refer to the chapter dedicated to eMMC drives.
l An SSD being erased must allow the firmware level erasure process to execute. The software will
reject those that do not support these commands, as it is an essential part of the SSD erasure
method. If the software cannot access the firmware command, for any reason, the drive’s erasure
will result in a fail.
l If an ATA SSD has a Master Password set, it is not possible to access the firmware erasure
command or write data to it. This password must be removed before erasure can be con-
sidered. If it is not possible to retrieve the password or somehow bypass it to unlock the drive,
it cannot be erased.
l ATA drives that have a freeze lock placed on them by the host machine’s BIOS will not allow
access to the firmware erasure command. The latest versions of Blancco’s software will
attempt to automatically remove the lock. Please see the appropriate part of the manual for fur-
ther guidelines on removal.
l The verification stage of SSD erasure must be completed successfully. If it cannot complete, the
erasure is considered a fail.
l The verification of an SSD must show that no data has remained on the device (at the logical
level). If anomalies are found, the erasure will fail.
l There is a possibility that some encrypting SSD models will appear to consistently fail erasure
because verification will fail. See the Failed Erasures section below for further information on
handling.
l Variations in drive implementations may mean that some drives require a slightly different pro-
cess – see Failed Erasures section below for further details.
1Blancco is not in a position to guarantee the success or otherwise of firmware updates. There is also no certainty that this will improve
the result of erasure.
l Clear (an erasure process that protects against non-invasive data recovery methods)
l Purge (for higher security, to protect against laboratory data recovery)
Some of the commands referenced by the NIST guidelines only feature in very new hardware.
The following tables outline where NIST requirements are supported by Blancco products.
* Secure Erase is attempted by default, normal overwrite is used if Secure Erase is not supported.
** According to the NIST guidelines, this is only possible on SSDs that support the ATA SANITIZE Block
Erase, the ATA SANITIZE Crypto Erase and/or the TCG Crypto Erase commands, all supported in the
standard “NIST 800-88 Purge”.
*** According to the NIST guidelines, this is only possible on SSDs that support the SCSI SANITIZE Block
Erase, the SCSI SANITIZE Crypto Erase and/or the TCG Crypto Erase commands, all supported in the
standard “NIST 800-88 Purge”.
**** According to NIST guidelines, this is possible on NVMe SSDs that support the NVMe Format - User
Data Erase, NVMe Format - Crypto Erase, NVMe SANITIZE Block Erase, NVMe SANITIZE Crypto Erase,
NVMe SANITIZE Overwrite and/or the TCG Crypto Erase commands, all supported in the standard “NIST
800-88 Purge”.
***** According to NIST guidelines, this is possible on eMMC drives that support the Secure Erase com-
mand or some other equivalent method. However, this also depends on the hardware where the eMMC is
embedded as well as on the eMMC manufacturer. Blancco Drive Eraser supports the Sanitize and Secure
Erase commands, via the standard “NIST 800-88 Purge”.
15.2 HDDs
Drive Type Erasure Requirements Supported?
Clear – Normal overwrite Yes
ATA
Purge – Firmware-based Overwrite or Cryptographic Erase or Secure Erase Yes*
Clear – Normal overwrite Yes
SCSI/SAS
Purge – Firmware-based Overwrite or Cryptographic Erase Yes**
l NIST normal verification: the drive is split into subsections, two pseudo random locations within each
subsection are selected, then these locations are verified. This NIST verification is available in
Blancco software and the percentage of the verified area is configurable by the user, it is used at the
end of the “NIST 800-88 Clear” and “NIST 800-88 Purge” standards (where 10% of the drive is veri-
fied as a minimum) as well as in all the other supported erasure standards. This means that selecting
any Blancco erasure standard and setting a verification percentage equal or higher than 10% will
ensure at least a clear-level erasure as defined by NIST.
l NIST Crypto Erase verification: pseudo random locations are selected throughout the drive and writ-
ten with a known pattern before the Crypto Erase is triggered. After the Crypto Erase execution,
these pseudo random locations are read to verify the absence of the known pattern. This NIST veri-
fication is available in Blancco software and the percentage of the verified area is configurable by the
user (the minimum being 10% of the drive). It is used at the end of the “NIST 800-88 Purge” stand-
ard.
l On newer SSDs supporting the Sanitize commands (required to meet the NIST Purge-level erasure),
“Blancco SSD Erasure” is fully compliant with the Purge-level erasure as defined by NIST. In fact,
“Blancco SSD Erasure” exceeds the NIST Purge recommendations.
l On older SSDs not supporting the Sanitize commands (but supporting older commands such as
Secure Erase), “Blancco SSD Erasure” is fully compliant with the Clear-level erasure as defined by
NIST. In fact, “Blancco SSD Erasure” exceeds the NIST Clear recommendations.
l On other data storage devices storing their data on flash memories (e.g. eMMC, NVMe), “Blancco
SSD Erasure” is fully compliant with the Purge-level erasure as defined by NIST.
l “Blancco SSD Erasure” can also be used to erase other drives (e.g. HDD) and compliance with NIST
Purge can be achieved, although this depends on the commands supported by the target drive.
Nevertheless, the “Blancco SSD Erasure” targets essentially drives that store their data on flash
memories (SSD, eMMC, NVMe) and other standards should be preferred when erasing magnetic
drives.
l Whenever a purge-level erasure is achieved on an SSD/eMMC/NVMe, through using "NIST Purge"
or "Blancco SSD Erasure", there is no specific exception in the report. If a successful erasure is
BSI-2011-VS Step #
BSI algorithm random pattern erasure 1.
100% Verification for presence of BSI random pattern 2.
ESE → SE → Overwrite with 0x00 3.
Verify data 5% (or more) 4.
Reset Master Boot Record 5.
BSI-GS Step #
Remove HPA/DCO (if existing) 1.
Overwrite with aperiodic random data 2.
-For ATA drive: ESE → SE → Overwrite with 0x00 3.
-For SCSI drive: FU → Overwrite with 0x00 3.
Verify data* (pattern verification) 4.
BSI-GSE Step #
Remove HPA/DCO (if existing) 1.
Overwrite with aperiodic random data 2.
Overwrite with aperiodic random data 3.
-For ATA drive: ESE → SE → Overwrite with 0x00 4.
-For SCSI drive: FU → Overwrite with 0x00 4.
Verify data* (pattern verification) 5.