Blancco Drive Eraser Manual en-US

Blancco Drive Eraser
User Manual for version 7.3.1

2022-04-06
1 Drive Eraser User Manual

Table of Contents
1. General information 11
1.1 Legal Notice 13
1.2 Copyright and Confidentiality Statement 13
2. Blancco Drive Eraser User Interface 14
2.1 Header area 15
2.2 Process area 15
2.2.1 Basic process 15
2.2.2 Multitasking 15
2.3 Work area 16
2.4 Popups for special drives 16
2.5 Other Popups 16
3. Header Area 17
3.1 Product name, software version and license control 17
3.2 Image usage 17
3.3 Settings function button 17
3.4 Report Issue function button 24
3.5 Help function button 26
3.6 Shutdown function button 27
4. Process and Work Areas 28
4.1 Processes 28
4.1.1 Manual 28
4.1.2 Semi-automatic 28
4.1.3 Automatic 29
4.1.4 Workflow 29
4.2 Erasure-step 29
4.2.1 Tab color and overall progress 29
4.2.2 Remaining time and state icon 30

4.2.3 Work area 30
4.2.3.1 Erase-button 32
4.2.3.2 Locate Drive -button 33
4.2.3.3 Erasure Settings button 34
4.2.3.3.1 Erasure standards 37
4.2.3.3.2 Verification 38
4.2.3.4 Hexviewer-button 38
4.2.3.5 Drive’s progress bar 40
4.2.3.6 Drive info-icons 41
4.3 Hardware tests –step 44
4.3.2 Work area 44
4.3.2.1 Available tests 45
4.3.2.2 Running tests / Test-button 45
4.4 Custom fields-step 46
4.4.2 Work area 46
4.4.2.1 Custom fields 47
4.4.2.2 Update-button 48
4.5 Report-step 48
4.5.2 Work area 49
4.5.2.1 Report content 50
4.5.2.2 Save-button 50
4.5.2.3 Send-button 53
4.6 Restart/Shutdown-step 54
4.7 Notification icons 55
4.7.1 Local Time and Current Date 55

4.7.2 Battery charge 55
4.7.3 Small asset report 56
4.7.4 Network 57
4.7.5 BMC 57
4.7.6 Licenses 58
5. Keyboard Controls 60
5.1 Generic controls 60
5.1.1 Tab key 60
5.1.2 Arrow keys 60
5.1.3 Space bar 60
5.1.4 Ctrl + Space 61
5.1.5 Ctrl + Enter 61
5.1.6 Escape key 61
5.2 Accessing the Header area 61
5.2.1 F1-F3 function keys 61
5.2.2 F10 function key 61
5.3 Accessing the Process area 61
5.4 Navigation inside the Work area 62
5.4.1 Erasure-step 62
5.4.1.1 Ctrl + R 62
5.4.1.2 Ctrl + M 62
5.4.1.3 Ctrl + F 62
5.4.1.4 Ctrl + A 62
5.4.1.5 Ctrl + L 62
5.4.1.6 Ctrl + Alt + L 62
5.4.1.7 Ctrl + H 62
5.4.1.8 Ctrl + Alt + R 62
5.4.1.9 Ctrl + Alt + E 62

5.4.1.10 Ctrl + Alt + P 62
5.4.1.11 Ctrl + Alt + U 62
5.4.1.12 Ctrl + Alt + C 63
5.4.1.13 Ctrl + G 63
5.4.1.14 Ctrl + E 63
5.4.2 Hardware tests-step 63
5.4.2.1 Ctrl + T 63
5.4.2.2 Ctrl + A 63
5.4.3 Custom fields-step 63
5.4.3.1 Ctrl + D 63
5.4.4 Report-step 63
5.4.4.1 Ctrl+S 63
5.4.4.2 Ctrl+N 63
5.4.4.3 Ctrl + M 63
6. Screensaver 64
6.1 Presentation 64
6.2 Exception notifications 66
6.3 Temperature Warning 67
6.4 Remote erasure 67
6.5 Screensaver lock 69
7. Blancco Drive Security Features 71
7.1 Booting Options 71
7.1.1 Description 71
7.1.2 When to use the booting options? 71
7.2 Automatic Restart/Shutdown 72
7.3 Crash reporter 72
7.4 Automatic report backup 72
7.5 Detecting HDDs 74

7.6 Read/write error handling 74
7.7 Remapped sectors 75
7.8 Hidden areas in a drive 76
7.8.1 Shadow MBR 76
7.9 Resume Erasure 77
7.10 Erasure Standard Switch for SSDs 78
7.11 Erasing and preserving drive partitions 78
7.12 Erasure verification 79
7.12.1 Traditional verification 80
7.12.2 Alternative/Fallback verification 80
7.13 Freeze lock 80
7.14 Persistent Software Detection 80
7.15 Hot swap capability 81
7.16 Erasure status and exceptions 83
7.17 CD-eject 83
7.18 Digital Fingerprint 84
7.19 Bootable Asset Report 84
7.20 Erasing RAID configurations 85
7.21 Remote erasure control and monitoring 85
7.21.1 Monitoring the erasure process through the Management Console 85
7.21.2 Controlling the erasure process through the Management Console 86
7.22 Sanitize Cryptographic Erasure Standard 86
7.23 Support for TCG Security Features 87
7.24 TPM Device Detection and Reporting 87
7.25 Fallback for NIST Erasure Standards 87
8. Hardware Which Requires Special Handling 89
8.1 Unsupported processors 89
8.2 SSDs 89

8.2.1 eMMCs 89
8.2.2 Hybrid Drives 90
8.3 NVMe Drives 91
8.3.1 Port Mapping 91
8.3.1.1 Hybrid Appliances 92
8.4 RAID-controllers connected to SAS/SATA drives 93
8.5 Password locked drives 93
8.6 Removable flash devices 93
8.7 Chromebooks 94
8.8 Apple T2 Machines 94
8.9 Microsoft Surface Pro 4 94
9. Hardware Tests 95
9.1 Automatic tests 95
9.1.1 Battery Capacity 95
9.1.2 Battery Discharge 95
9.1.3 CPU 96
9.1.4 Memory 97
9.1.5 Motherboard 97
9.2 Manual tests 97
9.2.1 Display 97
9.2.2 Pointing devices 99
9.2.3 Keyboard 102
9.2.4 PC speaker 104
9.2.5 Optical devices 106
9.2.6 Webcam 107
9.2.7 USB ports 109
9.2.8 Wi-Fi adapters 110
9.2.9 BIOS logo 112

10. Report Per Connected Device 115
10.1 Erasure-step 116
10.1.1 Report (Ctrl + Alt + R) 116
10.1.2 Custom fields - Per Drive (Ctrl + Alt + E) 116
10.2 Report & Per Drive Custom fields Status-icons 117
10.3 Custom fields-step 118
11. Processing Chromebooks with Drive Eraser 119
11.1 Supported Chromebooks 119
11.2 Minimum requirements 119
11.3 Instructions to use Blancco Drive Eraser 119
11.4 Instructions to prepare a Chromebook 120
11.4.1 Connect the Chromebook to Blancco Drive Eraser 120
11.4.2 Boot the Chromebook 120
11.4.3 Enable the Recovery and Developer Mode 120
11.4.3.1 Keyboardless Chromebooks 120
11.4.4 Connect to Blancco Drive Eraser 121
11.5 Processing the Chromebook 121
11.5.1 Chromebook Hardware tests 122
11.6 Process outcome 122
11.7 Troubleshooting 122
11.7.1 Required files not found 122
11.7.2 Device stays in Developer-mode after erasure 123
12. Workflow Process 124
12.1 Requirements 124
12.2 Create/Edit Workflow 124
12.3 Workflow Editor 125
12.4 List of Available Actions 126
12.4.1 Server Message Examples 130

12.4.2 Variables 131
12.4.3 Supported Condition Expressions 132
12.5 Drive-level & Computer-level Workflow-mode 134
12.6 Running a Workflow 135
12.7 Example Workflow 136
12.8 Using “REPORTPATH” Attribute and Examples 137
12.8.1 XmlPath Examples 137
12.8.2 Filters in XmlPath: 138
12.8.3 Drive specific paths 138
12.8.4 Usage examples 138
12.8.5 Limitations 139
12.9 Error Messages 139
13. Troubleshooting 142
14. Appendix 1: SSD Supplement 143
14.1 Guidelines for Using SSD Erasure Method 143
14.2 Erasure Result 143
14.2.1 Status 143
14.2.2 Failure Logic 144
14.3 Handling Information 144
14.3.1 Erasure Method 144
14.3.2 Inoperable Drives 144
14.3.3 Failed Erasures 145
14.3.3.1 Verification Issues 145
14.3.3.2 Firmware Upgrading 145
15. Appendix 2: Compliance with Updated NIST Guidelines 146
15.1 Solid State Drives (SSDs) 146
15.2 HDDs 146
15.3 NIST verification 147

15.4 Blancco SSD Erasure compliance with NIST 147
16. Appendix 3: Execution steps of the erasure standards 149
16.1 Magnetic standards 149
16.2 Firmware and forced standards 152
16.3 SSD Standards 153
17. Contact Information 154

1. General information
This manual is written for the Drive Eraser family for x86 based computer architectures.
PLEASE CAREFULLY READ THE NEXT PARAGRAPH BEFORE YOU START USING THE
PROGRAM
Thank you for choosing Blancco for your data erasure needs. Before you start using the Blancco Erasure
software make sure that all files, folders, software applications or any other information that you want to
save for later use are backed up on an appropriate media device other than the original data storage device
(HDD, SSD). If you are not sure whether to erase the information on the drive, please contact your system
operator, information management or a corresponding party, which maintains the computers in your organ-
ization. For future use of the erased computer, an operating system must be installed. Data that has been
erased from a data storage device with this program cannot be recovered by any existing method.
Minimum System Requirements
l 64-bit, x86 architecture machine.

l 2 GB of RAM in most cases. Erasing servers with 2+ drives requires more RAM.
l CD-drive or a CD-compatible drive for CD-booting.
l USB-port for exporting / saving reports locally and/or USB-booting.
l [Optional] SVGA display (1024*768 resolution or higher) and VESA compatible video card for graph-
ical user interface.
l [Optional] Ethernet NIC, DHCP Server running on local network.
l If the client software is running on a desktop, a sufficient PSU for all connected drives and hardware.
Blancco Drive Eraser can also be booted from a USB flash drive. A bootable USB flash drive can be created
with the help of Blancco USB Creator tool. Contact Blancco for more information.
If there is a dedicated network for erasing machines, Blancco Drive Eraser can also boot via a Preboot
eXecution Environment or PXE (as long as the machines to be erased support PXE booting). Contact
Blancco for more information.
As of version 6.3.0, UEFI Secure Boot is supported.
Version 6.6.0 and newer releases are fully compatible with Blancco Management Console (BMC)1 4.8.0
and newer releases. Older (<4.8.0) BMC releases are not compatible with version 6.6.0 and newer,
because of the updated Digital Signature of the version 6.6.0. Starting from version 6.12, the digital sig-
nature can also be customized via DECT 2.12 or newer (see the DECT user manual for more details).
1Centralized data management reporting solution to store and manage data erasure reports. Also used for monitoring and controlling
ongoing data erasures.. Please see the BMC manual for more information.

Drive Eraser can erase any connected drive (SATA1, SCSI2/SAS3, FC4, USB, eMMC, NVMe5) as well as
removable flash-based devices (check the chapter “Removable flash devices” for additional information).
Requirements for the User
Person(s) using this program should have prior experience using computers and the user should, at all
times, follow the guidance of this documentation and all guidance given by Blancco.
Booting and Computer Settings
l Check that all the drives are attached properly to the computer. See the manufacturer’s guide for
this.
l Check that the BIOS clock’s time is up to date.
l If you have a laptop computer, plug in the power adapter. There may be problems when erasing a
laptop on battery power.
l Disable or type the BIOS passwords requested during the booting up phase. This refers to the pass-
words that some computers require even before the actual booting starts. Other kinds of BIOS pass-
words do not usually prevent erasing the drive.
l Disable power saving features from the BIOS.
l Set the storage configuration as "AHCI" (not as "RAID").
l Note. This step is usually not needed, but some hardware may have problems if power saving is
enabled, so if you have just one license, it is prudent to do this. In a recycling center or corporate
environment this should be done only if there are problems with the given computer model when the
power saving is on.
l If your Blancco Drive Eraser software is in *.iso image form, make a bootable USB-stick or burn it to a
CD.
l Switch-on the computer power, put in the Blancco Drive Eraser CD and boot the system from the CD
(or use the booting that suits you best).
l Follow the user instructions in order to start erasing the data. Double-check that all data storage
devices have been detected correctly so that all the data will be correctly erased from them.
Note Blancco provides the SHA256 checksum of the ISO image in the delivery email. To verify that the
SHA256-checksum for your image is correct, please use a SHA256 checksum verification tool.
Warning! Shutting the computer down, exiting the program, disconnecting the drive(s) or paus-
ing/cancelling the process when Blancco Drive Eraser is performing an erasure on the drive(s) with NIST
800-88 Purge6 - ATA, BSI-GS/E, (Extended) Firmware based erasure or Blancco SSD Erasure, can
1Serial ATA or SATA is an evolution of the Parallel ATA physical storage interface. SATA is a serial link – a single cable with a min-
imum of four wires creates a point-to-point connection between devices.
2Short for Small Computer System Interface, a parallel interface standard used by Apple Macintosh computers, PCs, and many UNIX
systems for attaching peripheral devices to computers.
3Short for Serial Attached SCSI, it is a communication protocol used to move data to and from computer storage devices such as hard
drives and tape drives. SAS is a point-to-point serial protocol that replaces the parallel SCSI bus technology.
4A serial data transfer architecture. The most prominent Fibre Channel standard is Fibre Channel Arbitrated Loop (FC-AL).
5NVM Express (NVMe) is a logical device interface specification for accessing non-volatile storage media attached via a PCI Express
(PCIe) bus. NVM, stands for non-volatile memory, which is commonly flash memory that comes in the form of solid-state drives
(SSDs).
6A level of security defined by NIST that protects against laboratory attacks.

permanently damage the drive(s). This also applies to any erasure with the “Erase remapped sectors”
option checked.
Note In a general way, you should avoid shutting down the computer, exiting the program or disconnecting
any drive while erasing it with any standard. This is because all erasure information will be lost and the drive
may result damaged.
1.1 Legal Notice

Notwithstanding the foregoing, Blancco shall bear no responsibility for any interference, operability, or other
compatibility issues which may arise as a result of any changes or updates made to the operating systems
and/or hardware upon which the Blancco Software is executed. Likewise, Blancco shall be in no way
responsible for any interference, operability, or any other issues resulting from infection of systems and
hardware upon which the Blancco Software is executed by any form of virus, Trojan Horse, worm, malware,
or spyware of any form or type (collectively referred to hereafter as “Virus” of “Viruses”). The sole respons-
ibility for maintaining a Virus free environment for the operation of the Blancco Software or Hardware solu-
tions shall rest solely with the Company.
The license to the Product is non-transferable and is granted personally to the Licensee, and the Licensee
shall not, without prior written consent of Blancco, be entitled to assign or transfer the license for any reason
including, without limitation, merger, reorganization, sale of all or substantially all of the assets, change of
control or operation of law.
1.2 Copyright and Confidentiality Statement

No part of this manual, including the products and software described in it, may be reproduced, transmitted,
transcribed, stored in a retrieval system, or translated into any language in any form or by any means,
except documentation kept by the purchaser of Blancco Drive Eraser. The information contained in this doc-
ument is subject to change without notice. Products and corporate names appearing in this manual may or
may not be registered trademarks or copyrights of their respective companies, and are used only for iden-
tification or explanation and to the owner’s benefit, without intent to infringe.
Copyright © 2022 Blancco Technology Group. All rights reserved.
This document is strictly confidential and personal to its recipients and may contain legally privileged and/or
copyrighted, trademarked, patented or otherwise restricted information viewable by the intended recipient
only. Blancco Technology Group makes no representations and gives no warranties of whatever nature in
respect of this document, including but not limited to the accuracy or completeness of any information, facts
and/or opinions contained therein. By accessing this document, you acknowledge, accept and agree to the
foregoing.

2. Blancco Drive Eraser User Interface
When booting up the software, the booting option can be selected from the first splash screen:
The options are:
l Normal startup (safe resolution)

l Normal startup (native resolution)
l FLR during startup - Default selection
l Show startup messages
l Customized startup
For more information about the booting options, see the chapter “Booting Options”.
If the memory test is enabled, the system memory (RAM) is tested during this phase. A message about
ongoing memory test is displayed on the screen (works mostly on BIOS machines). Note that if the device
has a large amount of RAM, this test might take a long time to complete.
When Blancco Drive Eraser is booted, the main view is shown after the loading screen. It is divided into
three main areas: the header area, the process area and the work area.

2.1 Header area
The header area contains information about the software in use, such as the software name and the ver-
sion.
The Header area also contains a series of buttons called Function buttons which have a general purpose,
such as changing the user interface language, keyboard layout configuration, screensaver settings, com-
munication settings, reporting an issue, help menu and shutting down the machine.
2.2 Process area

The process area contains the numbered steps required to detect and erase the machine’s drives (“Eras-
ure”-step), run hardware tests (“Hardware tests”-step), update the erasure report (“Custom fields”-step),
view and back up the erasure report (“Report”-step).
2.2.1 Basic process

The basic erasure process is articulated around four steps. These steps can be followed in order, but not
necessarily:
1. Erasure – Choosing what to erase and how and starting the erasure
2. Hardware tests – Testing the main components of the machine (not available in all modes, can be
turned off)
3. Custom fields – Report filling and updating (can be turned off)
4. Report – Checking the report and sending and/or saving it.
2.2.2 Multitasking
Blancco Drive Eraser’s user interface makes multitasking possible by letting the user navigate freely
between the tabs during an active erasure process.

Example scenario: The machine has 3 drives. The user starts erasing the drive 1 (Erasure). After this, the
user can update the report (Custom fields), run tests on the hardware (Hardware tests), or even send/save
an incomplete report (Report), all while the drive is being erased. Also the user can start erasing the drives 2
& 3 simultaneously, or erase them individually.
2.3 Work area

The work area contains all the specific information and details for every process step: available drives and
erasure standards in “Erasure”-step, additional fields for report editing in “Custom fields”-step, asset and
erasure information in “Report”-step.
Most of the actions of the user and interaction with the software take place in the Work area. Also, if an eras-
ure raises a warning, a “yellow” informative message is written in the report.
2.4 Popups for special drives

A popup is displayed if the system has at least one extra removable Flash-based drive is detected on the
machine, with the information: "Device Detected - Blancco Drive Eraser has detected removable flash drive
(s). Please consider removing or erasing them.".
2.5 Other Popups

A pop up is displayed if the CA certificate on BMC fails validation, with the following information: "Blancco
Drive Eraser Warning - Certificate validation failed.".

3. Header Area
3.1 Product name, software version and license control
Blancco Drive Eraser product name (Volume Edition, Enterprise Subscription Edition, Enterprise
Volume Edition) and software version are located on the top left of the screen, under the logo.
3.2 Image usage

Under the version number there is a space where the user can set a label that specifies the usage of the
Blancco Drive Eraserimage, for easy identification in environments where several images are configured
with different settings. Example: “For laptops with SSDs”, “For servers, HMG 1x”.
The image usage label is configurable with DECT1.
3.3 Settings function button

The Blancco Drive Eraser settings are accessed via the “Settings”-button.
Pressing the button opens the Settings-window. The Settings-window has several tabs. The General tab
contains information related to the User Interface and screensaver:
1Blancco Drive Eraser Configuration Tool. Blancco software used to configure the Drive Eraser ISO image to best fit the user’s needs.
Please read the DECT manual for more information.

Item Example Description
User Interface Settings
Language: English – en The language used in the software.
Keyboard Layout: English (United States) - us Keyboard layout used in the system.
Screensaver Settings
Enable screensaver On or Off Enable/disable the screensaver.
Timeout of the screensaver (in seconds), time of inactivity
Timeout (sec.): 30 before the screensaver is turned on. Possible values: from 5
sec. to 86400 sec. (1 day).
The Management Console tab contains information related to BMC connectivity:

Communication settings
Hostname / IP: 10.1.1.1 IP-address of the server running the BMC.
Port number of the BMC. This port was set up when
installing the BMC; it is the port 8443 by default (HTTPS pro-
Port: 8443
tocol always enforced). Please check the BMC manual for
more information.
Username: ExampleBMCUser User for accessing the BMC.
Password: VeryStrongPassword Password for accessing the BMC.
The validation of the hostname remote certificate is
Do Not Validate The enforced by default. If turned on, this checkbox disables the
On or Off
Remote Certificate: certificate validation for hostnames. Certificate validation is
disabled by design on IP addresses.
The Operation tab contains information related to erasure and power saving:

Erasure Settings
Maximum number of simultaneous erasures. If the number
of simultaneous erasures is less than the limit, then new
erasures can be started until the limit is met.
Simultaneous Erasures If the number of erasures exceeds this value, the excess
50
Limit and new erasures are put to erasure queue and are paused
until they can be started.
Note that the maximum number supported here can differ
between client software editions.
Fail the erasure if the erasure speed is lower than the value
Enable Speed Threshold On or off set in the “Speed Threshold” field.
Turned off by default.
The speed threshold for erasures.
Speed Threshold (MB/s) 0 The value range is 1-10000. The value is Mega-
bytes/second.
Power Saving Settings
Spin Down Idle Disks On or off When enabled, this option allows the client software to spin

down magnetic disks when they have been idle for 5
minutes.
Also, when this option is enabled, maximum of one erasure
can be started per second. This is to prevent power peaks.
In case of HDDs being erased in batches, this can reduce
the surge in power consumption by 40% (the HDDs being
queued or already erased stop consuming electricity). This
also saves energy after all drives are erased and before they
are removed.
The Networking tab contains information related to wired network, DNS and VLAN settings:
Wired network settings:

Interface Dropdown menu Chosen interface device for the wired network.
Is wired network enabled or not. If the wired network is not
Enabled On or Off
enabled, the settings below cannot be accessed.

Is DHCP used or not. If DHCP is on, then “IP address”, “Sub-
Use DHCP On or Off
net mask” and “Gateway” settings are greyed out.
IP address 10.0.2.15 IP address of the device.
Subnet mask 255.255.255.0 Subnet mask of the device.
Gateway 10.0.2.2 Gateway address of the device.
DNS Settings:
Primary IP 8.8.8.8 Primary IP-address for the DNS-server.
Secondary IP 4.4.4.4 Secondary IP-address for the DNS-server.
VLAN Settings:
ID of the Virtual LAN (VAN). Acceptable value range is 1-
VLAN ID 1234
4094.
The Network security tab contains information related to proxy, Remote SSH and IEEE 802.1x authen-
tication settings:

Proxy settings:
Hostname / IP 10.1.1.2 IP-address of the proxy-server.
Port: 8080 Port number of the proxy-server.
Username ExampleProxyUser Username for accessing the proxy-server.
Password: VeryStrongPassword Password for accessing the proxy-server.
Remote SSH Connections:

If enabled, remote SSH connections are allowed. If
Allow remote connection
On or off turned off, remote SSH connections cannot be made to
from Blancco Support
the Drive Eraser.
IEE 802.1x authentication:

Whether or not this feature is enabled. If network security is
Enabled On or off
enabled, then the support for 802.1x authentication is

enabled. This will allow network connection over network
adapters and WP2 enterprise Wi-Fi.
Whether or not the CA (Certificate Authority) certificate is
Use CA Certificate On or off used or not.
CA certificate can be included by using the DECT.
Protocol PEAPv0/EAP-MSCHAPv2 Selected protocol for 802.1x authentication.
Identity networkidentity Identity used with the 802.1x authentication.
Password VeryStrongPassword Password used with the identity.
3.4 Report Issue function button

If issues are found, they can be reported by pressing the “Report issue”-button: with this button the user gen-
erates a detailed report that contains additional system information and logs used to understand and repro-
duce the problem. These issue reports must be attached and sent via email to Blancco Support for further
analysis.
Pressing the button opens the Report issue-window:

The window is divided in to two fields: “Problem description”-field and settings related to saving the issue
report on an external media device. “Problem description” is mandatory, because it explains the problem.
If you want to save an issue report on an external device (USB-stick), first plug the media device into the
machine, then press the “Report issue”-button. The settings for saving the issue report consist of:
l Select media from the "Drive" dropdown menu, and select the appropriate media device (USB-stick)
to save the issue report.
l Filename field, which defines the file name of the report. The default name of the report follows the
format: Date(yyyymmdd)_time(hh24miss)_report
l A report named “20210527_092742_report” was created 27th of May, 2021 at 9:27:42 AM.
l This name can eventually be changed before saving the issue report to the external media.

l The only available file format is XML (it will automatically be added to the issue report name).
l Save button, press this button to save the issue report on your external device (USB-stick).
The other available buttons in the window are:
l Send button, for sending the issue report to the BMC. This requires:
l A network connection and a server running the BMC.
l Correct Management Console settings filled in the Settings window.
l The chapter Send-button has more general information about report sending.
l Cancel button, to cancel the issue report generation and exit the window.
Note. When saving a report on a USB stick, make sure that:
l The USB stick has been preformatted by the user to FAT32 (most suitable format).
l The USB stick has a single partition.
l The USB stick name is not empty. Use preferably a name containing characters in the range a-zA-
Z0-9.
l The USB stick is in a good condition, if you have any doubt re-format it or replace it.
Issue report can also be fetched by using Blancco Management Console (requires a working connection to
the BMC).
3.5 Help function button

The “Help”-button is used to open the quick-help menu.
Pressing this button opens the Help-window. This window contains general information about the software.
The Help window consists of two columns:
l The left column contains the Help table of contents.

l A search box is located on the top right corner of the screen.
l The right column contains the Help content, selecting a chapter in the table of contents will auto-
matically update the content.

3.6 Shutdown function button
In order to shut down or restart the machine after a successful erasure, click on the “Shutdown” button.
If the report has not been saved or sent or if there are unsaved changes to the erasure report, then a popup
will be displayed informing the user about the situation. To continue to the shutdown dialog, click “Yes”. To
cancel and return to the main menu, click “No”.
After pressing the button, a confirmation popup window will appear. Confirm that you really wish to shut
down the machine by clicking on “Shut down” or restart the machine by pressing “Restart”. The machine
then powers off or restarts.

4. Process and Work Areas
4.1 Processes
Processes define how the erasure process is handled and how much user interaction it requires. All pro-
cesses consist of predefined steps which are numbered and have to be followed to complete an erasure
and a report generation. There are three default processes: “Manual”, “Semi-automatic” and “Automatic”.
The configured process is visible in the Blancco Drive Eraser UI but can only be changed via the DECT soft-
ware.
4.1.1 Manual
In this mode, everything is done manually. The erasure must be started by the user. The user must then
manually send the report to the BMC or save it to a USB memory stick. Running hardware tests or updating
the report fields must also be done manually.
Step Behavior
1 - Erasure Must be run manually.
2 - Hardware Tests Must be run manually.
3 – Custom fields Must be run manually.
4 - Report Must be run manually.
5 - Shutdown Must be run manually.
4.1.2 Semi-automatic
In this mode the erasure is automatically started. This process automatically skips the manual hardware
tests. However, the user can still do the tests manually if required, in which case the process will wait until
this step is completed. Updating the report fields must be done manually. The report is automatically sent to
the BMC after the report fields have been updated. Report saving is optional and must be done manually. A
popup to shut down or restart the machine is always shown in the end.
If one of the automatic steps doesn’t finish successfully, then the process is interrupted and must be fin-
ished manually.
Step Behavior
1 - Erasure Automatically run.
2 - Hardware Tests Can be run manually 1, automatically skipped otherwise.
3 – Custom fields Must be run manually.
4 - Report Automatically run (report sending)2.
This behavior can be modified through the DECT. For more
5 - Shutdown
information, see the chapter “Automatic Restart/Shutdown”.
1The software will wait until the step is finished.

2The report saving is also possible but it is a manual procedure.

4.1.3 Automatic
In this mode the erasure is automatically started and the report is automatically sent to the BMC. Report sav-
ing is optional and must be done manually. This process automatically skips the manual hardware tests and
updates the report fields (before sending the report), however the user can still do these steps manually if
required, in which case the process will wait until these steps are completed.A popup to shut down or restart
the machine is always shown in the end.
If one of the automatic steps doesn’t finish successfully, then the process is interrupted and must be fin-
ished manually.
Step Behavior
1 - Erasure Starts automatically.
2 - Hardware Tests Can be run manually 1, automatically skipped otherwise.
3 – Custom fields Can be run manually 2, automatically skipped otherwise.
4 - Report Automatically run (report sending) 3.
This behavior can be modified through the DECT. For more
5 - Restart/Shutdown
information, see the chapter “Automatic Restart/Shutdown”.
4.1.4 Workflow
The process is managed by a workflow which is fetched from BMC/Blancco Cloud. See chapter “Workflow
Process” for more information.
4.2 Erasure-step
The Erasure-step is the first defined default step. When clicking on this step, the user can see in the work
area the drives available for erasure. If the software has been configured to display drive partitions, then all
detected drive partitions are displayed and they can be erased separately. The erasure step’s tab also
shows some information about the erasures’ overall process.
4.2.1 Tab color and overall progress

The Erasure-step tab’s color informs of the overall erasure progress: not started (gray), ongoing (dark blue),
successful (green), failed or canceled (red), paused (blue). Whenever there is at least one erasure ongoing,
the erasure percentage is also displayed in the tab. Information about the number of drives being erased
and their status is written under the “Erasure” tab.
Erasure tab – erasure not yet started:
Erasure tab – ongoing erasure (1).

3The report saving is also possible, but it is a manual procedure.

Erasure tab – successful erasure(1)
Erasure tab – failed erasure(s)
Erasure tab – canceled erasure(1)
Erasure tab – paused erasure(1)
4.2.2 Remaining time and state icon

Indication of the remaining erasure time is also displayed next to the “Erasure” tab.
If there are multiple drives in different states, then the erasure-tab may look like the next picture:
4.2.3 Work area

More specific functionality and information is shown in the work area. Most of the physical interaction with
the software is done in this area.
In this view the user can individually select or group the drives for erasure. The erasure method (or stand-
ard) the user wants to use, whether or not the remapped sectors are erased from the drive as well as the
level of the verification (which is done during or after the erasure) can also be defined individually or per
group. By clicking “Erase”, the software starts the erasure process for all of the selected drives. The pro-
gress bar and time remaining indicator show how long it takes before the process completes.
The drives can be displayed in either List-view or in Grid view. To change between the views, click on the
List/Grid-view icon:

In the Grid-view, the drive-icons are more compact and they are arranged in a grid-structure:
The default option is List-view and that view is used in the majority of the screen shots in this doc-
umentation.
The listed drives can be narrowed down by using the search bar. To start a search, click on the Search-field,
or use press CTRL+F. For example, using the term SATA would only display drives with that term on their
information:
The search bar can search all the drive information available in GUI (Number of drives, Vendor, Model,
Type, Size, Serial number) and by status. Note that when searching by status, an exclamation mark is
required: for all drives with successful-status, type "!successful".
If the computer has empty drive slots, which are visible to the software, the visibility of those slots can be
toggled on/off by using the "Show empty slots" button or by pressing CTRL+M:
All the drives connected and running in the computer are shown in the view. Please check that the drives
have been correctly identified. The drive information available in the GUI is:
l Number of drives,
l Vendor/Model – vendor or the model of the drive,
l Type – connection type (SATA, SPI, SSD…),
l Size – size of the drive (in GB),
l Serial number – serial number of the drive.

The drives have both a running ID and a bay ID: X (Y-Z) with X being the running ID, Y-Z being the bay ID
(where Y is the controller ID and Z is the controller port number where the drive is connected).
If the color of the bay ID is black (e.g. 2-13) this means that the controller supports port mapping e.g. “2-13”
would correspond to the 13th port in the controller number 2. This port mapping is remembered between
boots and it is shown consistently.
If the color of the bay ID is orange (e.g. 1-2) this means that the controller does not support port mapping:
l The controller detected in first position by the OS will get the value 1-*, the controller in second pos-
ition will get the value 2-* and so on.
l Similarly, the drive detected in first position will get the value *-1, the drive detected in second pos-
ition will be *-2 and so on.
l Therefore, "2-13" would correspond to the drive detected in 13th position on the controller detected
in second position.
l This numbering changes between boots and it is not consistent.
4.2.3.1 Erase-button
The erasure process is always started from the “Erase” button, which is located on the bottom right of the
screen, or press the Ctrl + E combination.
After the “Erase”-button is pressed a confirmation window is shown: pressing “Yes” continues to the eras-
ure, pressing “No” exits the window and does not start the erasure. The Blancco EULA can also be
accessed from the confirmation window.

Warning! If a drive has a Freeze lock, Blancco Drive Eraser can attempt to remove it: in such case, the
screen may momentarily turn off but should resume after few seconds. Please be patient and wait for the
screen to resume. For more information about Freeze lock, see the chapter Freeze lock.
4.2.3.2 Locate Drive -button

There is the possibility to blink the LED of a drive from the GUI. This helps to locate the drive on the machine
or in an enclosure.
Select one or several drives and press the Locate drive-button to toggle the blinking:
When the locate drive button or CTRL + L is pressed, the selected drives will start on the UI.
If keyboard shortcut CTRl + ALT + L is pressed, then all detected drives start blinking their LEDs’:
The button’s operation follows these rules:
l User can start blinking a drive that is not erasing, or is erasing but paused.
l If the drive is erasing (not paused), the button is disabled.
l Blinking will continue for 30 seconds or until the user stops it or erasure is started on that drive.
l There is no limit on the amount of drives that can be blinking at one time.
The actual LED blinking for a drive will happen in one of two possible ways:
l If there is an enclosure with LEDs available, the actual LED on the enclosure will do the blinking (the
enclosure has to be supported by Blancco Drive Eraser).

l If there is no enclosure available, the blinking will be done by reading the drive in a pattern that is dis-
tinguishable from regular drive usage (or erasure).
4.2.3.3 Erasure Settings button

The erasure options can be accessed by clicking the gear-icon on the bottom right of the screen:

In the erasure options, the following settings are available:
Pre-processing options:

l Execute Self-tests On Drives – If this option is turned on, the drive’s S.M.A.R.T self-tests are run dur-
ing the erasure process. Note that the exact test parameters on these tests may vary between man-
ufacturers and models. The options are:
l Short - The electrical and mechanical performance as well as the read performance of the
drives are tested. Usually takes under two minutes.
l Conveyance - Intended as a quick test to identify damage incurred during transporting of the
device from the drive manufacturer to the computer manufacturer. Only available on ATA
drives. Usually takes several minutes.
l Extended - A longer and more thorough version of the short self-test, scanning the entire drive
surface with no time limit. This test can take from dozens of minutes to several hours (this
depends on the read/write speed of the drive and its size).
l Fail Erasure if Unsuccessful – If Self-test fails, then the erasure is marked as unsuccessful. This
option is only available if “Execute Self-tests On Drives” is enabled.
In-process options:
l Choose erasure standard and verification level. For info, see the chapters Erasure standard and Veri-
fication.
l Erase remapped sectors – If this option is turned on, the remapped sectors are erased during the pro-
cess. This option is turned off by default.
l Fail erasure if unsuccessful – This option is available only if the option “Erase remapped sec-
tors” is activated:
l If this option is turned on, and the drive has at least one remapped sector, and the eras-
ure of remapped sector fails or it is not supported by the drive, then the whole erasure
will fail immediately and the report will display the error message "Drive doesn't sup-
port remapped sectors erasure".
l If this option is turned off (default), and the drive has at least one remapped sector, and
the erasure of remapped sector fails or it is not supported by the drive, then the erasure
continues but in the end the report will display the exception "Drive doesn't support
remapped sectors erasure".
l Remove hidden areas – If this option is turned on, hidden areas of the drive (e.g. HPA, DCO) are
removed.
l Enforce Blancco SSD method on SSDs – If this option is turned on, all drives detected as SSDs are
systematically erased with the “Blancco SSD Erasure” standard, other drives (e.g. HDDs) are erased
with the (pre)selected erasure standard. Note that NVMe drives are affected by this as they are a
type of SSD.
l Show Drive Partitions – If this option is turned on, the drive’s partitions are displayed and they can be
erased separately.
l Preserve recovery partition - If this option is turned on, any GPT partitioned drive that has a Windows
recovery partition is partially erased (the area of the drive containing the partition is preserved/not
erased while other areas are erased), other drives are erased normally.
Post-processing options

l Format Drives After Erasure – if this option is turned on, erased drives are formatted after their eras-
ure process have been completed. The file system, to which the drives are formatted to, can be selec-
ted from the dropdown menu below the option. Available file systems are: NTFS, FAT32 and exFAT.
This option can be used with ATA, SCSI and SAS based drives.
More information about the effects of these options can be found in the Blancco Drive Eraser Security fea-
tures chapter.
If the lock icon is displayed, then the erasure settings have been locked in DECT. This means that none of
the erasure settings can be changed by the user:
4.2.3.3.1 Erasure standards
The erasure method or standard used to wipe out the drives can be selected from the “Erasure standard”
drop-down list:
Note that this list can be configured via DECT, where you can select a subset of standards (for example,
only standards that comply with your company policy), which will then be displayed in the drop-down list
instead of a full list of standards shown below.
Blancco Drive Eraser supports more than 20 erasure standards. See the detailed list below:
*: standard including a firmware based erasure step
**: See chapter “Sanitize Cryptographic Erasure Standard”
Erasure Standard Overwriting Rounds
Air Force System Security Instruction 5020 4
Aperiodic random overwrite 1
Blancco SSD Erasure 2+*
Bruce Schneier's Algorithm 7
BSI-2011-VS 1-2*
BSI-GS 1-2*
BSI-GSE 2-3*
CESG CPA – Higher Level 3
Sanitize Cryptographic Erasure 0**
DoD 5220.22-M 3
DoD 5220.22-M ECE 7
NIST 800-88 Clear 0-1*
NIST 800-88 Purge 0*
Firmware Based Erasure 0*
Extended Firmware Based Erasure 1*
HMG Infosec Standard 5, Higher Standard 3
HMG Infosec Standard 5, Lower Standard 1

Erasure Standard Overwriting Rounds
National Computer Security Center (NCSC-TG-025) 4
Navy Staff Office Publication (NAVSO P-5239-26) 3
NSA 130-1 3
OPNAVINST 5239.1A 3
Peter Gutmann's Algorithm 35
U.S. Army AR380-19 3
RCMP TSSIT OPS-II 8
Random byte overwrite (3x) 3
TCG Cryptographic Erasure 1
Erasure standards supported by Blancco Drive Eraser. See the chapter Execution steps of the
erasure standards for more information
4.2.3.3.2 Verification
The amount of verification done during or after the drives’ erasure can be selected from the “Verification”
slider:
See the Erasure verification section for more details.
4.2.3.4 Hexviewer-button
The Hexviewer is used to check the content of a storage media in hexadecimal format. Whenever a drive is
overwritten with Blancco Drive Eraser, a pattern (either static or random) is used to overwrite it: the hex-
format of this pattern (e.g. 0x00, 0xAA, 0x924924…) can be viewed with the Hexviewer thus providing a
visual verification of the performed erasure result. In order to access the Hexviewer, select one or several
drives (before or after the erasure) and press the Hexviewer button to check their content.

Drive pane (left side)
A list displaying all the drives selected by
the user. Each drive is identified with its
Drive: 1 VBOX HARDDISK (1.07 GB) VB1a...
number, vendor and model, capacity
and serial number.
Sector pane (Right panel)
The left side of the Hexviewer displays
the sector’s data in hexadecimal format.
Left column 48 69 21 00 AA
If the sector size is 512 bytes, the left
side will be a 32 x 16 matrix.
The right side of the Hexviewer displays
the sector’s data in ASCII format. If the
sector size is 512 bytes, the left side will
Right column Hi!..
be a 32 x 16 matrix. Non-printable ASCII
chars and non-ASCII chars are rep-
resented by a dot (“.”).
Used to scroll through different sectors.
Horizontal slider - It can be moved with the arrow keys and
with the mouse.
Moves to and displays the first sector of
<< (First-button) -
the drive.
< (Previous-button) - Moves to and displays the previous sec-

tor.
Sector being viewed currently, displayed
against the total amount of sectors of the
drive. Typing a sector number and press-
Select sector: 100 ing the Enter-key will show the sector in
question. Note that the first sector is
numbered 0 i.e. a drive with 100 sectors
will have sectors in the range 0-99.
> (Next-button) - Moves to and displays the next sector.
Moves to and displays the last sector of
>> (Last-button) -
the drive.
The Hexviewer can also be used to read the Digital Fingerprint information, please check chapter Digital
Fingerprint for more information.
.
4.2.3.5 Drive’s progress bar

The erasure progress of each individual drive can be monitored via a progress bar which displays the eras-
ure state, erasure standard, percentage of erasure, erasure speed and also offers the possibility to pause
and/or cancel the erasure.
Not started
In this state, the erasure has not been started or the selected drive is
not active.
Ongoing In this state, the erasure process is being performed. The progress is
shown by the progress bar. Current erasure percentage, remaining
time to complete the erasure, write speed and erasure standard are dis-
played above the progress bar.
In this state the, the progress bar has a looped animation and the drive
Ongoing Firmware is executing a firmware based command e.g. ATA secure erase, SCSI
Command format unit, Sanitize feature set command, TCG command, etc. If avail-
able, the percentage of completion of the firmware command is shown
above the progress bar.
When a firmware command is being executed, the drive cannot be
paused or canceled and the locate drive button is turned off.
Paused
In this state, the erasure has been paused by the user. The erasure can
be resumed by pressing the resume-button or canceled by pressing the
cancel-button.

Completed
When the erasure has been successfully completed.
Canceled
If the erasure has been canceled by the user.
Failed
If the erasure has failed (due to e.g. read/write errors during the eras-
ure).
Pause button
This button pauses an ongoing erasure. Select one or several drives
being erased and press the Pause button to pause the drive erasures.
Resume button
This button resumes a paused erasure. Select one or several drives
being paused and press the Resume button to resume the drive eras-
ures.
Cancel button
This button cancels an ongoing erasure. Select one or several drives
being erased or paused and press the Cancel button to cancel the drive
erasures.
4.2.3.6 Drive info-icons

Depending on the drive, several icons can appear under the progress bar. The icons can be:
Standby-mode If this icon is displayed. It means that the drive has been inactive for 5
minutes and has been spun down. This feature can be managed in the
Settings-window or in the DECT.
This icon will appear if remapped sectors are detected on the drive.
Remapped sectors The number displayed after the Remapped string is the number of
count remapped sectors detected on the drive.
The number of detected remapped sectors can change during the eras-
ure, as it is first detected before the erasure takes place but it can be

updated after the erasure (in particular if the erasure standard includes
a firmware based erasure step).
This icon will appear if read or write errors are detected on the drive.
Error count The number displayed after the Errors string is the number of read and
write errors occurring during the erasure.
The number of errors can change during the erasure, as it is detected
in real time.
These icons will appear if hidden areas are detected on the drive. The
Hidden areas possible hidden areas are DCO, HPA or both.
The detected hidden areas info can change after the erasure, as they
are first detected before the erasure takes place but they may be
removed during the erasure (and not be displayed after it).
Password protected
This icon is displayed when the drive is password protected. Blancco
drive
Drive Eraser cannot erase password protected drives, unless the pass-
word is entered by the user before the software boots.
This icon is displayed in case the drive does not support at least one of
the erasure options:
Erasure option is not
supported l E.g. selecting an erasure standard that enforces a firmware
based erasure while the drive doesn’t support it.
l E.g. selecting the "Erase remapped sectors" option while the
drive doesn’t implement commands to do it.
GPT recovery partition

detected This icon is displayed when the software detects a GPT Windows
recovery partition and is configured to preserve it.
This icon is displayed if the software is configured to preserve the GPT

Erasure not allowed Windows recovery partition (or to show the drive partitions) and the
user attempts to erase the drive with the recovery partition (or an indi-
vidual partition) with erasure options that erase the whole drive (e.g.
using an erasure standard that contains firmware-based erasure step
(s) or selecting the “Erase remapped sectors” option).
Drive Temperature
Displays the current temperature of the drive. Only available on NVMe
and SATA devices.

Self-Tests
This icon is displayed, if the “Execute Self-tests On Drives” erasure
option is activated and the drive supports those tests.
TCG Cryptographic
This icon is displayed, if the drive supports TCG Cryptographic Eras-
Erasure Supported
ure, which is used in “TCG Cryptographic Erasure” and “NIST 800-88
Purge” erasure standards.
This icon is displayed, if the drive supports TCG Cryptographic Eras-

TCG Enterprise
ure, which is used in “TCG Cryptographic Erasure” and “NIST 800-88
Purge” erasure standards and drive is TCG Enterprise SSC spe-
cification compliant standard.
This icon is displayed if the drive supports the TCG Opalite feature set.
TCG Opalite This feature set can cryptographycally erase the drive. The feature set
is detected and reported but presently the cryptographic erasure is not
supported yet, it will be supported within “TCG Cryptographic Erasure”
and “NIST 800-88 Purge” erasure standards in the coming releases.
This icon is displayed if the drive supports the TCG Pyrite feature set.
TCG Pyrite This feature set can cryptographycally erase the drive. The feature set
This icon is displayed if the drive supports the TCG Ruby feature set.
TCG Ruby This feature set can cryptographycally erase the drive. The feature set
This icon is displayed if the drive is completely locked (read/write pro-

tected) via a TCG command. Such command can be issued by the
TCG Locked
BIOS/UEFI (e.g. automatic drive locking on re-power is enabled) or by
the machine operating system. The drive needs to be unlocked before
it can be erased, this can be achieved by entering the drive password
or by performing a PSID Revert operation.
Password Locked TCG

Drive
This icon is displayed if the TCG commands on the drive are locked

with a password. The drive can be read and written, but in order to
erase it with TCG-based erasure commands (e.g. with the "TCG
Crypto Erasure" standard) it needs to be unlocked.
Shadow MBR area

detected This icon is displayed if a Shadow MBR area is detected on the drive.
For more information, see the Shadow MBR chapter.
4.3 Hardware tests –step

By default, this step is disabled. This step can be turned on or off from the DECT. When enabled, the Hard-
ware tests-step is the second defined default step. When clicking on this step, the user can see in the work
area all the hardware tests available.

The Hardware tests-step tab’s color informs of the overall hardware test progress: not started (no icons),
successful (green check mark), failed (red !-icon). Information about the number of tests ongoing and their
status is also written under the “Hardware tests” tab.
Hardware tests tab – manual tests not started.
Hardware tests tab – all tests successful.
Hardware tests tab – at least one test has failed.
4.3.2 Work area

The list of available hardware tests and their current states are visible in the work area.

4.3.2.1 Available tests
Detailed information about each test is found in the chapter “Hardware tests”.
4.3.2.2 Running tests / Test-button

To run the tests, select the tests to run:
After that, click on the "Run selected tests" or press CTRL + T:
On the right side of the tests names are their current state in the Results column. The state can be:
Not performed – The test has not yet been run.
[No icon is shown]
Successful – The test was run and the tested hardware worked correctly.

Failed – The test was run and the tested hardware didn’t work correctly.
Cannot be performed - The test cannot be run with current hardware setup:
4.4 Custom fields-step

The "Custom fields”-step is the third defined default step. In this step, the erasure report can be edited
before, during and after the erasure.

The Custom fields-step tab’s color informs of the overall report editing progress: not started (gray), ongoing
(blue), successful (green), incorrect (red). Information about the update status is also written under the “Cus-
tom fields” tab.
Custom fields tab – report editing not started.
Custom fields tab – text has been filled into the fields but it is
not yet validated.
Custom fields tab – fields have been filled in and validation is

successful.
Custom fields tab – validation is not successful, mandatory

fields have been left empty.
4.4.2 Work area

The Customer details, the Operator details as well as all the configured Custom fields are visible in the work
area. They can be filled in with your own Company’s information to customize the final report. The max-
imum string length for these fields is 1023 characters.

4.4.2.1 Custom fields
Custom fields are usually created and filled in by the Operator i.e. the person or company that carries out
the drives’ erasure. There are two types of custom fields:
l Normal entry fields - Values can be freely typed in. Note that the maximum string length is 1023 char-
acters.
l Dropdown lists - Values are predefined and only one can be picked.
l Multi-selection dropdown lists – One or multiple predefined values can be selected from a list.
Custom fields are created with the DECT. The user can customize them:
l By giving them any name. Note that maximum length of the name is 238 characters.
l By filling them in with any default value.
l By setting them as normal or mandatory fields (the latter are highlighted with red color and marked
with *-sign: report can’t be sent / saved until those fields have been filled).
l Examples of custom fields’ names: “Asset ID”, “Asset type”, “Asset value”, “Destroy asset” etc…
Note that a custom field can be in a locked state, which means that it cannot be edited by the user. A locked
custom field has a predefined value, which cannot be edited by the user and the field itself is greyed out.
DECT must be used to edit the locked custom field.
Custom fields (normal entry fields) can also be configured to require that the input must follow predefined
rules. The rules are set in the DECT by using regular expressions. If the input does not follow the rules set
for that field, then the update process will fail until the user inputs a value that matches the rule.
For example, the custom field using regular expression (A|F)[0-9]{3} would require that the value is either
“A” or “F” followed by 3 numerical characters (e.g. A245 would be an accepted input). If the entered value is
invalid, i.e. it doesn’t match the specified regex, the frame around the field turns red.
If the regex itself is syntactically incorrect, it is purged from the field and a red warning-icon "!" is shown,
indicating that the user has committed a mistake during configuration:
Note that when an invalid regexp is purged, the field then becomes a normal textfield.
For more information, refer to the DECT user manual.

4.4.2.2 Update-button
This button is used to validate all changes. After pressing it (or using shortcut Ctrl + D):
l All filled-in information will appear in all reports (“Report”-tab, PDF, XML).
l The fields that are left empty will be filtered out from the general reports (“Report”-tab, PDF) but will
be visible in the detailed XML report.
4.5 Report-step
The “Report”-step is the fourth and final defined default step. In this step, the report can be viewed before,
during and after the erasure.

The “Report”-step tab’s color informs of the overall report backing-up progress: not started (gray), ongoing
(blue), successful (green), failed (red). The report can be saved, sent or both sent and saved. Information
about the saving/sending status is also written under the “Report” tab.
Report tab – report can be viewed but has not yet been
backed up.
Report tab – report is being saved.
Report tab – report is being sent.
Report tab – report was successfully saved.
Report tab – report was successfully sent.
Report tab – saving the report was unsuccessful.

Report tab –sending the report was unsuccessful.
4.5.2 Work area

The “Report”-step’s working area contains the report. It can be viewed before, during and after the erasure
of the drives or editing of the fields.
In the top right of the Work area there is a single button that allows changing between the two report types:
Standard-report and Advanced-report. The Advanced-report also contains the self-monitoring information
of the drive (a.k.a. SMART information).
From the Standard view (default view), the user will be able to access the advanced report view by clicking
this button (or by pressing using Ctrl + M):
Note that the Advanced view can be set as the default view in the DECT.
From the advanced report view, the user will be able to access the Standard view by turning of the "Show
advanced report" from this button (or by pressing using Ctrl + M):

Note that if the report is saved as a PDF file, then the chosen report type in the UI is used to determine
which type (Standard or advanced) of report is saved.
4.5.2.1 Report content

Before the erasure has been completed, the report is simply an asset report which contains information
about the hardware of the machine. After the erasure, it becomes an erasure report with combined asset
information and erasure information. This report is the unique proof that the erasure has been initialized and
completed, which makes it extremely valuable.
The report is divided into the following categories:
l Licensee/Customer/Operator information (info about the owner of the Blancco license, the owner of
the erased machines and the operator executing the erasure)
l Custom fields (information customized by the user/operator)
l Erasure result information (detailed information about the erasure results per erased drive)
l Hardware information (asset report about the host machine)
l While detected USB devices are listed in the report, the software cannot separate between
internally and externally connected USB-devices.
l USB hubs and HASP sticks are filtered out of the USB device listing.
l Note that the screen resolution is only detected on laptops and only the current resolution is
reported (this resolution might not be the maximum resolution of the display). If the device has
multiple displays, only the first one is reported.
l Self-monitoring attributes are reported for ATA drives (S.M.A.R.T) and for SCSI- and SAS-
drives (log pages).
l Hardware test results (results of the hardware tests)
l Report information (detailed information about the report file itself)
4.5.2.2 Save-button
The save button is used to save the report to an external physical media, such as a USB-stick.

Plug your external device (USB-stick) into the machine, then press the “Save” button (or use shortcut Ctrl +
S). The following window is shown:
l Choose the desired media from the “Drive” list.

l The name of the report file is displayed on the “Filename” field. The default name of the report follows
the format: Date(yyyymmdd)_Time(hh24miss)_report.
l A report named “20210527_115442_report” was created the 27th of May, 2021 at 11:54:42
AM.
l This name can eventually be changed before saving the report to the external media.
l Choose the report format from the “Format” list. Possible report formats are:
l XML (report created with an XML extension, can be imported to the BMC/BMP),
l XML+PDF (two reports are created, one as a PDF-file and other one as a XML-file)
l Press “Save” to save the report or “Cancel” to exit this window.
If the saving was successful then the following pop up is shown:

If the report saving fails, an error pop up is shown. This error can occur for numerous reasons, the most com-
mon ones being:
l There is not enough free space on the external device.

l The external device has been disconnected.
l A report file with the same name already exists in the external device.
l The report’s name contains invalid characters.
l The external device is faulty and data cannot be written on it.
Note. When saving a report on a USB stick, make sure that:
l The USB stick has been preformatted by the user to FAT32 (most suitable format).
l The USB stick has a single partition.
l The USB stick name is not empty. Use preferably a name containing characters in the range a-zA-
Z0-9.
l The USB stick is in a good condition, if you have any doubt re-format it or replace it.

4.5.2.3 Send-button
Send-button is used to send the report to the BMC1/BMP2.
When the “Send” button is pressed (or the shortcut Ctrl + N is used), the report is sent to the BMC/BMP:
If the report sending fails, an error pop up is shown. If the report sending is tried but some of the Man-
agement Console settings are missing, an error pop up is shown. Note that the popup only shows one miss-
ing parameter at a time. The pop up will have information about the missing parameter:
2Blancco Managemet Portal. A centralized data management reporting solution to store and manage data erasure reports. Please see
the BMP documentation for more information.

If the Management Console credentials are incorrect/missing, the following popup is shown. Insert the cor-
rect credentials on the fields:
4.6 Restart/Shutdown-step
This step is only available if in the DECT, the "Process" has been set to "Automatic" and "Shutdown" or
"Restart" is selected.
When the process is finished, the system will automatically restart or shutdown when the timer runs out, or if
the "Restart now" or the "Shutdown now" button is pressed.

4.7 Notification icons
The notification icons are located on the lower left corner of the screen. They provide various information
about the status of the software and the hardware. Hovering the mouse on the icon shows a tooltip with the
corresponding information.
4.7.1 Local Time and Current Date

The local time and current date is displayed here. The time is in 24-hour time format with the UTC offset dis-
played next to it and the date is Year-Month-Day. The UTC offset can only be modified via DECT.
Note that the date and time is taken from MC, HASP or BIOS in that priority order. Also, when a time is
taken from a higher priority source, it is never changed to the time from a lower priority time source, unless
the machine is restarted, and the higher source is no longer available.
4.7.2 Battery charge

The current charge of the connected battery is displayed here. If the machine does not have a battery con-
nected to it, this information or icons are not displayed.
The icon has two main states:

Charging:
Discharging:
In addition to percentage value, the colored bar inside battery indicates the battery level:
l Green when >= 50%

l Orange when < 50%
l Red when < 25%
When a charger is connected, a socket icon is added top left corner of the battery icon. Charging status for
individual batteries is shown inside the tool tip. Charging status is updated once every 5s and battery level
information once every 60s. Possible values for Status are: Discharging, Charging, Full and Unknown.
4.7.3 Small asset report

The small asset report icon shows a small report with the machine’s basic hardware information. The tooltip
displays:
l The machine model.

l The CPU model and frequency.
l The RAM amount and its type.

More detailed information about the machine is found from the generated report (“Report”-step).
4.7.4 Network
The network icon shows whether or not Blancco Drive Eraser can reach the network. The icon can have two
states:
- Everything ok.
- There is a problem with the network connection.

The tooltip displays the available network interfaces and their status:
Note that if there is a problem with the network, then BMC/BMP cannot be reached either.
4.7.5 BMC
The BMC icon shows the connection to BMC1/BMP2. The icon can have three states:
2Blancco Managemet Portal. A centralized data management reporting solution to store and manage data erasure reports. Please see
the BMP documentation for more information.

- BMC settings are not set, no connection to BMC/BMP. Enter the settings in Settings – Management
Console Communication Settings to establish a connection to BMC/BMP.
- Everything ok.
- There is a problem with the connection to BMC/BMP.

The tooltip displays the BMC/BMP connection status:
4.7.6 Licenses
The License icon shows the number of available licenses. The icon can have two states:
- No licenses available.
- Licenses available.
The tooltip displays the number of available licenses:
If the license container cannot be reached, the following messages will be displayed:
Note that the Enterprise Subscription Edition does not display the number of licenses. Instead it displays the
subscription status (subscription / not available).
Blancco Drive Eraser has several license types:

l Erasure licenses: these licenses are necessary to erase drives. Consuming one erasure license
allows the user to save/send reports.
l Asset licenses: in case there are no Erasure licenses (or if the user hasn’t erased any drive), these
licenses are necessary to save or send a report with all the hardware information of the machine
(asset report).
Blancco Drive Eraser license control is done either from a local HASP dongle, or from the BMC via the net-
work. There must be enough licenses in order to start the erasure or save/send an asset report.

5. Keyboard Controls
Blancco Drive Eraser can exclusively be controlled with the keyboard only (no mouse required).
5.1 Generic controls

5.1.1 Tab key
The Tab key moves the focus between the elements in the work area, active buttons on the lower right
corners and other possible elements (like the search-bar in the Erasure-step). In menus, it moves the focus
between available tabs and fields.
The focus moves from left to right, top to bottom, in a circular way. By combining the Shift-key with the Tab-
key (Shift + Tab), the direction is reversed (goes backwards: from right to left, bottom to top).
The X-button that is visible in the top right of popup/dialog windows cannot be reached via the Tab key. Use
the Escape-key to close such windows.
5.1.2 Arrow keys

Whenever the focus is:
l On an area that contains a horizontal and/or vertical scroll-bar (Report-step, Hexviewer, Help win-
dow, EULA window…):
l The Arrow keys can be used to go up/down/left/right inside that area.
l On a drop-down list (list of erasure standards, list of languages, list of keyboard layouts…):
l The Arrow keys can be used to scroll those lists.
l On a slider’s handle (verification slider):
l The Arrow keys can be used to move the handle.
l On a scrollable container with elements:
l The Arrow keys can be used to move from one element to another.
l Use the arrows keys to move between drives and hardware tests.
5.1.3 Space bar

l On top of a check-box:
l The Space bar selects/deselects it.
l On top of a button:
l The Space bar pushes it.
l On top of a link:
l The Space bar opens it.

l On a drop-down list:
l The Space bar expands it and it can also select its elements.
5.1.4 Ctrl + Space

Displays the tooltips of the notification icons located in the bottom-left corner of the screen (system tray).
Otherwise "CTRL+SHIFT+SPACE" goes to the previous information tip.
5.1.5 Ctrl + Enter

Apply changes and close the window in Settings-menu and Erasure settings -window.
5.1.6 Escape key

l On top of an expanded drop-down list:

l Esc key collapses it.
l Inside an open window (popup, dialog):
l Esc key closes it without saving any change (equivalent of Cancel/Close or x).
l While running a hardware test:
l Esc key exits the test.
5.2 Accessing the Header area

The buttons of the Header area are accessed exclusively with the function keys.
5.2.1 F1-F3 function keys

l F1 – pushes the Help-button (opens the Help-window).
l F2 – pushes the Settings-button (opens the Settings-window).
l F3 – pushes the Report issue-button (opens the Report issue-window).
These buttons might differ depending on the version of the software. The logic always follows the same for-
mula: first button on the left of Shutdown-button is F1, next one on the left is F2, etc…
5.2.2 F10 function key

Pressing F10 is similar to pushing the Shutdown-button (opens the Shutdown-popup).
If the report has not been saved or sent or if there are unsaved changes to the erasure report, then a popup
will be displayed informing the user about the situation. To continue to the shutdown dialog, click “Yes”. To
cancel and return to the main menu, click “No”.
5.3 Accessing the Process area

The steps of the Process area are accessed exclusively with the key combinations Ctrl key + Number keys
(1, 2, 3…).
l Ctrl + 1 – selects the first step that is defined and visible.

l Ctrl + 2 – selects the second step that is defined and visible.

l Ctrl + 3 – selects the third step that is defined and visible.
l Ctrl + 4 – selects the fourth step that is defined and visible.
These buttons might differ depending on the configuration of the software. The logic always follows the
same formula: the first step is accessed with Ctrl + 1, the second step is Ctrl + 2, etc...
5.4 Navigation inside the Work area

5.4.1 Erasure-step
The drives, erasure options and the Erase-button can be accessed with the Tab key and the Arrow keys,
but this step has also few key combinations.
5.4.1.1 Ctrl + R
Refresh drives. Available when the "Report per Connected Device" and "Hotplug" options are enabled.
5.4.1.2 Ctrl + M
Toggle Show Empty Slots in Erasure-step.
5.4.1.3 Ctrl + F
Search-function (search visible drives).
5.4.1.4 Ctrl + A
This key combination selects/deselects all drives for erasure.
5.4.1.5 Ctrl + L
Locate the selected drive.
5.4.1.6 Ctrl + Alt + L

Locate all drives.
5.4.1.7 Ctrl + H
Opens the Hexviewer.
5.4.1.8 Ctrl + Alt + R

Show Per Drive -report.
5.4.1.9 Ctrl + Alt + E

Edit Per Drive -custom fields.
5.4.1.10 Ctrl + Alt + P

Pause the erasures of the selected drives.
5.4.1.11 Ctrl + Alt + U

Unpause the erasures of the selected drives.

5.4.1.12 Ctrl + Alt + C
Cancel the erasures of the selected drives.
5.4.1.13 Ctrl + G
This key combination opens the erasure “Erasure settings” window.
5.4.1.14 Ctrl + E
This key combination pushes the Erase-button (starts the erasure).
5.4.2 Hardware tests-step

The test checkboxes and buttons can be accessed with the Tab key.
5.4.2.1 Ctrl + T
This key combination activates the execution of marked tests.
5.4.2.2 Ctrl + A
Select/deselect all tests.
5.4.3 Custom fields-step

The fields and the Update-button can be accessed with the Tab key.
5.4.3.1 Ctrl + D
This key combination updates the report.
5.4.4 Report-step
The elements can be accessed with the Tab key. Use the Arrow keys to scroll the report content.
5.4.4.1 Ctrl+S
This key combination saves the report.
5.4.4.2 Ctrl+N
This key combination sends the report.
5.4.4.3 Ctrl + M
This key combination switches between Standard- & Advanced-views/modes.

6. Screensaver
Blancco Drive Eraser screensaver shows the current state of the erasure on the machine’s monitor.
6.1 Presentation
The following information is displayed:
l The erasure progress bar

l The overall percentage of erasure(s)
l The overall time left to complete the erasure(s)
The screensaver provides a good overview of the ongoing erasures and their final result, whether suc-
cessful (green icon) or failed/canceled (red icon). The screensaver can be turned on or off via the DECT
and from the “Settings” window. The screensaver timeout (in seconds) can also be defined in the “Settings”
window.
Ongoing erasures:
All erasures finished successfully:

At least one erasure failed or was canceled:
Paused:

6.2 Exception notifications
If the erasures are successful, but there has been at least one exception reported (e.g. "DCO area removal
failed"), the screensaver will provide a notification of this by displaying a successful icon which color shifts
between green and yellow. This notification informs the user that there is something in the report that
requires user’s attention. The notification of erasure exceptions can only be turned on or off via the DECT.

The only exception that is not notified is the purely informative message "Device is SSD, see manual for
more information", which is always displayed when an SSD is successfully erased.
6.3 Temperature Warning

If an NVMe or SATA drive is detecting high temperature, the screensaver will provide a notification of this by
flashing !-symbol on yellow background.
6.4 Remote erasure

When Blancco Drive Eraser is being remotely controlled by the BMC (the remote control has to be activated
from the DECT), a screen with the following message will be shown: "REMOTE ERASURE - This computer
is being remotely erased. Please do not shutdown unless you are certain the process has been com-
pleted.".

When the erasure is started, the screen will display a progress with the remote erasure message inside it.
The main difference with the normal erasure screensaver is the text over the erasure percentage number
and the BMC identifier number on the top right corner of the screen.
If the remote erasure has been successfully completed, the a success symbol is displayed, with the remote
erasure message next to it.

If the remote erasure has failed, a failure symbol (!) will be displayed, with the remote erasure message next
to it.
6.5 Screensaver lock

The screensaver lock, when active, forces the screensaver on when the erasure starts and makes it
impossible to exit the screensaver. Mouse and keyboard are turned off and have no effect on the software.
The screensaver lock needs to be activated through the DECT and is only available in the Automatic-pro-
cess.
The screensaver is unlocked in case a user interaction is required, for example in the following situation:

l The erasure standard is not supported (erasure cannot proceed).
l Erasure licenses cannot be consumed (erasure cannot proceed).
l The erasure has failed (user can check the problem and manually restart the erasure or save/send
the report).
l There are mandatory custom fields that are empty (report cannot be sent).
l There is a network problem or communication problems with the BMC (report cannot be sent).
l The erasure has succeeded and the report has been sent but the machine needs to be shutdown
manually (automatic shutdown/restart is turned off).

7. Blancco Drive Security Features
7.1 Booting Options
The Booting Options allow Blancco Drive Eraser to be booted with alternative settings, if there are issues
with the default booting.
Blancco Drive Eraser image can be booted in four different ways, each way enabling a different set of fea-
tures. These four booting options can be accessed by pressing the up or down arrow key right after the first
Blancco Drive Eraser static screen appears.
7.1.1 Description
These options are:
1. Normal startup (safe resolution) – Blancco Drive Eraser is loaded using a standard/universal
graphical driver. The screen resolution of the GUI is static (1024*768). If any drive is locked, the
Freeze lock removal is attempted just before the erasure process (the screen turns black for few
seconds then restarts and the erasure begins, see the Freeze lock). This booting option has been
tested on several configurations, however the Freeze lock removal procedure may not work in all
machines (the standard/universal graphical driver often presents display problems when the
machine is awakened).
2. Normal startup (native resolution) – Blancco Drive Eraser is loaded using any available driver
that corresponds to the graphical card of the machine (the standard/universal graphical driver is just
a fallback). The screen resolution is the native resolution of the machine (1024*768 or higher). If any
of drives is locked, the Freeze lock removal is attempted just before the erasure process (the screen
turns black for few seconds then restarts and the erasure begins, see the Freeze lock). This booting
option works better than the first option in many/most cases when Freeze lock removal procedure is
needed.
3. FLR during startup – This is the default option. The Freeze lock removal process is carried out dur-
ing the booting phase, before loading all the system drivers, to increase the chances to wake up the
machine after the freeze lock removal. Then, Blancco Drive Eraser is loaded using any available
driver that corresponds to the graphical card of the machine. The screen resolution is the native res-
olution of the machine (1024*768 or higher). This booting option works better than the first option in
many/most cases when Freeze lock removal procedure is needed.
4. Show startup messages – This is the same option as the second one, except that startup mes-
sages are shown in the screen instead of the animated loading screen. This can be used as a
troubleshooting measure for machines where Blancco Drive Eraser hangs during the booting phase.
5. Customized startup - This option allows to create a customized booting where the user can
enable/disable the freeze lock removal at boot time and enable/disable extra kernel parameters. See
DECT manual for more information.
7.1.2 When to use the booting options?

Depending on the hardware where Blancco Drive Eraser is booted, some issues may arise during the
Freeze lock removal process performed by the default booting option (FLR during startup), such as
screens staying black or unresponsive machines. In these cases, the suggested procedure is the following:

l Try booting Blancco Drive Eraser using the second booting option (Normal startup (native res-
olution))
l If problems arise with the aforementioned booting option (black screen, machine is unresponsive),
try booting Blancco Drive Eraser using the first option (Normal startup (safe resolution)
If problems arise during the booting phase (Blancco Drive Eraser hangs), try booting Blancco Drive Eraser
using the fourth option (Show startup messages), take note of the last messages shown in the screen
before the hanging and contact the Blancco Support.
These options are hidden by default and the time limit to select a booting option other than the default one is
5 seconds.
7.2 Automatic Restart/Shutdown

Automatic restart or shut down can be activated with the Semi-automatic and Automatic processes via
DECT. See DECT manual for more information.
The following options are available on the DECT:
l None – The default value. No automatic restart or shutdown.

l Restart, after erasure – Machine is automatically restarted, after the erasure process has finished:
all drives erased, successful erasure is optional.
l Restart, after successful erasure – Machine is automatically restarted, after the erasure process
has finished in a successful state: all drives erased, successful erasure and no exceptions at all or
informative exceptions only.
l Shutdown, after erasure – Machine is automatically shut down, after the erasure process has fin-
ished: all drives erased, successful erasure is optional.
l Shutdown, after successful erasure – Machine is automatically shut down, after the erasure pro-
cess has finished in a successful state: all drives erased, successful erasure and no exceptions at all
or informative exceptions only.
Note that a report has to always be backed up before the machine shuts down or restarts!
7.3 Crash reporter

Blancco Drive Eraser crash report is a detailed report that contains additional system information and log
files which can be used to understand and reproduce problem that has occurred with Blancco Drive Eraser
erasure software. It is very similar to the Blancco Drive Eraser issue report.
If Blancco Drive Eraser erasure software freezes or crashes, the software will try to generate a crash report
automatically. If there is a USB stick plugged in when the software crash happens, a crash report will be
copied on the USB stick. The crash report will be copied on all detected USB sticks. If a USB stick is con-
nected later to a computer, where the crash has occurred, the report is automatically copied on the USB
stick.
For more information, there are several articles about the crash reporter in the Blancco Knowledge Base
(https://support.blancco.com/pages/viewpage.action?pageId=66071).
7.4 Automatic report backup

If the automatic report backup option is turned on from the DECT, reports are automatically sent to Man-
agement Console. If the report sending to BMC is not possible or it fails, the reports are saved to a

connected USB stick.
Automatic report backup is only available on the Manual-process (the other processes already include an
automated report sending).
Some notes regarding the automatic report backup:
l The report created during the automatic report backup is not yet considered an official report, just a
backup. This is because the backup report is sent right after the erasure is finished and it doesn’t con-
tain the session ID at this point. The session ID is added after the possible Custom fields modi-
fications, when the report is sent/saved.
l The report is sent to BMC once the erasure of a single drive has been finished, failed or canceled.
l If the BMC cannot be reached, then all (whether they have already been sent or not) reports
are automatically saved to a connected USB stick.
l The automatically saved report will be identified by its report UUID (ex: d508BDE2e-
g052-5f63-0e4g-15ddf753e1g0_report.xml).
l Each time USB saving is done, all reports currently saved on the memory are saved to
the USB.
l If the USB-sticks are changed between saves, the new USB stick will then
receive all the old reports in addition to the new reports.
l If there are several USB stick connected simultaneously, then the reports are saved to
all of them.
l If no USB stick has been connected, the report is saved once a USB stick is connected.
l The reports will disappear if the machine is shut down or restarted.
l If there are already auto-saved reports on the USB and the BMC-connection starts working,
all the saved reports will be sent to BMC, whether or not they have already been saved to the
USB stick.
l If the “Report per Connected Device” mode is enabled, several reports might be automatically
sent/saved (one per connected drive). Otherwise expect one report containing all the erasure
information (one per session).
l If the BMC is changed, only the reports which have not yet been sent to BMC will be sent to the new
BMC. Reports are sent only once (if their content is not updated).
l If there are mandatory custom fields, their validation will be skipped and reports are sent without
those fields filled.
l The automatically sent reports are always sent/saved in XML-format, even if the default saving set-
tings have been set to PDF+XML.
l If an erasure is run multiple times, the report will be updated after each erasure and then sent or
saved, replacing the previous version of the report. Only one report with the specific entities is pro-
duced and maintained.
l Reports are also updated after custom field(s) are updated.
l Information about the sending/saving is shown on the UI with messages on the tabs. Note that

Report-tab does not change its color when handling backup reports.
l For example: “Backup to MC/USB completed”
7.5 Detecting HDDs

Magnetic storage media, such as HDDs, use physical addressing when storing information on a media
device. With this addressing, the HDD is divided into smaller parts that can be appointed according to cer-
tain parameters. In magnetic media the aforementioned physical parameters are sectors, cylinders and
heads. During the computer usage, these parameters enable the operating systems to locate the inform-
ation on a HDD but they also define the size and storage base of a HDD. A reliable and protected detection
of these hardware level parameters is essential and the erasure software must be capable of detecting the
correct HDD sizes regardless of the techniques used in altering the HDD information. Failure to accurately
detect the HDD may result in an incomplete erasure.
All Blancco data erasure tools utilize hardware level detection for HDDs which enables the software to
detect correct HDD sizes regardless of faulty or incorrect BIOS-set HDD values. As a result, the overwriting
process will reach the whole HDD surface, leaving no areas untouched.
7.6 Read/write error handling

If the totality of the addressable area of a drive cannot be erased or verified, this can cause a potentially
remarkable data security risk. Examples:
l A drive may contain damaged areas (also known as "bad sectors") that are not remapped and can-
not be accessed anymore with read or write commands.
l A drive (especially an HDD) which temperature has risen above a certain value can start producing
read and write errors randomly.
l A drive behind a RAID controller that does not accept read or write commands.
Those problematic sectors/areas/drives have one thing in common: although they can still contain data,
attempting to reach them generates write or read errors. Data erasure tools must be able to detect such
problems and report them.
Blancco Drive Eraser keeps track of the erasure process and informs if the data overwrite or verification can-
not be performed due to some error on the drive level. In case there is a problematic area on the drive, the
software will first try to write (read) data to (from) the defective area. If the area generates write (read)
errors, Blancco will try to write (read) a smaller block (half of the original block size) to (from) the area in
order to overwrite (verify) the maximum amount of data. The same procedure will continue until the software
tries to write (read) the smallest possible block to the drive and if unable to do so after three tries, the sector
will be considered unreachable and the software will count one error. In all cases, all the areas that can be
reached will be erased and only the areas that cannot be written/read will be reported. The sum of the errors
will be visible in the user interface (under the drive) and in the erasure report.
If there is at least a write/read error detected during the erasure process (during overwriting rounds or veri-
fication), the erasure result will be “Not erased”.
A threshold on the write error count can be configured in the DECT. The default threshold is 5 errors. If the
amount of write errors equals or exceeds the defined threshold, the erasure is immediately stopped and
marked as failed. This helps identifying problematic drives quickly and can save a lot of time, additionally
the report will show an error message informing about this.
A similar threshold exists on the read error count.

The verification mechanism on Blancco Drive Eraser is configured to provide the statistically most effective
analysis of the drive on any given verification percentage (through checking sectors at evenly spaced inter-
vals). The higher the percentage selected by the user means that a larger amount of the drive will be ana-
lyzed, resulting in a greater chance that read errors will be detected. The verification also counts
mismatching sectors (sectors not containing an expected pattern) as read errors.
7.7 Remapped sectors

Modern drives have a lot of functions for self-testing, self-recovering and keeping track of their state. One of
the possibilities is sector remapping. This allows the drives to detect and hide the sectors, which will either
be or have become impossible to access. The drives have a so-called spare area intended precisely for
this. When a failed sector is detected, the drive controller assigns the address of the sector to a new one in
the spare area. The address remains the same but the owner is changed. The remapped sector may con-
tain some of the user's data.
Blancco Drive Eraser can activate internal drive commands that are capable of erasing the remapped sec-
tors. This functionality can be predefined via DECT or enabled via the setting “Erase remapped sectors”.
Assuming that the drive possesses the proper internal command, the remapped sectors erasure can be
selected along with any erasure standard that Blancco Drive Eraser supports.
If an erasure is started with this option enabled, the following actions will happen:
l An extra step running a specific firmware based erasure is added to the selected erasure standard
only in case:
l the drive has at least one remapped sector
l the erasure standard does not include any firmware based erasure step
l This additional step is capable of erasing the remapped sectors but is merely optional: if this extra
step fails, it will not fail the whole erasure process, which will continue nevertheless.
Note that erasing remapped sectors can be a time consuming process depending on the drive size and
speed.
A threshold on remapped sector count can be configured in the DECT. If before/after the erasure the
amount of remapped sectors equals or exceeds the defined threshold, the erasure is stopped and marked
as failed, additionally the report will show an error message informing about this.
Note that if the setting “Fail Erasure if Unsuccessful” is selected from the erasure options the whole erasure
will fail if a drive does not support the commands necessary for the remapped sector erasure or those com-
mands fail for some reason. Conversely, if this setting is turned off, erasure will start even on drives that do
not support the erasure of remapped sectors, nevertheless there will be an exception in the report informing
about this lack of support.
For more information about the erasure status, see Erasure status and exceptions .
Note. Assuming that the drive possesses the proper internal command, the erasure standards (Extended)
Firmware based erasure, BSI-GS/E, NIST 800-88 Purge – ATA and Blancco SSD Erasure include de facto
a remapped sector erasure.
Warning! Erasing the remapped sectors can also result in erasing any hidden area existing in the drive. Be
careful that you enable this option on drives where you also want to erase/remove any existing hidden area.
Warning! Avoid turning off the computer, exiting the program, disconnecting the drive(s), paus-
ing/cancelling the erasure during the Remapped Sector erasure process or the drive(s) may be damaged.

Warning! Disable the BIOS HDD detection when using Remapped Sector erasure. In many computers the
remapped sectors can be erased even without changing BIOS settings, but by disabling the BIOS HDD
detection some problems can be avoided.
7.8 Hidden areas in a drive

There can be hidden areas in an ATA storage device (HDD, SSD) which cannot be seen or accessed via
the O.S. or the BIOS. These areas are:
Item Explanation
The HPA is commonly used to store the recovery part of the operating system
Host Protected Area (HPA)
and can contain sensitive data.
The DCO feature allows to reduce the size of a drive to a certain amount of sec-
tors via the creation of a hidden partition. This special area of the drive creates a
Device Configuration Overlay (DCO)
risk that some data might be left on the drive after the erasure unless the eras-
ure product is capable of detecting and also extending and erasing DCO areas.
Blancco Drive Eraser can be configured to detect and automatically remove these areas by activating
internal drive commands. This functionality can be predefined via DECT or enabled via the setting “Remove
hidden areas”. The hidden areas removal can be selected along with any erasure standard that Blancco
Drive Eraser supports.
l An extra step running a specific drive command to remove the hidden areas is added to the selected
erasure standard only in case:
l the drive has at least one hidden area
l the erasure standard does not include any hidden area removal step
l This additional step is merely optional: if this extra step fails, it will not fail the whole erasure process,
which will continue nevertheless.
Note that hidden areas defined with the Max Address Configuration feature set (available with the ACS-3
standard) can also be detected and removed (will be identified as HPA).
For more information about the erasure status, see Erasure status and exceptions .
Warning! Drives that contain HPA and/or DCO areas that have not been removed should not be erased
with NIST 800-88 Clear, NIST 800-88 Purge - ATA, BSI-GS/E, (Extended) Firmware based erasure,
Blancco SSD Erasure or any other standard with the “Erase remapped sectors” feature activated. Using
these options could end up erasing such areas.
Warning! Hidden are removal is not reliable if the storage is connected to the machine via an adapter (e.g.
external USB enclosure). Blancco recommends hidden are removal only for storage, which is directly con-
nected to the machine, with no adapter of any kind in the middle.
7.8.1 Shadow MBR

The "Shadow MBR" is special storage area on some drives supporting TCG commands. This area has a
size of at least 128MB and it is intended for storing a boot image used for pre-boot authentication.
For example, the machine boots normally from the drive, but gets a special image that shows a drive unlock-
ing screen. Entering the correct password on this screen, unlocks the drive and inactivates the shadowing,
so the boot process can continue using the real data stored on the drive.

This area cannot be removed or erased via normal means (overwriting or firmware-based erasure com-
mands) and requires special TCG commands (PSID Revert operation or admin password).
If the "Shadow MBR" is supported by the drive, it can be:
1. Disabled
2. Enabled and active
3. Enabled and inactive
If disabled, the area doesn't exist at the moment so no data can be kept in the Shadow MBR (no risk).
If enabled and active, the area exists, contains data and the area is presently mapped to the drive logical
space (the drive only sees the "Shadow MBR" area and does not see the user addressable area). The drive
requires a password to give access to the user data, providing it turns the "Shadow MBR" to inactive for the
rest of the session.
If enabled and inactive, the area exists, contains data but the area is presently not mapped to the drive
logical space (the drive only sees the user addressable area and does not see the "Shadow MBR" area). In
this scenario, the user addressable data can be erased, but this won't affect the "Shadow MBR" area. If the
machine is shut down and rebooted later, the "Shadow MBR" area becomes active again and the drive will
request the user to enter the password: at this point, the user may see information from the company that
enabled the "Shadow MBR" area (name, logo, etc.).
BDE 7.1.0 can detect this area:
l A new "Shadow MBR" icon is shown on the drive if this area is enabled, hovering on it provides addi-
tional information.
l The report contains three new fields: tcg_shadow_mbr_supported, tcg_shadow_mbr_enabled and
tcg_shadow_mbr_active
l These fields can be used within a Workflow to detect the presence of a "Shadow MBR" and
act accordingly.
7.9 Resume Erasure

The client software can be configured to resume the erasure process in the event of the process has been
interrupted in an uncontrolled manner (power loss, system failure, etc…).
The functionality has the following requirements:
l The feature must be activated via the DECT.

l A USB stick, which is not full, must be plugged in during the erasure. A file with the erasure inform-
ation is saved to the USB device and that file is used to resume the erasure.
l Generally, a few KB of free space are required per erased drive.
l The erasure is resumed at the beginning of execution step where the interruption took place.
l For example, if an erasure was started with the “Peter Gutmann’s Algorithm” selected and the
erasure was interrupted at 50% through the step #7 (Overwrite with 0x924924), the erasure is
resumed at the beginning of the step #7.

l The feature only works with magnetic erasure standards.
l See chapter “Magnetic standards” for more information.
Resuming an erasure works the same way as resuming a paused erasure.
7.10 Erasure Standard Switch for SSDs

Blancco Drive Eraser can detect SSDs and use for these specific drives an appropriate erasure standard
instead of the preconfigured erasure standard. This functionality can be predefined via DECT or enabled via
the setting “Enforce Blancco SSD method on SSDs”.
l For each SSD, the default erasure standard is switched to the Blancco SSD Erasure standard.
l All other drives, which are not SSDs, are unaffected (erased with the default erasure standard).
7.11 Erasing and preserving drive partitions

The software can be configured (either in the Blancco Drive Eraser UI or via the DECT) to handle drive par-
titions. This is done by either detecting and displaying all the partitions and/or preserving the Windows
recovery partition:
l Detecting and displaying the drive partitions can be enabled via the setting “Show drive partitions”. It
works with all partitioning standards (MBR, GPT). When enabled, the drive is not displayed as a
single item, but as a multi-selection dropdown list containing all detected partitions (in Erasure step).
The partitions are shown (file system, label, size), can be selected, erased and reported individually
(if no partition is detected, the drive is displayed as normally as a single drive):
l Preserving the Windows recovery partition can be enabled via the setting “Preserve recovery par-
tition”. It works on GPT partitioned drives only (Windows 7/8 or above). When enabled, the software
will erase all partitions while leaving the recovery partition untouched and un-erased.
l The recovery partition can be reused later to reimage the machine.
l If a Windows recovery partition is detected on a drive, a “RECOVERY” icon is displayed under
the drive (in Erasure step), otherwise the drive is displayed as a normal drive.
Depending on the selected settings and the detected drive partitions there are three (3) main cases that can
happen, these cases can allow/prevent some erasure options as described in the table below:
l Case 1: “Show drive partitions” is enabled, partitions are detected, the user selects individual par-
titions for erasure.
l Case 2: “Show drive partitions” is enabled, partitions are detected, the user selects all the partitions
for erasure. Case 2 overrides Case 1.

l Case 3: “Preserve recovery partition” is enabled and a GPT Windows recovery partition is detected.
Case 3 overrides Case 2.
Erasure option Case 1 Case 2 Case 3

Normal overwriting (1) Allowed (a) Allowed (c) Allowed (d)
Firmware command (2) Not allowed (b) Allowed (c) Not allowed (b)
Remapped sectors erasure (3) Not allowed (b) Allowed (c) Not allowed (b)
Hidden area removal (4) Not allowed (b) Allowed (c) Not allowed (b)
Blancco SSD switch (5) Not allowed (b) Allowed (c) Not allowed (b)
Bootable asset report (6) Ignored (e) Allowed (c) Ignored (e)
Fingerprint (6) Ignored (e) Allowed (c) Ignored (e)
(1): Available with plain overwriting standards like “HMG Lower Standard”, “DoD 5220.22-M”, etc. (check
the Appendix for details).
(2): Available in erasure standards such as “NIST 800-88 Purge” or “Blancco SSD Erasure” (check the
Appendix for details).
(3): Available on any erasure standard with the setting “Erase remapped sectors”.
(4): Available on any erasure standard with the setting “Remove hidden areas”.
(5): Available with the setting “Enforce Blancco SSD method on SSDs”.
(6): Setting available from DECT.
(a): Only the selected partitions are affected: the partition content, label and file system are erased but the
partition location on the drive (partition table) is left untouched. The erased partitions are also reported indi-
vidually, but an exception message will inform that there is data left on the drive.
(b): A red icon "NOT ALLOWED" is shown under the drive, attempting an erasure will display an error
popup and the erasure will not proceed. Only overwriting is possible in this case, check the option (1).
(c): This case does not differ from a normal erasure, the drive is erased as a whole including all partition
information (table, content, label, file system), the report will not mention any partition either.
(d): If “Show drive partitions” is enabled: this is the same as (a) with the difference that the Windows recov-
ery partition will be greyed out and won’t be erasable. If “Show drive partitions” is turned off: no partition will
be displayed, all partitions (but the Windows recovery) will be erased in the background, but an exception
message will inform that there is data left on the drive.
(e): This setting is simply ignored, the user will not get any notification.
7.12 Erasure verification

The user of Blancco Drive Eraser can select the level of verification of the erasure. The verification process
reads data at identical intervals across the whole drive’s surface and makes sure that the erasure’s over-
writing patterns were written correctly. The minimum verification corresponds to checking 1% of the surface
of the drive (fast process), while the full verification corresponds to checking 100% of the surface of the
drive (slower process).
Taking samples at identical intervals across the drive’s surface can efficiently detect any problems in the
erasure, while being faster than reading all the overwritten data. The user of Blancco Drive Eraser can
increase the level of verification from the default 1% all the way up to 100% (full verification) when higher
level of security is required. If the verification finds any data left on the drive (overwriting patterns are miss-
ing) or if sectors in the drive cannot be read, it will alert the user that the erasure process has failed.
A systematic verification step is always enforced after the last overwriting pass.

All verification algorithms are based on the NIST-algorithm (see chapter "Compliance with Updated NIST
Guidelines").
7.12.1 Traditional verification

As a default, Blancco Drive Eraser uses the traditional verification algorithm to verify the erasure. This
algorithm searches for known patterns throughout the whole drive, whether it is a periodic pattern (resulting
from a normal overwriting with a fixed pattern e.g. 0x00 or resulting from a firmware-based erasure) or an
aperiodic pattern (resulting from a normal overwriting with aperiodic random patterns). Note that this tra-
ditional verification is always attempted after a firmware based erasure has been done.
7.12.2 Alternative/Fallback verification

Some drives have their firmware commands implemented in a way that a periodic pattern is not written
throughout the whole drive, but instead pseudo-random data is written. This pseudo-random data cannot be
verified by using the traditional verification algorithm that fails.
In case the traditional verification algorithm fails after executing a firmware-based erasure command,
Blancco Drive Eraser can re-verify this pseudo-random data by searching for absence of known patterns
overwritten prior to the execution of the firmware-based erasure command. If this alternative verification
algorithm is successful, the erasure will succeed, however there will be an exception in the report informing
about the existence of non-periodic patterns in the drive.
7.13 Freeze lock

If the drive is Freeze locked, removal of the drive’s hidden areas or issuing the firmware based erasure com-
mands is not possible.
Blancco Drive Eraser detects if at least one of the drives about to be erased is Freeze locked. When a
Freeze lock is detected, Blancco Drive Eraser tries automatically to remove the Freeze lock by power cyc-
ling the machine: the machine is put to sleep, the drives’ locks are removed and the machine is woken up.
When this power cycling happens the screen usually goes black for a few seconds before returning. As the
machine is power cycled, Blancco Drive Eraser attempts to remove the freeze locks on all locked drives at
once, so this process occurs at most once per session.
Warning! With some hardware configurations, the screen might not turn back on. This depends heavily on
the machine’s BIOS, graphics chipset and/or the graphical driver used, as some devices do not wake up
properly/at all. The erasure process is either interrupted or continues in the background. To prevent this
from happening, the freeze lock procedure can be avoided by doing the following actions:
l At boot phase, ensure that the selected booting option is any but “FLR during startup”.
l Once Drive Eraser has booted and before starting the erasure:
l Select an erasure standard with no firmware commands (normal overwriting only).
l Disable the erasure of remapped sectors.
l Disable the removal of hidden areas.
l Disable the enforcing of the Blancco SSD erasure on SSDs.
7.14 Persistent Software Detection

Special software can be embedded in the BIOS/UEFI of the machine, from where they can be executed by
the operating system. Such software are called "persistent" because they remain on the machine even after
its data has been sanitized. This software can be detected and reported via a DECT configuration (Security

- Security options - Device enrollment detection - Persistent software). If a persistent software is detected,
the BDE report will show a field called "Persistent Software" displaying the name of the software in ques-
tion. The most popular persistent software is Computrace (by Absolute Software) and it is used for tracking
computer hardware.
When Computrace is active, it works as a Windows program that is always enabled, even after the machine
is erased and reimaged. This software is executed every time the machine is booted to a Windows OS.
Note that if the BIOS has a Computrace setting shown as "Active" or "Enabled", this does not necessarily
mean that the feature is working. The only actual way of ensuring Computrace is working correctly, is by
installing Windows OS on the erased machine and checking if the Computrace process appears on the
machine.
7.15 Hot swap capability

Drives can be hot swapped (or hot plugged) without affecting the erasure process running on other drives in
the machine.
1. To begin the hot swap process, remove a drive or connect a new drive to the machine.
2. Press the Refresh drive list button (or Ctrl + R) in Blancco Drive Eraser’s Erasure-tab. Software will
indicate when process is complete.
Notes.
l Hot swap can be activated from the DECT only if the “Report per Connected Device” mode is
enabled.
l Pressing the Refresh drive list button disables all actions in the Erasure-tab and pauses all ongoing
erasures. The erasures are resumed and the Erasure-tab becomes active again, after the drive re-
detection has been completed. The following message is displayed:
l If one or more drives are executing firmware commands when the Refresh drive list button is
pressed, the refresh starts after those firmware commands have been finished. A pop up is
displayed, informing the user that the drives will be refreshed after the firmware commands
have been finished with the message: "A firmware command is being executed on one of the
drives. The list of drives will be refreshed after it finishes.".
l Drive Eraser provides hot swap support for SAS/SCSI/SATA/FC/USB/NVMe drives only, in case
they are visible as nodes in the system (it does not work if the drives are behind a RAID controller

being passed through). Hot swap support for other interfaces will be added in the upcoming
releases.
l For NVMe drives:
l SuperMicro 10XSLL-F and 10XSRL-F motherboards are the only motherboards offi-
cially supported for hot swap.
l Hybrid appliances (with both NVMes and traditional SAS/SATA drives) are supported.
l Port mapping for SAS/SATA port mapping will be consistent and based on the
internal cabling of the appliance, while for NVMe drives the port mapping is
learned on the fly. See the chapter “NVMe drives” for more information about
port mapping with NVMe drives.
l The “hotplug timeout” is a setting to configure the time to wait for a drive to be detected and dis-
played. It can be set from the “Settings” (General tab). It is useful to spot drives that take too long to
detect, especially faulty drives. If only SATA or USB drives are plugged, the recommended timeout
should be at least 30 seconds. If SAS/SCSI/FC/NVMe drives are plugged, set at least 60 seconds.
l Upon plugging an HDD, wait for 10-15 seconds before pressing the “Refresh drive list” (time for the
drive to spin and get ready for the detection).
l In case a drive is not detected during the period set by the “hotplug timeout” (30 seconds by default),
the detection for that drive stops and a warning is displayed:
l If the detection process fails three times in a row with the same drive, the hot plug service
goes into an error state and displays a notification to reboot the machine. The drive in ques-
tion is probably faulty and is compromising the stability of the software. The error state and the
notification may disappear if the faulty drive is removed and the drive list is refreshed. Other-
wise, subsequent detections will fail and a restart will be necessary. The error message looks

like this:
l Some drives (particularly some older EMC 1GB drives) produce inconsistent results with hot swap-
ping; these drives will need to be inserted prior to a full system boot or reboot.
l If the system still doesn’t recognise some drives, shutdown the system, connect the drives and boot
it with the drives already connected.
7.16 Erasure status and exceptions

The Blancco Drive Eraser erasure process can be separated into two parts:
l Mandatory steps: these steps are considered as essential, according to the erasure standard
applied. They consist of overwriting steps, verification steps, firmware based erasure steps and hid-
den area removal steps.
l Optional steps: these steps are not necessary to achieve a successful erasure result as they are not
a vital part of the erasure standard. For example, some erasure standards do not explicitly require
remapped sectors erasure or the removal/erasure of hidden areas but they may be attempted any-
way, depending on the user’s configuration of the software.
If all mandatory steps succeed, the whole erasure process is considered a success (final status = "Erased").
Conversely, if any mandatory step fails, the whole erasure process fails (final status = "Not erased"). If any
optional step fails, the erasure process generates an exception (information message) acknowledging the
failure of this step but indicating that it was considered optional. The final status always depends on the suc-
cess or otherwise of the mandatory steps.
In some occasions, the status "Erased" will be accompanied by an information message such as e.g.
"Remapped sectors area erasure failed" or "DCO area removal failed". This is simply the result of the logic
described above. The description of the erasure standards’ steps is located in chapter Execution steps of
the erasure standards .
7.17 CD-eject
The CD-eject functionality can be enabled or disabled through the DECT. The CD-ejection can be con-
figured to occur at four different phases of the erasure process:

l After Blancco Drive Eraser boot-up (option selected by default).
l After the erasure has been completed.
l After the report has been saved or sent.
l When the machine is shutting down.
When the CD-eject is enabled, any optical media drive detected on the machine will be opened (tray ejects).
This way the user can check if a Blancco Drive Eraser boot CD or any other optical media has been left in
the machine. This also prevents the risk of forgetting to remove media from a machine before shipping it
away, since this presents a security risk as these media may contain personal/professional information.
Note. It is very important, that at least one option for ejecting the CD tray is selected, to prevent potential
data breaches.
7.18 Digital Fingerprint

The Digital Fingerprint is a small report that is written on the drive after the erasure and after the user has
successfully saved/sent a report. It contains a brief summary of the erasure report information. It acts as a
further proof that the storage device has been erased and can be used for erasure report auditing purposes.
The Fingerprint is written on a single sector of the erased drive (sector 200 by default, can be modified via
DECT) and visualizing its content requires a tool that can read and display binary data, such as the Blancco
Drive Eraser Hexviewer. The implementation of the Fingerprint is only in English language (independently
of the report language) for compatibility with the ASCII characters.
The Fingerprint contains the following data (separated with spaces and semicolons):
Field name Explanation
The name of the Company that purchased Blancco (“Licensed to” field from the eras-
Customer name ure report).
Note: special characters (non-ASCII) are displayed as “?” chars.
Date & time of erasure completion Displayed with the format: yyyy-mm-dd hh:mm:ss
Blancco software version e.g. Blancco Drive Eraser 6.0.0
Drive serial number Also displayed in the “Erasure”-step.
Erasure status "Erased" or "Not Erased".
e.g. “User canceled the erasure”
Erasure information message Note: this message may be truncated in case the Fingerprint content is longer than
512 chars (sector size).
Unique report ID Erasure report UUID.
Key ID Same than the erasure report’s key_id field.
The Digital Fingerprint is disabled by default. Enabling it, as well as setting its sector location, is done via the
DECT.
7.19 Bootable Asset Report

The Bootable Asset Report is a small report containing the hardware information of the erased machine and
drive. It is displayed as a static splash screen when a successfully erased drive is used for booting.
The Bootable Asset Report can provide a fast visual proof that the drive has been successfully erased with
Blancco, as only the booting of the machine is required to view this report, however it does not replace the
Blancco erasure report which is the real proof that the erasure has occurred. It can also be used for auditing
an erasure report. Another use is displaying the hardware information of a machine/drive that is meant to be
sold on the second hand market.

To activate the Bootable Asset report, the following conditions need to be fulfilled:
l The Bootable Asset report has to be enabled from the DECT.

l The detected drive has to be erased successfully (at least once).
l The erasure report has to be successfully saved on a USB stick or sent to the BMC (at least once).
Note, that in order to create a Bootable Asset Report, the software writes data on the first 200 sectors of the
drive. This data can be viewed by using the Hexviewer or other similar tools. The sectors containing the
Bootable Asset Report will show a different pattern compared to the rest of the drive. This should not be con-
fused with data that Blancco Drive Eraser has failed to erase. If enabled, the Bootable Asset Report is
always written after a successful erasure and after a report is successfully saved or sent.
7.20 Erasing RAID configurations

Blancco Drive Eraser has a RAID dismantling capability that can break the RAID and access directly the
physical hard drives for erasure. This capability is disabled by default but can be enabled via the DECT.
Below the list of the RAID controllers that can presently be dismantled:
Adaptec/IBM ServeRAID Controllers
ServeRAID Controllers
DAC960/AcceleRAID/eXtremeRAID PCI RAID Controllers
LSI MegaRAID/Dell PERC/INTEL RAID Controllers
HP Smart Array Controllers
If your RAID controller is not in the list, Blancco highly recommends that the array is dismantled manually
from the BIOS of the RAID card or via the software provided by the manufacturer. If your controller supports
the JBOD mode, please set it to that mode. Then Blancco Drive Eraser can attempt to detect the physical
drives for erasure. Please make sure that the firmware in your RAID adapter has been updated recently in
order to avoid any unnecessary problems with the RAID controller.
Support for other RAID controllers will be implemented in upcoming versions.
7.21 Remote erasure control and monitoring

Blancco Drive Eraser’s erasure can be controlled or monitored remotely either from the Blancco Man-
agement Console (BMC)or from an external Asset Management System integration. Note that the Blancco
Management Console is required in all cases.
7.21.1 Monitoring the erasure process through the Management Console

To monitor the process, the Remote monitoring must be activated on the client image (via the DECT) and
the settings to connect to the Management Console must be filled in (either via DECT or via the erasure cli-
ent’s “Settings” menu). Note that the Erasure control must be set as Local user interface.
During remote monitoring, the erasure process can be followed from the BMC (“Process Management” tab
> “Live monitoring” view). The BMC cannot control the erasure directly but can detect any problem occur-
ring during the process. The BMC assigns a numeric ID to each monitored machine for a quick iden-
tification, this ID is visible in the erasure client’s screensaver (top right corner of the screen) and in the UI
(Process Area).

7.21.2 Controlling the erasure process through the Management Console
To completely control the erasure process through the Management Console, the client image must be con-
figured for that (via the DECT). The Erasure control must be set as Blancco Management Console remote
and the settings to connect to the Management Console must be filled in (via the DECT).
During remote control, the erasure process is controlled from the BMC (“Process Management” tab > “Live
management” view). BMC can either push an erasure standard to sanitize the drives of the target machine
(s) or a workflow to fully control the process on the target machine(s). The BMC assigns a numeric ID to
each controlled machine for a quick identification, this ID is visible in the erasure client’s screensaver (top
right corner of the screen). See the Management Console’s Admin Manual for more information.
When remote control session is cleared from BMC, Blancco Drive Eraser will fetch command on next
polling round to stop communication. After receiving the stop-message, software acknowledges it and BMC
then removes session from process management list. After this, Blancco Drive Eraser doesn't accept any
remote commands and waits to be shut down manually. UI will show #-character in session ID when com-
munication has stopped. Connectivity and license status will turn to red. MC icon pop up will show "Com-
munication with the BMC has failed..." error message.
7.22 Sanitize Cryptographic Erasure Standard

The “Sanitize Cryptographic Erasure” erasure standard performs a cryptographic erasure, on drives that
support this firmware command only. It was introduced in version 6.1.1.
When a Cryptographic Erasure command is given, the drive self-generates a new media encryption key.
Thus, the old data is not overwritten, only the encryption key is replaced rendering data ‘erased’ by making
it indecipherable, since the key required to decrypt the data is no longer available. The strength of this obfus-
cation is relative to both the encryption standard used and effectiveness of the key replacement process. It
is possible that mistakes in the implementation of the crypto-system or future advances in technology could
allow for the reconstruction of data by recovering the key or breaking the encryption algorithm used, respect-
ively.
Any drive erased with this standard will display an exception "Device has been cryptographically erased,
see manual for more information."
Cryptographic erasure is verified in the following way:
1. Pseudo random locations are selected throughout the drive.

2. These locations are written with a known pattern
3. Cryptographic erasure command is triggered.
4. After the cryptographic erasure, these pseudo random locations are read to verify that the previously
written pattern is no longer present, thus demonstrating (or otherwise) the success of the process.
This verification is available in BDE, but the percentage of the verified area is configurable by the user (1-
100%, default value 1%).
Because replacing the data encryption key is a very fast operation, the “Cryptographic Erasure” standard is
very quick compared to a traditional overwriting (few minutes at worst, even on large drives). But given the
concerns described above, Blancco recommends using this standard in cases, such as in the following
cases:

l The machine needs to be erased quickly, before being redeployed within the same company (same
or higher security level).
l The machine needs to be erased quickly, before being sent to another location where it will be
erased using a more traditional standard.
7.23 Support for TCG Security Features

The Trusted Computing Group (TCG) is a group formed by large hardware manufacturers to implement
security standards and concepts across personal computers. Among other things, they develop the Trusted
Platform Module standard (used on TPM chips), they also develop specifications that describe the protocol
to communicate with self-encrypting drives (SEDs). On the latter point, Security Subsystem Class (SSC)
Specifications describe the requirements for specific classes of devices; specifically, the Enterprise SSC
defines minimum requirements for Data Center and Server Class devices while the Opal SSC defines min-
imum requirements for client devices.
BDE supports ATA, SCSI/SAS and NVMe self-encrypting drives that implement the TCG Enterprise, Opal,
Opalite, Pyrite and Ruby security features as follows:
Drive interface
ATA/SATA SCSI/SAS NVMe
- CE: reporting & erasure - CE: reporting & erasure - CE: reporting & erasure
Opal - BE: N/A - BE: N/A - BE: N/A
- OW: N/A - OW: N/A - OW: N/A
- CE: reporting & erasure - CE: reporting & erasure - CE: N/A
Enterprise - BE: N/A - BE: N/A - BE: N/A
TCG - OW: N/A - OW: N/A - OW: N/A
Opalite - BE: N/A - BE: N/A - BE: N/A
- OW: N/A - OW: N/A - OW: N/A
Pyrite - BE: reporting - BE: reporting - BE: reporting
- OW: reporting - OW: reporting - OW: reporting
(with CE = Crypto Erase command, BE = Block Erase command, OW = Overwrite command)

TCG commands are used in the "NIST 800-88 Purge" and “TCG Cryptographic Erasure” erasure stand-
ards. Any standard supporting the TCG Cryptographic Erasure command first reverts the drive to factory
default before replacing the encryption key and scrambling the data.
7.24 TPM Device Detection and Reporting

TPM (Trusted Platform Module) device(s) can be detected and reported under two conditions:
1. The TPM device must be present on the machine.

2. The TPM device must be enabled in the BIOS/UEFI settings.
Variable for this is available in workflows as variable "tpm_devices".
7.25 Fallback for NIST Erasure Standards

When “Enable fallback from NIST Purge to NIST Clear” is enabled in the DECT, the erasure standard "NIST
800-88 Purge" can fall back to "NIST 800-88 Clear".

When Erasure button is pressed, if NIST Purge is not supported by the device or the standard fails, then the
erasure process falls back to NIST Clear. Falling back from NIST Purge to NIST Clear can ensure keeping
compliance with the NIST guidelines.
Note that this functionality requires that both "NIST 800-88 Purge" and "NIST 800-88 Clear" erasure stand-
ards are enabled.
For more information about the NIST standards, see chapter “Compliance with Updated NIST Guidelines”.

8. Hardware Which Requires Special Handling
8.1 Unsupported processors
Blancco Drive Eraser supports x86 processor-based machines, especially Intel and AMD processors. Sup-
port for x86 processors that are neither Intel nor AMD should be checked case by case, because the hard-
ware detection on machines running such processors may not be fully accurate.
Some machines use different processor architectures (RISC, ARM…) that Blancco Drive Eraser does not
support and cannot directly erase. Sun SPARC based servers can be erased using our Blancco SPARC
product.
Fortunately, data storage devices are always the same regardless of the hardware (whether x86 or RISC
architecture) and Blancco can be used to erase the drives from these machines by connecting them to an
x86 processor-based computer. A typical solution consists of removing those drives from their non-sup-
ported server and connecting them to a supported x86 processor-based “erasure station” for erasure.
Blancco Drive Eraser can boot on (and erase) majority of x86-based tablets, this includes tablets based on
the Intel Atom processor. However, the majority of devices based on the Intel Atom processor platform
"Clover Trail" are not supported.
8.2 SSDs
Although Blancco Drive Eraser can identify and erase all kind of Hard Disk Drives (where data is stored mag-
netically on rotating disks), there are some caveats involved regarding the erasure of Solid State Drives
(SSD). SSDs differ from HDDs in that data is stored electronically on transistor arrays. Please refer to the
chapter Guidelines for Using SSD Erasure Method for more information.
If the documentation does not help you, please engage with your local Blancco representative regarding the
erasure of these drives.
8.2.1 eMMCs
embedded Multi Media Card (eMMC) is a storage device that contains some NAND flash memory and an
embedded controller in an industry-standard BGA package. Operations such as wear leveling, bad block
management, and device mapping are all managed internally. In addition, error handling is also imple-
mented internally, which reduces the load on processor and as a result, improves the system performance.
eMMC has been developed for universal low-cost data storage and communication media and is currently
prevalent in most smartphones and tablets, although they may also appear in x86-based hybrid tablet
devices. When an eMMC drive is detected by Blancco Drive Eraser, the UI will display the drive as an
“eMMC” device.
There exist a few recommendations on how to erase eMMC drives. The Jedec standards on eMMC drives1
, describe the command Sanitize “used to remove data from the device according to Secure Removal Type
(see 7.4.120)… [and] requires the device to physically remove data from the unmapped user address
space” i.e. this command removes the data from both the user addressable area and area that the user can-
not access. Another command is the Secure Erase “included for backwards compatibility... requires the
device to execute the erase operation... requires the device and host to wait until the operation is com-
plete... [and] requires the device to do a secure purge operation, according to Secure Removal Type... out-
1<a href="https://www.jedec.org/standards-documents/technology-focus-areas/flash-memory-ssds-ufs-emmc/e-mmc">ht-
tps://www.jedec.org/standards-documents/technology-focus-areas/flash-memory-ssds-ufs-emmc/e-mmc</a>

lined in 7.4.120”. The chapter 7.4.120 indicates “how information is removed from the physical memory dur-
ing a Purge operation [based on] the capability of the eMMC device”.
The Jedec standards also inform about the handling of retired sectors. “Portions of the memory array can
become defective with use” and marked as “retired”; the information from such sectors is recovered before
the sectors are removed from use. Some eMMC devices can “erase the contents of the defective region
before it is retired”; nevertheless, this feature has to be enabled beforehand and –according to the stand-
ard– it only applies to sectors retired after the feature is enabled (sectors retired before are out of scope). If
the eMMC does not support this feature, if the feature is disabled, or if the drive has sectors that were retired
before the feature was enabled, there is a risk that these retired sectors will not be erased, even after using
the Sanitize or the Secure Erase commands.
The NIST guidelines1 are not very clear regarding the erasure of eMMC devices embedded on Intel-based
tablets (which are the eMMC devices that Blancco Drive Eraser can erase).
l Regarding the clear-level operation, Blancco Drive Eraser handles an eMMC the same way it
handles any flash-based data storage device (such as SSD or NVMe). The device is detected, over-
written (from the first detected sector to the last detected sector) and verified. This procedure
addresses the whole user addressable area and protects the device against any keyboard attack.
l Regarding the purge-level operation, NIST mentions using commands such as “Secure Erase or
Secure Trim command, or some other equivalent method… [or] Cryptographic Erase [if supported]”.
Nevertheless, these recommendations apply to eMMCs embedded in devices running the Google
Android OS or the Windows Phone OS or the iOS (for the latter, only Cryptographic Erase is men-
tioned). NIST also mentions that purging “all other mobile devices including cell phones, smart
phones, PDAs, tablets… [depends on the device capabilities] and should be applied with caution…
the device manufacturer should be referred to in order to identify whether the device has a Purge cap-
ability… to ensure that data recovery is infeasible”.
Based on these recommendations, in order to clear eMMC devices you can use any Blancco Drive Eraser
overwriting standard. Blancco Drive Eraser also implements firmware-based erasure commands (Sanitize
and Secure Erase) as part of the "NIST 800-88 Purge" and "Blancco SSD Erasure" standards, which can
erase the eMMC beyond the clear-level. However, as explained above, even after a successful erasure
using the "NIST 800-88 Purge" or "Blancco SSD Erasure" standards, there are no guarantees that the
purge-level will be achieved in all situations: it is not possible to be certain that no data will be recoverable if
the eMMC undergoes an attack using state of the art laboratory techniques. Also, some eMMCs may dis-
play an extra recovery partition even after they have been purged. In some cases, these partitions may still
contain data.
8.2.2 Hybrid Drives

A hybrid drive or SSHD (for Solid State Hybrid Drive) is a composite non-volatile storage device. It has two
separate areas of storage: some flash memory (the SSD portion, a fraction of the total capacity) and spin-
ning magnetic platters (just like a regular HDD).
Hybrid drives can be detected, reported and displayed in the UI as “SSHD”. Blancco Drive Eraser will first
attempt a programmatic detection of the drive. If a drive is not detected as a hybrid through programmatic
means, then Blancco Drive Eraser will compare its model with an internal (embedded) list of allowed and
known hybrid drives: if there is a match, then the drive in question will by marked as an SSHD. Note that the
user can update the list of allowed devices (add/remove models) via the DECT.
1<a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-88r1.p-
df">http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-88r1.pdf</a>

If a hybrid drive has undertaken a successful erasure and verification process, this means that only the part
that has been presented to the software (usually the magnetic HDD) will be processed. Since it is not cur-
rently possible to verify the erasure of the hidden (usually the flash) part of the hybrid, no guarantees can be
provided against recovery of data using laboratory techniques. The erasure of a hybrid drive will protect
against non-invasive attacks at a software level only since the memory management of data is performed
internally by the drive. After erasing a hybrid drive, there will be an exception in the report warning about its
presence.
Additionally, there is not enough research available to suggest that firmware erasure methods (such as ATA
Secure Erase) will address both parts of the storage and it is not possible to verify this without the appro-
priate tools. Therefore, the same applies as above for this process: assurances can be given about the
accessible part of the storage only.
8.3 NVMe Drives

Non-Volatile Memory Express, or NVMe, is a logical device interface specification for accessing non-volat-
ile storage media attached via a PCI Express (PCIe) bus. NVM Express, as a logical device interface, has
been designed to capitalize on the low latency and internal parallelism of flash-based storage devices.
NVMes can be detected, reported and displayed in the UI as “NVMe”.
TCG Opal, Enterprise, Opalite,Pyrite and Ruby SSC compliant drives are detected and their information is
added to the report.
Since Blancco Drive Eraser fully erases all data on the drive, it causes a lot of activity on the device. If the
device does not have an adequate cooling solution when being processed, it can lead to a buildup of heat
which causes the device to throttle its performance to reduce heat. NVMe devices that cannot dissipate
heat quickly enough will start thermal throttling (slowing down their read- and write-speeds) and may even
overheat (device stops functioning).
To help detect whether poor performance of the device is caused by heat or by other issues, Blancco Drive
Eraser displays the temperature of the device on the UI (Erasure-step). This can be used to monitor the
device and pause the erasure if the temperature rises too high. Also, the screensaver starts flashing if the
temperature of an NVMe device gets close to its Critical Composite Temperature Threshold.
To alleviate the problem, the drive can be paused until the temperature of the device has fallen and once
the temperature is at an acceptable level, the erasure can be resumed. Applying an external heat dis-
sipation can also be considered.
As of version 6.17, the Sanitize feature set is supported on NVMe drives. Sanitize commands are used in
the following erasure standards: "Sanitize Cryptographic Erasure" and "NIST 800-88 Purge".
Blancco recommends erasing NVMe drives with the “Blancco SSD Erasure” erasure standard.
8.3.1 Port Mapping

For NVMe drives, the port mapping and empty bay indication is learned on the fly. NVMe controllers/drives
are listed first, then other controllers/drives and finally USB controllers/drives last.
In the beginning, BDE does not know all the physical slots reliably, so as long as no NVMe is connected to
the machine, BDE won't make assumptions and the GUI won't show any empty slot.
Then, as NVMes get connected to the machine, BDE starts knowing the presence of the physical slots, it
even starts knowing their bus number: the port mapping is learnt gradually. Once all physical slots have
been occupied, BDE knows them and can order the NVMes by bus number. At this point, the complete port
mapping is finished, and it is remembered for the whole session.

The easiest way to have a port mapping, that is good from the beginning, is to first fill all physical NVMe
slots with NVMes, then boot the machine. In this case, BDE will learn right away the presence of all the phys-
ical ports and will order them in the UI reliably and consistently for future operations.
The reason each port shows a different controller (1-1, 2-1, 3-1, ...) is that each NVMe integrates its own
controller. So, each NVMe drive is an NVMe controller paired with an NVMe data storage device.
Note that even though the port mapping info is remembered during the whole session, it is lost when you
reboot the machine.
On the example below, a situation of how this works when there are 4 physical NVMe slots are available
and used.
Now two NVMes are connected (A and B), one in the second physical slot and one in the fourth physical
slot. The UI will show:
l 1 (1-1) NVMeA
l 2 (2-1) NVMeB
Now one NVMe (C) is connected to the first physical slot. The UI will show:
l 1 (1-1) NVMeC
l 2 (2-1) NVMeA
l 3 (3-1) NVMeB
After this, one NVMe (D) is connected to the last empty physical slot (the third). The UI will show:
l 1 (1-1) NVMeC
l 2 (2-1) NVMeA
l 3 (3-1) NVMeD
l 4 (4-1) NVMeB
Finally, they are removed and a new NVMe (E) is connected to the second physical slot. The UI will show:
l 1 (empty)
l 2 (2-1) NVMeE
l 3 (empty)
l 4 (empty)
8.3.1.1 Hybrid Appliances

With hybrid appliances (with both NVMes and traditional SAS/SATA drives), the port mapping is learned on
the fly with NVMes while the SAS/SATA port mapping is consistent and based on the internal cabling of the
appliance. In the example below, the device has 4 NVMe slots and 8 SAS/SATA slots. Now, only 4
SAS/SATA slots are in use (cables installed to front panel bays). Therefore. a maximum of 8 physical drives
will be connectable and visible in the appliance (4 NVMes, 4 SAS/SATA):
l After boot, you can see 8 empty slots (all SAS/SATA).

l You connect 1 NVME and hit refresh => 1 NVME + 8 empty slots are visible in the GUI.

l You connect second NVME and hit refresh => 2 NVMEs + 8 empty slots are visible in the GUI.
l Continue similarly for the rest of the NVMe drives, until all 4 are connected.
l In the end, the GUI will have 4 slots for NVME (after the software has learned them - they can be
occupied or empty) and 8 slots for SAS/SATA => Total slots: 12
l And extra note: Nothing currently prevents the customer from connecting a second cable to that
SAS/SATA controller and taking those "ghost" slots into use in the software side as well. This would
make the maximum simultaneous erasures running: 4xNVME + 8xSAS/SATA
Other notes:
l If system boots with all bays occupied, overall picture is ready.

l If system boots with empty bays, overall picture gets more ready when a new bay is occupied and UI
refreshed.
l When an NVMe drive is removed, the controller entity is not removed, it is marked as dummy, which
is not reported. Dummy controller will be presented as an empty slot. When another NVMe is inser-
ted into same slot, the old controller entity is reused and all of its information is updated.
l For an NVMe controller, the number of bays is always 1.
8.4 RAID-controllers connected to SAS/SATA drives

Blancco Drive Eraser can detect and erase SAS and SATA drives connected to RAID controllers. Erasing
these drives in this kind of environment can be challenging for several reasons, two important ones being
communication issues and RAID firmware customizations.
Erasure of SATA drives is more challenging than erasure of SAS drives, because when connecting SATA
drives to a SAS enclosure, different setups can add extra layers to the communication between the soft-
ware and the drive.
The MegaRAID controllers in particular can be purchased by different original equipment manufacturers
(OEM) or brands which can resell them with their own customized firmware: the support of the MegaRAID
depends heavily on the firmware that has been embedded into the controller.
Currently Blancco Drive Eraser supports dismantling of MegaRAID controllers branded by LSI (SAS and
SATA drives can be erased) and Dell (SAS and SATA drives can be erased, although SATA drives only sup-
port plain overwriting standards). Support of other brands (mainly HP and Intel) should be checked case by
case.
8.5 Password locked drives

Drives protected with password can be erased, but the user must enter the correct password upon booting
the machine. Password protected drives can only be overwritten, because the password protection pre-
vents executing firmware commands onto the drives. If purging these drives is required, the password pro-
tection must be removed from the BIOS/UEFI settings.
8.6 Removable flash devices

If removable flash devices are connected to the machine during the startup (SD card, USB stick), there will
be a popup warning about their presence: these devices can contain user data and may present a security
risk. These devices can also be erased in BDE, but this feature must be enabled (they are hidden by
default, displaying them in the user interface must be enabled in DECT). Removable flash devices offer no
support for purging mechanisms and can only be cleared. Any removable flash device which label contains

“BLANCCO” will always be excluded from the user interface (in order to prevent erasing e.g. a “BLANCCO”
USB stick that is used to boot BDE).
8.7 Chromebooks
Chromebooks are laptops or tablets running the Linux-based Chrome OS (designed by Google) as its oper-
ating system. The devices are primarily used to perform a variety of tasks using the Google Chrome
browser, with most applications and data residing in the cloud rather than on the machine itself.
Chromebooks can be processed in two different ways:
l The traditional way requires booting a generic BDE image into the Chromebook. After BDE has
booted, the Chromebook can be processed as any other machine (erasure of the internal drive, hard-
ware diagnostics, report, etc.). Bear in mind that only Intel-based Chromebooks can be processed
this way (ARM-based Chromebooks are not supported). Another thing to take into account: most
Chromebooks have a locked bootloader that will prevent them from booting any external operating
system. More information and tips to boot BDE on Intel-based Chromebooks are available in
https://support.blancco.com/
l While it's technically possible to boot BDE on a x86 based Chromebook, we recommend
using the modern process described below.
l The modern way does not require booting BDE into the Chromebook. The Chromebook needs to be
connected to the same network where BDE is running, then BDE can process the Chromebook via
factory resetting it and reporting the erasure result. This process is secure, fast, supports all Chrome-
books (Intel and ARM alike) and does not require reimaging the device after the erasure. More
information on this in the chapter "Processing Chromebooks with Drive Eraser".
8.8 Apple T2 Machines

Newer Apple machines (starting from 2018) come with a security chip called the T2 chip. This chip handles
many things, including the access to the internal data storage device (SSD or NVMe), so detecting the
internal drive requires supporting the T2 chip.
Starting from Drive Eraser 6.12.0 there is a support to boot and erase Apple T2 devices. More information
and tips on how to boot BDE on Apple T2 machines are available in https://support.blancco.com/
8.9 Microsoft Surface Pro 4

Make sure that the "Secure Boot" setting in the UEFI settings menu is set to "Microsoft & 3rd party CA" and
not "Microsoft only", otherwise Drive Eraser won't be able to boot.

9. Hardware Tests
The Blancco Drive Eraser contains tests designed to test the hardware of the machine. The tests are
divided into two categories: Automatic tests and Manual tests. The hardware tests have three possible end
results: Successful, Failed and Not Performed.
To configure which tests are run or available, use the DECT. Tests can also be set as mandatory (they can-
not be unselected from the “Hardware tests”-step) or optional (they can be unselected).
9.1 Automatic tests

Automatic tests are run automatically during the software’s loading process. No user interaction is required.
9.1.1 Battery Capacity

The battery capacity test checks the charge capacity and charge cycles of all the batteries connected to the
machine. The current charge capacity is compared to the maximum charge capacity stated by the man-
ufacturer.
A brand-new battery would have a charge capacity which is very close to 100%. Really old battery, which
can’t hold a charge anymore, would have a really low charge capacity (close to 0%).
The current charge state of the battery does not affect the charge capacity percentage. The same battery
will get the same result whether it is charged full or empty.
The default value for the battery capacity test threshold is 60%. This value can be changed in the DECT.
If the battery charge capacity equals or exceeds the defined threshold the test is deemed Successful, oth-
erwise the test is deemed Failed. Note that the battery test will fail, regardless of the charge capacity, if the
current voltage is below the discharge cutoff voltage, which corresponds to ~75% of the minimum design
voltage (a low voltage indicates that the battery is damaged). If the battery test fails, an error message is
shown, which displays the current voltage and the minimum designed voltage.
Note. If the battery to check is not listed in the tests, it means that Blancco Drive Eraser has not been cap-
able of retrieving the battery’s current charge or the maximum charge capacity. This information is set by
the battery manufacturer and some manufacturers to not necessarily follow the industry standards, which
ends up in improper detection. There is unfortunately nothing that Blancco Drive Eraser can do about it
9.1.2 Battery Discharge

The Battery discharge test tests the device’s battery discharge rate. This test requires that the device
should be unplugged. The battery charge should be 50% or more to execute the test, This recommendation
is to minimize the risks of hanging the machine during the test.
Note that:
l The test cannot be started if the battery charge is below 50%. The minimum charge for
ChromeBooks is 20%.
l The test will be automatically terminated if the battery charge level drops as defined by the pass
threshold or if it goes below 10% (minimum security charge, internal limit).
These two features are there to prevent a machine’s uncontrolled shutdown, which would mean losing both
the license(s) and the report.

The test will fail if the battery discharges more than the pass threshold within the time limit. Both the pass
threshold percentage (default value – 50%) and the time limit (default value 10 minute) can be modified in
the DECT.
Example: A laptop with a battery is booted and the Battery discharge test is executed.
l Case 1: If at the time when the test is run, the battery charge is 40%, it won't start (the minimum bat-
tery charge before the test is 50%).
l Case 2: If at the time when the test is run, the battery charge is 60%, it will start. If the pass threshold
is set by the user to 40%, the test will succeed if the charge at the end of the test is higher than 60-
40=20%.
l Case 3: If at the time when the test is run, the battery charge is 75%, it will start. If the pass threshold
is set by the user to 70%, the test should succeed if the charge at the end of the test is higher than
75-70=5%. Nevertheless, the minimum-security charge will fail the test if the charge reaches 10% or
less during the test (i.e. the charge should be at all times above 10%).
Note that the battery discharge test puts the CPU under heavy load which drains the battery. Running it on a
poor battery can fail the erasure, which might corrupt the drive. Consider applying an external heat dis-
sipation in case of CPU overheating.
Note that laptops with more than one battery are identified as having one battery. Depending on the mother-
boards battery manager, these batteries can be consumed serially or parallel. Hot-swapping batteries is not
supported by the software's battery testing.
9.1.3 CPU
The CPU test checks the functionality of the processor by checking its calculation capabilities. The result of
the CPU test is either Successful or Failed.

9.1.4 Memory
The memory test checks the low and the extended memory of a computer. The tests are operated with cer-
tain data patterns, each data pattern is first written to the memory and the read and verified. The test time
depends on the size of the memory and the speed of the processor. The result of the test can be either Suc-
cessful or Failed. The amount of passes the test makes, can be modified via DECT 2.12 or newer.
Note. Blancco’s memory test is a fast test of the machine’s memory. If a long and thorough check of the
memory is required please use a specialized software, such as Memtest86+, memtester (ChromeBooks) or
configure the Memory Test to run a large number of passes (the maximum being 99).
9.1.5 Motherboard
The motherboard test will check the following (if available):
l The CMOS checksum.

l CMOS battery.
l RTC.
l UEFI.
l DMI.
If any of the tests are successful, then the result will be Successful. Otherwise the result will be Failed.
9.2 Manual tests

Manual tests are run by selecting them from the Hardware test page and then running them. With all manual
test, the user input and interaction are required.
If a test is not required, the box before the test can be unchecked. This way that test won’t be included in the
report.
9.2.1 Display
The Display Test has been designed to test the color reproduction and the condition of the display attached
to the machine. The choice of the colors allows the user to easily identify any defective pixels (as displays
are based on the RGB color model).
The test itself consists of red, green, blue, black and white screens with the color currently being displayed
written in slowly flashing letters. After the colors, a grid of straight horizontal- and vertical-lines is shown.
Lastly the screen is continuously filled with different colored dots.
Press Space to continue to the next screen. Press Backspace to go to the previous screen. To exit the test
before the test’s end, press the Escape key.
All the test screens are shown below:
l Red-Green-Blue colors:

l Black-White colors:
l Horizontal-vertical lines grid:

The test has ended; the user can add extra info on the text field and pass the test (Successful status) or fail
it (Failed status) by pressing "Pass" or "Fail" from the dialog window:
Pressing the "Skip" button will skip this test and leave the test's current status unchanged.
9.2.2 Pointing devices

The Pointing Devices Test is used to test the pointing device connected to the machine (mouse, trackball,
touchpad or other device).
In this test, the user must click on the right, left and middle mouse buttons and click on the circled areas on
the right and left side of the screen. When pressing a button, the color of the corresponding button in the
screen is changed from red (default, button is not pressed yet) to yellow (button is pressed) to green (button
is released). To exit the test before the test’s end the Escape key must be pressed.
Note. On many laptops, the touchpad only has 2 buttons; in order to activate the middle button, both but-
tons must be pressed at the same time.
Example of the test at the start, then after the left and middle mouse button have been activated and the left
circled area has been clicked:


9.2.3 Keyboard
The keyboard test is used to test the functionality of the keyboard.
The keyboard layout is shown on the screen. There are several layouts currently available:
l US – United States (standard layout)

l JP – Japanese
l BE - Belgian
l FR – French
Note that the other default layouts are displayed only when the keyboard layout has been set to that specific
layout (for example, "Japanese (Japan) - jp").
When pressing a key, the color of the corresponding key in the screen changes from red (default, key is not
pressed yet) to yellow (key is pressed) to green (key is released):
l If the color stays yellow, then the key is probably stuck.

l If the color stays red and there is no indication in the screen that a key is being pressed, then the key
may not be working.
Testing non-standard extra keys:

l Some keys such as the Windows/Command keys, the Alt Gr key as well as some keys available in
Japanese keyboards are not properly mapped to their corresponding key in the screen. Due to this,
these non-standard keys remain red, although it does not mean that they are not working.
l On the other hand, when any key of the keyboard is pressed, the background of the keyboard image
displayed in the screen flashes from white to grey during the key press. This is presently the best
way to verify whether the non-standard extra keys are working or not.
Testing the Lock keys and the Function key:
l The Lock keys Scroll Lock, Caps Lock and Num Lock are enabled/disabled when pressed during
the test. Pressing these keys also tests the keyboard LEDs assigned to these buttons. Please make
sure that they are in a convenient position once the test has finished.
l The Function key Fn is also enabled/disabled when pressed during the test. This key does not usu-
ally trigger the keyboard’s background flashing but its use may be needed to activate e.g. the Num
Lock button or to emulate a full-sized keyboard with numpad. Please make sure that it is in a con-
venient position once the test has finished.
To exit and end the test, the Escape-key must be pressed twice.
Examples of the test at the start and after some keys have been pressed:

9.2.4 PC speaker
The system produces beep sounds from the PC-speaker after "Play sound" button or Space is pressed.
After this the user is asked to confirm whether the sounds were heard or not. To exit the test before the
test’s end the Escape key must be pressed.
Example of the test being run and the beeps being played:


9.2.5 Optical devices

The optical device test is used to test the functionality of the optical drives. The possible tests that are imple-
mented are reading test, writing test and blanking test. User can also predefine the default tests to be
run via the DECT (only write, write+read, only read, write+read+blank, etc.).
All the optical devices connected to the computer are displayed as well as their capabilities. Assuming that
all optical device tests are selected (write+read+blank), the tests available will be based on the capabilities
of the tested optical drive.
Inserted optical disk:
The user can insert a CD-RW, DVD-RW disc or a previously burnt disc containing the Blancco pattern. The
Blancco pattern disc is required to test optical devices without write-capabilities.
l If the inserted disc is –RW, then the software can perform the writing and reading tests as well as
blanking the –RW disc at the end of the test.
l If the inserted disc is –R only, it has to be burnt previously to contain the Blancco pattern. Only the
reading test can be selected, the other tests are not possible and will generate error popups.
l If the optical drive doesn’t have write-capability, then only the reading test can be performed with a
disc containing the Blancco pattern.
The CD or DVD images for Blancco pattern can be downloaded from the following locations:
http://download.blancco.com/Test_media/Test_CD_for_HW_Test.zip

http://download.blancco.com/Test_media/Test_DVD_for_HW_Test.zip
When starting the test, the initializing of the test may take, depending on the hardware, up to few minutes:
If the tests attempted on an optical drive are complete and OK, the test status will be Successful. If the
attempted tests are complete but errors have been found, the test status will be Failed.
Skipping completely the optical drive test or in case the test cannot be run (e.g. the optical drive tray is open,
the inserted disk is –R when attempting the writing test) will leave the test result as Not performed.
9.2.6 Webcam
The webcam tests the detected webcam.
When the test starts, the webcam is used to take a snapshot and display it on the screen. Taking a few snap-
shots (via pressing the Space bar) is sufficient to verify that the camera is functional. The test can be exited
by pressing the Escape-key.


9.2.7 USB ports

The USB ports test is used to check the condition of these ports. A USB storage device, preferably a USB
memory stick, must be inserted to the USB port to test it. The software provides three possible tests: detec-
tion (mandatory test, the plugged USB stick is shown in the UI), read (optional test, the USB stick is read
and the read speed is shown in the UI), write (optional test, the USB stick is written and the write speed is
shown in the UI).
Note that the USB port type is detected based on USB interface connection speed with the USB device
plugged in to the port (e.g. connecting a USB 2.0 stick to a USB 3.0 port will detect the device as USB 2.0).
The user should use an USB memory stick which supports the newest USB protocol. This way, the test will
correctly detect the port type in all test cases.
Once the test is started, all ports with appropriate USB memory stick connected to them are tested:

Once all ports have been tested, press ESC to end the test. Once the test is over, the following dialog win-
dow is opened:
Note: Continuous use of the same USB stick for USB port testing with write test enabled, may wear-out the
stick and result in failed tests. This is especially true for old models of USB flash devices, which lack wear
leveling technology.
9.2.8 Wi-Fi adapters

The WiFi test tests all detected WiFi adapters.

When test button is pressed, the WiFi-testing is performed in background and no user actions are needed.
Wi-Fi doesn't have to be enabled in configuration beforehand. Test can also be performed on active inter-
face which is connected to MC. An animated progress bar is displayed during testing.
First test will check if there is Wi-Fi software lock enabled and unlocks it. If Wi-Fi is locked with a hardware
lock, then test fails with error message. This is normally a physical slider on laptops, which cannot be
bypassed with software and requires user action. This also applies to external USB connected devices.
Note that some manufacturers require some extra firmware or special handling for them to work on network
level. In this case test will fail, even though there is nothing faulty in hardware. Drive Eraser cannot detect
this situation from software point of view and this is why some hardware fails.

The test tries to scan available Wi-Fi networks in listening mode, so it doesn't need any credentials to work.
Networks are not connected and there is no traffic going on to them. Basic test setup requires just single
dummy Wi-Fi access point which broadcasts any SSID and is within range. Note that the test cannot make
separation to 2.4 GHz or 5 GHz networks. Those must match the hardware to be tested. All hardware
should support at least 2.4 GHz frequency (according to standard).
The test result is passed if there is any detected Wi-Fi network. HW tests page shows number of detected
Wi-Fi networks by each adapter. List of detected SSID's is shown in the tooltip of network symbol. For secur-
ity purposes, this information is not available elsewhere, not even in issue reports or system logs.
Report shows test results for each Wi-Fi adapter. In case of failure, it shows reason in the comment field.
9.2.9 BIOS logo
BIOS logo test is used to check if the BIOS logo of the computer matches the manufacturer's logo, or if it
has been customized. The BIOS logo is only shown for UEFI machines. Apple devices, such as MacBooks,
will not show any images for the "BIOS logo".
Once run, the BIOS logo test will display the current BIOS logo for the machine, if one is available.

Once the current BIOS logo has been confirmed, press ESC to end the test. Once the test is over, the fol-
lowing dialog window is opened:

it (Failed status) by pressing "Pass" or "Fail" from the dialog window.

10. Report Per Connected Device
The “Report per Connected Device” (RPD) functionality must be activated via DECT. This functionality
provides a separate report for each connected device.
The RPD mode is meant for a situation where:
l There are loose drives to be erased e.g. drives that have been removed from their original computers
or drives removed from machines such as printers. Often such drives originate from different envir-
onments or different owners and they require individual reports. Such drives can be connected to an
erasure station where the erasure process takes place.
l There are Chromebooks to process. Chromebooks can be connected to BDE via network cables and
a switch to be processed quickly and securely. The process includes erasure, hardware diagnostics,
custom fields and report per device. There is a chapter dedicated to Chromebook processing: Pro-
cessing Chromebooks with Drive Eraser.
The "loose drive erasure process" is somewhat different to the generic "laptop erasure step-based pro-
cess", as the focus is not anymore the host machine but the connected device being processed.
The RPD mode can be enabled if:
l Blancco Drive Eraser is used locally.

l Blancco Drive Eraser is used in the “Manual” process mode.
When the RPD mode is enabled:
l Only the Erasure- and Custom fields - steps are available.

l Hardware tests are disabled.
l The host hardware information is not included in the drive report.
l Only the drive information (model, serial, sectors, interface, average read/write speed, etc…)
is available under the "Hardware details" on the report.
l Logical drives are removed and physical drives become visible.
l Those drives can be erased/reported separately.
l The RPD mode is compatible with the Bootable Asset Report setting as well as with the Fingerprint
setting.
l There are 2 types of custom fields (CF):
l Common CF for all drives (updating them would update all drive reports) e.g. "Erasure tech-
nician".
l CF available for each individual drive (updating one would only update the corresponding
drive report) e.g. "Drive ID".
l Note that default values for custom fields are purged when “Per Drive” option is used.
l Hot plugging drives is supported for SATA, SCSI, SAS, USB, NVMe and FC drives.
l Note that this option needs to be turned on in the DECT.

10.1 Erasure-step
The erasure step is otherwise similar to normal erasure, except there are two new actions with designated
buttons and keyboard shortcuts: Report and Edit Custom fields.
10.1.1 Report (Ctrl + Alt + R)

This action opens the reports for all selected drives. The action can be used by pressing Ctrl+ Alt + R or by
clicking the Report-icon.
Once activated, the reports for all selected drives are opened and they can be Saved (Ctrl+S) or Sent (Ctrl+
N).
Pressing Close (Esc) closes the window.
10.1.2 Custom fields - Per Drive (Ctrl + Alt + E)

This action opens the Per Drive custom fields for modification for all selected drives. The action can be used
by pressing Ctrl+ Alt + E or by clicking the Custom fields-icon.
Once activated, the Per Drive custom fields for all selected drives are opened and they can be Updated (Ctrl
+D). The amount of drives being updated and their IDs is shown in the dialog.

In Workflow mode, the activation of a Per Drive custom field also highlights the corresponding drive being
updated:
Pressing Close (Esc) closes the window.

Note that this only modifies the Per Drive - Custom fields. To modify the generic custom fields, go to the Cus-
tom fields step.
10.2 Report & Per Drive Custom fields Status-icons

There are also two icons for each drive: Report sending saving status and Custom fields not updated /
updated.
Report not sent/saved:

Report successfully sent/saved:
Problem saving or sending the report:
Per drive custom fields not updated :
Per drive custom fields updated :
Per drive custom fields update failed:
10.3 Custom fields-step

In this step the generic (not Per Drive) custom fields are modified. For more information about this step, see
the Custom fields-step chapter.

11. Processing Chromebooks with Drive Eraser
11.1 Supported Chromebooks
Any Chromebook manufactured from 2015 onwards is supported, whether it is ARM-based or Intel-based.
Chromebooks manufactured before 2015 are not officially supported.
Note: Rooted Chromebooks are currently detected as normal Chromebooks.
11.2 Minimum requirements

l Wired network with DHCP server.
l Machine, where you can boot the Blancco Drive Eraser image (preferably a machine without any
internal drive).
l USB-to-Ethernet adapters to connect the Chromebooks to the network.
l Blancco Drive Eraser licenses (erasure).
The Chromebook processing will happen mainly in the Blancco Drive Eraser user interface, but the operator
will have to prepare the Chromebook and connect it to Blancco Drive Eraser. Processing one machine
takes approximately 10 minutes. The Chromebook has to be connected to the network via an Ethernet
cable, Blancco Drive Eraser can be connected to the same network either via an Ethernet cable or via a
wireless connection.
11.3 Instructions to use Blancco Drive Eraser

1. Boot the Blancco Drive Eraser 7.2.0 (or higher) image on a machine (laptop or station) that can be
connected to the facility network. Make sure that:
l Blancco Drive Eraser is properly configured using the Configuration Tool 3.2.0 or higher.
l Both "Report per Connected Device" and "Chromebook support" options must be
enabled.
l If you configure a port other than 80, this value will be used later (a.k.a. "BDE-Port").
l The facility network has a running DHCP server that can lease IP addresses.
l The machine, where Blancco Drive Eraser is booted, does not have any internal drive (oth-
erwise you may erase it by mistake).
2. Once booted, take note of the IP address that has been leased to Blancco Drive Eraser (from the
“Network” icon on the bottom left of the user interface, a.k.a. “BDE-IP-address”). This address is
needed during the Chromebook processing (more on the next section dedicated to Chromebooks).
3. The process in Blancco Drive Eraser will happen as follows:
a. There is a new dropdown list that the operator can use to filter connected drives only, con-
nected Chromebooks only or a combination of both.
b. Any Chromebook that is connected to Blancco Drive Eraser will be shown automatically with a
grey background. Select it an press the "Erase" button:

l The background will turn white, the serial numbers of the Chromebook will be dis-
played in the user interface and the progress of the factory reset will be shown (the
status can be Successful or Failed).
l Any custom field that is defined on the Blancco Drive Eraser image can be used on a
processed Chromebook (to fill in the Asset ID of the device, for example).
l Each processed Chromebook will generate an individual report that can be reviewed,
saved on a USB stick or sent to the Blancco Management Console.
c. Once a Chromebook is processed, you can select it and remove it from the user interface via
pressing the “X” button (bottom right), this action will also shut down the Chromebook.
11.4 Instructions to prepare a Chromebook

Note that in the following instructions, specific keyboard combinations can be different between different
manufacturers. Refer to the manufacturer's documentation if the keyboard shortcuts described here don't
work.
11.4.1 Connect the Chromebook to Blancco Drive Eraser

Connect the Chromebook that you want to erase to the same network where Blancco Drive Eraser is con-
nected. If the Chromebook does not have an Ethernet port, you will need a USB-to-Ethernet adapter.
11.4.2 Boot the Chromebook

The official instructions to achieve this are found in https://-
chromium.googlesource.com/chromiumos/docs/+/master/developer_mode.md
Boot the Chromebook (press the Power button).
Next, you need to enable the Recovery mode, then the Developer mode, then open a terminal.
Note that when device enters Developer mode, the Chromebook will become locked for 5 minutes before
you will be able to control it again. This is a security feature present in all Chromebooks.
11.4.3 Enable the Recovery and Developer Mode

For most Chromebooks (laptops), the recovery mode can be activated with:
1. Press Esc + Refresh + Power to enter the Recovery mode (Refresh is usually F3 in a standard
laptop), this will take you to a screen where you can enable the Developer mode.
2. Press Ctrl + D on your keyboard when asked to insert recovery media.
3. Press Enter when prompted.
4. When the device reboots, a message is displayed on the screen stating the OS verification is off.
5. Press Ctrl + D to continue booting, or wait and the device will boot on its own.
Note that some Chromebooks may require a different key combination, for example: Esc + Maximize +
Power.
11.4.3.1 Keyboardless Chromebooks

With keyboardless Chromebooks (tablets),an external keyboard is required to open the terminal and use it.

1. Press Power + Volume-Up + Volume-Down and hold for 10 seconds to enter the Recovery mode.
2. The next menus can be navigated with the Volume-Up and Volume-Down keys, menu items can be
selected with the Power button.
3. Press Volume-Up + Volume-Down simultaneously to enter the Developer mode, confirm your
choice.
11.4.4 Connect to Blancco Drive Eraser

Wait until the Google-logo has disappeared and the Welcome Screen is fully displayed.
Once in Developer mode, press Ctrl + Alt + right arrow to open the Developer Console or terminal (the right
arrow might also be F2). Note that some models might require a reboot, before the Ctrl + Alt + right arrow (or
similar) keyboard shortcuts start working.
Once in the terminal, you might have to type a login, type the following and press Enter:
root
This feature can be configured to run on a certain TCP port, which is by default 80. If the set port is 80, type
in the terminal:
curl http://[BDE-IP-address] | bash
Example:
If BDE has the IP address 192.168.1.10, type:
curl http://192.168.1.10 | bash
However, the set port is not 80, type in the terminal:
curl http://[BDE-IP-address]:[BDE-Port] | bash
Example:
If BDE has the IP address 192.168.1.10 and the port 1234, type:
curl http://192.168.1.10:1234 | bash
11.5 Processing the Chromebook

The rest of the process will happen in the Blancco Drive Eraser user interface.
Based on what the operator does with the Chromebook in the Blancco Drive Eraser UI, Blancco Drive
Eraser will send information back to the Chromebook terminal indicating the status of the process (con-
nection status, device ID, shut down…).

In the end of the process, Blancco Drive Eraser will shut down the Chromebook. Once shut down, the
device can be disconnected from the network.
11.5.1 Chromebook Hardware tests

If the software has been configured to run hardware tests, then Chromebooks can run hardware tests on
memory, CPU, battery capacity and battery discharge. See the chapter "Hardware Tests" for more inform-
ation.
The test icon shows the state of the hardware tests.
The icon's color describes it current state and mouse hovering over the icon will display a string with inform-
ation on the test state. The icon colors can be:
Color Hint Explanation
Hardware tests have not been started, run-
Gray Hardware tests not executed
ning or finished.
Hardware tests are currently running.
Yellow Hardware tests running Note that the icon is blinking when it is on
this state.
One or more of the hardware tests has
Red One or more hardware tests failed
failed.
Green Hardware tests successful All hardware tests were successful.
11.6 Process outcome

A successfully processed Chromebook will have:
l All their user data erased (factory reset).

l A Blancco report proving that the erasure has taken place, including hardware and diagnostic inform-
ation from the Chromebook.
l Upon rebooting the Chromebook back to user mode (not in the developer mode), the original oper-
ating system (ChromeOS) will be reusable (no need to reimage the Chromebook).
11.7 Troubleshooting
11.7.1 Required files not found
If the following messages are displayed:
Some of the required files were not found
Please reboot and wait longer for the ChromeOS welcome screen to appear before
switching to the terminal
If the problem persists, please create an issue report from Blancco Drive
Eraser and contact Blancco Support

Then the device did not have enough time to initialize all components and drivers in the welcome screen,
before the terminal was opened.
Reboot the device and wait until the Welcome Screen (after the Google-logo) is fully displayed. After the
Welcome Screen is done loading, the terminal be safely opened. If the issue still persists, wait in the Wel-
come Screen for a longer time. On some machines (e.g. Lenovo ThinkPad 13 Chromebook), the problem is
on the installed Chrome OS (e.g. Chrome OS 94) and the fix consists in updating the OS version via the
OTA update.
If the last line of the message above is not displayed, then there are issues in the communication between
Blancco Drive Eraser and the device.
11.7.2 Device stays in Developer-mode after erasure

There are some report exceptions ("Some internal attributes (GBB flags) have abnormal values.", "Firm-
ware write protection via hardware is disabled.", "Firmware write protection via software is disabled or its
range is zero.") that might indicate that the Chromebook is stuck in Developer Mode and it cannot be turned
off. The device may have some sort of protection (software or hardware e.g. write protection, write protect
screw, etc.) which prevents disabling that mode. Please refer to the Chromebook user documentation.

12. Workflow Process
When the software is configured to run the Workflow-process (via DECT 2.13 or higher), it will follow the
actions set in the workflow created in the Workflow Editor (available in Blancco Cloud and BMC 5.4 or
newer).
This feature has a separate licensing from normal Drive Eraser software licensing. Contact your Blancco
representative for more information.
Starting from 7.1 and BMC 5.11, the workflows can also be triggered to start from the BMC. To trigger a
workflow from the BMC, use the Process Management - "Start Workflow" action.
12.1 Requirements
l Network connection and an BMC-installation (or a Blancco Cloud account and an internet con-
nection) for managing and storing workflows.
l The image must be configured with DECT with the following settings:
l Security / Erasure Process – Workflow
l Default workflow – Workflow set as default by the user will be used. Active by default.
l Workflow name - If “Default workflow” is disabled, then the workflow’s name
must be typed here.
l If BMC settings are not set in the “Communication” tab, then those settings must be manually
entered when the client software has booted.
l When BMC-connection is successful, workflow fetching is retried in 30 second inter-
vals.
l See DECT documentation for more information about the DECT-settings.
12.2 Create/Edit Workflow

To create a new workflow:
1. Access BMC/Blancco Cloud.

2. Go to Process Management – Dynamic Workflows – Drive Eraser workflows
1. This button will be visible if the Workflow Editor has been enabled in your BMC or Cloud
account.
3. Click on “Create” to open the Workflow Editor. Note that workflow requires a name before it can be
saved. Note that this name cannot be edited later.
1. To edit an existing workflow:
1. Choose a workflow.
2. Click “Manage workflow”.
3. Click “Edit”. This will open the selected workflow in the Workflow Editor.

4. If you want to set a workflow as the default workflow, click on “Manage Workflow” and select “Set as
default”. Note that only the owner of the workflow can do this action.
12.3 Workflow Editor

In general, the workflow editors have the major elements for editing and creating workflows:
l List of actions on the left side of the editor.

l The middle contains the work area.
l The right contains Properties-panel for the workflow or the selected action.
The work area can be zoomed (50% - 150%) with:
l Ctrl + mouse scroll
Work area can be panned with:
l Dragging the work area with the left mouse button.

l Pan up/down with mouse scrolling.
l Pan left/right with Shift + mouse scrolling.
To change the size of the work area:
l
- Click to reduce/increase the size of the properties area.
Also, the top right contains the Workflow Editor version selector. It displays all Workflow Editor versions.
The workflow version selection requires an access to internet. If there is no access, only the bundled work-
flow editor will be available.
To change to a different Workflow Editor version, select it from the list:
Note that the version selected should match the client image version used to run the workflow. The work-
flow editor version, which was used to edit the workflow, is stored to the workflow file itself. Next time the
workflow is edited MC attempts to use that editor version. If not it will fall back to the most suitable editor.
Actions are added to the workflow by dragging and dropping them to the work area by using mouse. These
actions can be removed from the work area, by selecting them and pressing “Delete/Del”. To connect
actions, click on the output of the action and connect it to another action’s input.
Some of the actions have two outputs: positive (upper right corner and green) and negative (lower right
corner and red). On the action “Erasure”, the positive output (green) would be selected if erasure were suc-
cessful. The negative output (red) would be chosen if the erasure failed.

To change the action’s name, select it and click on the edit-symbol next to the action’s name on the upper
right corner (this has no effect on the action’s symbol):
On the bottom of the window, Save saves all changes and exits the editor. Cancel undoes all changes and
exits the editor.
12.4 List of Available Actions

The following actions are available (note that all actions can be renamed through their properties):
Action Explanation
The workflow execution starts from this action. It starts when an erasable device is detected.
Connected
Only available in Drive-level mode.
The workflow execution starts from this action. It starts when the system is booted.
Booted
Only available in Computer-level mode.
Start erasure of the drive. Erasure is started with the default erasure settings.
The erasure standard can be selected from the “Erasure standard” dropdown menu. If the option
“Interrupt workflow if erasure standard is not supported by the drive” is selected, the workflow is inter-
rupted, if the selected erasure standard is not supported by the drive/hardware.
Note that “Enforce Blancco SSD method on SSDs” and “Enable fallback from NIST Purge to NIST
Clear” options are not applicable for Erase workflow action. Erasure standard fallback and enforce-
Erase ment logic must be implemented by means of workflow itself.
The whole workflow is interrupted on the following cases:
l Not enough licenses.
l Erasure standard is invalid (unsupported by the device).
l Erasure cannot be started (reason unrelated to above reasons).

Run diagnostic hardware tests. Tests, which require user interaction, can be selected in the action’s
settings. See the ”Hardware tests” chapter for more information.
After a single test has finished, the result dialogue is shown for the operator to confirm if the test was
successful or not. Options are YES/NO. “YES” will mark the test as "Successful", whereas “NO” or
Diagnose pressing the ESC-key will mark it as "Failed".
*If the tests are performed in manual mode (no Workflows), hitting ESC key will mark the test as
"Not performed".
Only available if the workflow is in “Computer-level” mode and the hardware tests have been
enabled in DECT.
Create or update a custom field for the processed device and ask the operator to set its value.
f a custom field is predefined in the BDE image, this custom field is kept unchanged in the report if
there is no user interaction with it. But if the "Create Custom Field" action creates one with an
identical title, then the Workflow custom field overrides the predefined one.
The following fields are available:
l Name – Name of the action.
Create Custom l Title – Title of the custom field. This is used to identify the custom field in the report. Custom
Field field title cannot be empty. If it is, then the workflow will fail and "The custom field has an
empty title" error will be shown to the operator.
l Custom field type – The type of the custom field. The following types are available in the
dropdown menu:
l Text field
l Dropdown list
l Multidropdown list.

Action Explanation
l Default value – Default value of the field. Only available if “Text field” is selected as Custom
Field Type.
l Options – A comma separated list of choice options for the dropdown list. Only available if
“Dropdown list” or “Multidropdown list” is selected as the Custom Field Type.
l Regular expression – Regular expression used in the field. Only available if “Text field” is
selected as Custom Field Type.
l Regular expression hint – Hint for the user in the regular expression above.
l Do not Accept empty answer – If selected, empty answers are not accepted.
l Do not ask and use the default value – If selected, the value from “default value” will be
assigned to the custom field and the workflow will continue without asking operator for the
new value.
For more information about the custom fields, see the chapter “Custom fields” and the Drive Eraser
Configuration Tool manual.
Fetches a workflow with the name given in the “Subworkflow name” field and runs it. Once that sub-
workflow has been finalized, the current workflow will continue.
Note that:
l If subworkflow doesn't exist or cannot be fetched the parent workflow validation fails.
Subworkflow
l Starting the same workflow as a subworkflow is not permitted.
l If a per-drive subworkflow is started from a computer-level workflow and per-drive sub-

workflow fails for any of drives, then the overall result of the subworkflow action is “failure”.
l If subworkflow is interrupted, then the parent workflow also gets interrupted.
Send a new report or update the existing one.
If Erase-action was executed before this action, then an erasure report is sent.
If Erase-action was not executed before this action, then an asset report is sent.
Send report When “Send report:” is selected, the report is sent to the BMC/Blancco Cloud. This option is forced
on and cannot be modified.
l Missing license.
Assign a new value to a variable. Currently the following variables are supported:
l <ENTITYINFO FieldName> – Used to create or update a value attached to an entity (com-
puter or drive). The Entityinfo value is displayed in UI and in the report. In the UI, an Entity-
info defined in a Computer-level workflow is located between the "Process: workflow" label
and the Process tabs, while an Entityinfo defined in a Drive-level workflow is located under
each drive..
Set Value
l <DEVICECUSTOMFIELD FieldTitle> - Used to create or update a custom field. If field with
the given title doesn't exist, then a new custom field is created with “Text field” type.
l "Action is called on an invalid target" - Drive with the given ID is unavailable.
l “Failed evaluating expression" – The action’s statement contains syntax errors.

A conditional statement (IF) can be created using this action. The supplied expression is evaluated,
and the result is converted to Boolean. If the result is true, the action result is successful, if not then
the result is a fail.
Condition For a list of operators that can be used, see chapter “Supported Condition Expressions”.
“The currently available variables are:
l <DRIVEATTRIBUTES REMAPPED_SECTOR_COUNT> - Number of remapped sectors

Action Explanation
on the drive. Valid only in per-drive workflows. If used in computer level workflow or the
attribute is not supported by the drive, then the result type is Invalid.
l <DRIVEATTRIBUTES UNCORRECTABLE_SECTOR_COUNT> - Number of uncor-
rectable/bad sectors on the drive. Valid only in per-drive workflows. If used in computer
level workflow or the attribute is not supported by the drive, then the result type is Invalid.
l <DRIVEATTRIBUTES IS_SSD> - checks if current drive is an SSD. Valid only in per-drive
workflow.
l <DRIVEATTRIBUTES IS_NVME> - checks if current drive is an NVMe. Valid only in per-
drive workflow.
l <REPORTPATH XMLPATH> - Use a node in the report for comparisons or other actions.
l This would check if the battery capacity is less than 80:
l lessThan(<REPORTPATH blancco_data.blancco_hardware_report.bat-
teries.battery.capacity>, 80)
l For information, see the chapter “Examples of Using “REPORTPATH” Attribute”.
l <DEVICECUSTOMFIELD Field Title> - Get value of custom field with the given title. For
custom fields of “Mutlidropdown list” type the value is represented as a comma separated
list of selected options.
l <ENTITYINFO Name> - Get value of ENTITYINFO with the given name.
l <MODEL> - Get current drive's model in Drive-level workflow and Computer model in Com-
puter-level workflow.
l <MANUFACTURER> - Get current drive's vendor in Drive-level workflow and Computer
vendor in Computer-level workflow.
l If an expression cannot be evaluated.
l An incorrect XML path will exit the action through Fail-exit.
l "Action is called on an invalid target" - Drive with the given ID is unavailable.
l "Failed evaluating expression" - The conditional statement contains errors in the

REPORTPATH filters.
l For example, incorrect expression inside brackets [] or incorrect use of the brack-
ets (bracket pair missing).
When “Condition” action is used in computer-level workflows:
The per-drive variables the (DRIVEATTRIBUTES) always return 'failure' and action goes to the 'Fail'
exit from the workflow:
l DRIVEATTRIBUTES REMAPPED_SECTOR_COUNT
l REPORTPATH with per-drive path fetches a value for the first found drive, and Condition
item returns its status.
Finalize the process. If this has not been set and the workflow is run, the whole workflow is inter-
rupted.
If “Show fail” is selected the device will display that the process has failed.
If “Restart” is selected, the system is restarted after the workflow has been completed. Only avail-
Finalize able in Computer-level mode.
If “shutdown” is selected, the system is shut down after the workflow has been completed. Only avail-
able in Computer-level mode.
The "Shutdown" option in a Finalize blob takes a precedence over the "Restart" option. If both
options are set, then a computer will be shutdown.

Action Explanation
Ask the operator to answer a pre-defined question with Yes/No. A popup with the question is shown
to the operator. Workflow execution continues by either Success or Failure path depending on the
Question answer: Yes - Success, No - Fail
Note that the question string can also include variables. These variables would display their value
on the question.
Displays an informative dialog for BDE graphical user interface. The message has an OK-button to
close the message box dialog.
After clicking OK in message box, or waiting timeout seconds, and after the message box closes,
Message
workflow continues.
Note that the Message string can also include variables. These variables would display their value
on the message.
While the "Sleep" action is active, worflow will be in sleep state.
Sleep
"sleepDuration" is the amount of milliseconds. "sleepDuration" allowed range is 0 - 2000000000 ms.
Sends HTTP GET or POST requests to the specified URL, parses JSON reply and stores values
from reply to the specified variables.
"URL"
l Maximum length is 2048 characters.
l Can contain variables enclosed in <>, which are substituted to actual values before sending
the request.
l Allowed protocols: HTTP and HTTPS. If HTTPS is used then server certificate validation is
not performed.
"Extra HTTP headers" - extra headers to include to the request.
l Several HTTP headers are separated with new lines. Maximum length is 2048 characters.
l Can contain tags enclosed in <>, which are substituted to actual values before sending the
request.
l "Content-type" and "Content-length" header values are always replaced with actual values
for POST method.
"Store HTTP return code to"
l Must be either empty or contain one of assignable variable tags (<VARIABLE Vari-
Server Message
ableName>, <ENTITYINFO InfoName>, <DEVICECUSTOMFIELD FieldName>). If con-
tains a tag and HTTP response code is received from the server, then the code is stored to
the variable.
l "JSON to send as POST payload"
l Not used when GET method is chosen.
l Can contain tags in JSON element values (not keys) enclosed in <> that will be replaced
with actual values, e.g. {"event":"connected","interface":"<REPORTPATH blancco_data.b-
lancco_hardware_report.disks.disk.interface_type>"}
"JSON reply from server"
l JSON values must be either empty or must contain assignable tags: <VARIABLE Vari-
ableName>, <ENTITYINFO InfoName>, <DEVICECUSTOMFIELD FieldName>
l If server reply has valid JSON payload and JSON structure in reply match with the structure
in this field, then variables get values assigned from reply.
Item result:
l If HTTP response code was received from the server then Action exits through OK(green)
point. The code can be any, e.g 404 or 500 is fine too. It is up to the user to check the status
code value and do further actions based on it.

Action Explanation
l If HTTP status code was not received for any reason, e.g. connection refused, timeout or
whatever, then Action exits through Failure(red) point.

Workflow is interrupted in the following cases:
l If URL is not valid after variable value substitution
l Extra headers value is incorrect after variable value substitution
l Variable cannot be assigned
12.4.1 Server Message Examples
Valid reply template example:
{
"erasureStandard": "<VARIABLE standardId>",
"machineGrade": "<DEVICECUSTOMFIELD machineGrade>",
"someSubObject": {
"someArray": ["", "<ENTITYINFO someArrayElemTwo>", ""] <= we are
interested in value of the second element of the array
}
}
Corresponding reply:
{
"erasureStandard": "nist-purge",
"machineGrade": 5,
"someSubObject": {
"someIgnoredValue": true,
"someArray": [12.34, 34.56, 56.78]
}
}
Invalid reply template example:
{
"<MANUFACTURER>": "<VARIABLE someVariable>", <= Keys must be con-
stant
"manufacturer": "<REPORTPATH some.report.path>", <= REPORTPATH cannot
be assigned
"assetTag": "<VARIABLE someVariable> <DEVICECUSTOMFIELD assetTag>", <=
Only one variable can be specified
"serialNumber": 10203040 <= "10203040" does not specify an
assignable variable. If a value needs to be checked, first assign it to a variable
and then check in Condition action
"someSubObject": {
"someArray": ["One", "<ENTITYINFO someArrayElemTwo>", "Three"] <=
"One" and "Three" do not specify an assignable variable.
}
}

12.4.2 Variables
A variable, in format <VARIABLE name> , is used to store intermediate values, which do not go to report.
Variables with "G_" prefix have global storage, which are accessible from any workflow during a BDE ses-
sion. Variables are currently supported in SetValue, Condition, Message and Question actions. Variables
can be highlighted in the Message or Question dialogs in bold font (if enclosed in double asterisks like
**this**) and/or in italic (if enclosed in single asterisks like *this*) .
Following value types can be stored:
l String
l Integer
l Boolean
Floating point values are not supported at the moment, and are stored as Strings, i.e. no arithmetic oper-
ations on floats.
Variables are coupled with the target device the workflow is running on. For per-drive workflows it is the tar-
get drive. For computer-level workflows, it is the Host entity. Subsequently, all per-drive workflows running
on the same drive use the same variables context, e.g. main per-drive workflow and per-drive subworkflow.
Same for computer-level workflows: all computer level workflows can access other computer level work-
flow's variables.
This returns different value for every disk_
<VARIABLE Capacity> = <REPORTPATH blancco_data.blancco_hardware_report.disks.disk.-

capacity> + 100
If per-drive workflow needs access to a computer-level (global) variable, then the variable name must be
prefixed with the "G_" prefix. For computer-level workflows"G_" prefix is ignored.
Accessing computer-level variables from per-drive workflow is not possible.
Other notes:
l The Message- and Question-actions support the Markdown syntax (https://www.-

markdownguide.org/basic-syntax/).
l This applies to e.g. bold syntax (**like this**), italic syntax (*like this*).
l A syntax like "8. Continue" will be understood as being an ordered list and rendered as "1.
Continue". A workaround for this is to use the syntax "8\. Continue" (escape the dot) to render
it as "8. Continue".
l It's possible use variables on both sides of expressions.
l For Integer variables arithmetic operations: +,-,*,/ works fine.
l For String variables functions like concat(X, Y) can be used.
l Variables are case-sensitive.
l Global variables work correctly for the case when main workflow is computer-level and subworkflow
is per-drive level.

l It's not mandatory to use G_ prefix in a main computer-level workflow, but it needs to use in
subworkflows to have access to computer-level variables.
<VARIABLE Capacity> = <REPORTPATH blancco_data.blancco_hardware_report.disks.disk.capacity> +

100
12.4.3 Supported Condition Expressions

Action Example Explanation
Boolean operator. Non-boolean oper-
AND true AND false
ands are converted to Boolean.
Boolean operator. Non-boolean oper-
OR true OR false
ands are converted to Boolean.
Equality. If operands are of different
10 == 10 type, then conversion to String type is
done. String comparison is case insens-
== ‘False’ == false
itive for Latin characters. If one of oper-
‘10’ == 10 ands is invalid, then the result is always
false
true != false Not equals. Same rules apply as for
!=
‘’ != 10 equality operator.
Comparison function. If operand(s) is
lessThan(10, 20) = true not an integer, then attempt is made to
lessThan('441', 445) = true convert both operands to Integer type.
Boolean lessThan(Int, Int) If conversion fails, then both operands
lessThan(false, 200) = true are converted to Strings and string com-
lessThan('AB', 'AA') = false parison is done. If operand(s) is invalid,
then the result is always false.
moreThan(20, 10) = true
Comparison function Same rules apply
Boolean moreThan(Int, Int) moreThan(0, 0) = false
as for lessThan function.
moreThan('A', 'AA') = false
Returns the smallest value of two oper-
Int min(Int, Int) min(10, 20) = 10 ands. Accepts only integer arguments,
no conversion from other types!
Returns the biggest value of two oper-
Int max(Int, Int) max(10, 20) = 20 ands. Accepts only integer arguments,
no conversion from other types!
Returns the length of the input string.
Int length(String) length("VBOX") = 4 Accepts only string argument, no con-
version from other types!
Returns Boolean true if the String 1
Boolean startsWith(String 1, String starts with String 2, false otherwise.
startsWith("Hello World", "Hello") = true
2) Comparison is case sensitive. Accepts
only string arguments.
Returns Boolean true if the String 1
Boolean endsWith(String 1, String ends with String 2, false otherwise.
endsWith("Hello World", "World") = true
2) Comparison is case sensitive. Accepts
only string arguments.
Returns Boolean true if the String 1 con-
tains String 2, false otherwise. String
contains("Blancco Drive Eraser", "drive") =
Boolean contains(String 1, String 2) comparison is case insensitive for Latin
true
characters. Accepts only string argu-
ments.
Returns a substring of input String,
String mid(String, Int) mid("Hello World", 6) = "World" starting from position Int. No automatic
type conversion of input arguments.
String mid(String, Int 1, Int 2) mid("Hello World", 7, 2) = "or" Returns a substring of input String,

Action Example Explanation
starting from position Int 1 and having
length Int 2. No automatic type con-
version of input arguments.
Returns first Int characters of the input
String left(String , Int) left("Hello World", 3) = "Hel" String. No automatic type conversion of
input arguments.
Returns last Int characters of the input
String right(String , Int) right("Hello World", 4) = "orld" String. No automatic type conversion of
input arguments.
concat("This is ", true) = "This is true"- Concatenates two input strings. If argu-
concal("Number of apples is ", 50) = "Num- ment(s) is not a string, the value is con-
String concat(String, String) ber of apples is 50" verted to string. Can be used to convert
concat(50, ‘’) = “50” an arbitrary argument to string.
This function returns true if the operand
isValid(<REPORTPATH a/b/c>) = true (if
Boolean isValid(Operand) contains some value (String, Integer,
the paths exist in report XML)
Boolean) or false otherwise.
Other notes:
An operand in an expression can be one of 4 types: String, Boolean, Integer or Invalid
l String operand examples: “Hello”, ‘Bye’

l Boolean operand examples: true, false (must be lower case!)
l Integer operand examples: 10, 0, -500
l Invalid type is returned by functions or tags if the expression cannot be evaluated, for example if argu-
ment types of a function are not correct, the path inside <REPORTPATH> tag doesn’t exist, or cer-
tain DRIVEATTRIBUTE is not supported by the drive.
Some functions perform type conversions, which are done according to the following rules:
l String to Boolean: if the String has a least one character the result is true, false otherwise
l Integer to Boolean: If the Integer is more than 0 the result is true, if it is equal or less than 0 the result
is false
l Boolean to String: true is converted to “true”, false to “false”
l Integer to String: Integer is converted to its String representation, e.g. 500 => “500”
l Boolean to Integer: true is converted to 1, false to 0
l String to Integer: the String must contain numeric characters only, otherwise the conversion fails
l Invalid type can only be converted to Boolean and result is always false
String literals outside of tags (<TAG>) must be in quotes (apostrophes or double quotes). If the string con-
tains apostrophes enclose it to double quotes and vice-versa.
Accepted:
<MODEL> == "VBOX"
<MODEL> == 'VBOX' <- same as line above
<MODEL> == '"VBOX"' <- resulting string is "VBOX"
<MODEL> == "'"

Not accepted:
<MODEL> == VBOX
<MODEL> == """
In tag parameters quotes are optional. For example, DEVICECUSTOMFIELD is a tag with single string para-
meter and so all the characters after tag name up to the closing ">" are considered a string parameter. If the
parameter is in quotes, then the quotes are ignored:
<DEVICECUSTOMFIELD Asset ID> <- OK

<DEVICECUSTOMFIELD "Asset ID"> <- same as above
<DEVICECUSTOMFIELD 'Asset ID'> <- same as above
<ENTITYINFO Device color> <- OK
Function can have non-const arguments, for example tags or results of other functions.
Example:
lessThan(<DRIVEATTRIBUTES REMAPPED_SECTOR_COUNT>, max(10, <DRIVEATTRIBUTES

UNCORRECTABLE_SECTOR_COUNT>))
Set Value uses the same logic, it is possible to use expressions on the right side of Set Value.
Example:
<ENTITYINFO Remapped> = concat("Remapped sector count: ", <DRIVEATTRIBUTES

REMAPPED_SECTOR_COUNT>)
12.5 Drive-level & Computer-level Workflow-mode

The workflow can be run in two modes: Drive-level or Computer-level. The selected mode can be identified
in the report by checking the where the workflow report is located:
l If it is located under “System version”, then it is a Computer-level workflow.

l If it is located under “Drive”, then it is a Drive-level workflow.
In drive-level mode, the workflow is started when a new device is connected to the detected by the system
(newly attached drives can be detected by clicking “Refresh”. The start action is named as “Connected” in
this mode. This mode support hot-plugging drives.
In computer-level mode, the workflow is started when the system is booted. The start action is named as
“Booted” in this mode. This mode does not support hot-plugging drives.
The mode can be switched in the workflow’s settings, by selecting the “Start item” as “Booted” for Com-
puter-level or “Connected” for Drive-level mode:

Major differences for the actions in each mode:
Action Computer-level Drive-level
“Start action” Booted Connected
Erase Erases all drives present in the system at boot time. Erases single (currently detected) drive.
Sends per-drive report for single (current)
Send report Sends full report with Hardware details.
drive.
<ENTITYINFO> creates an entry that goes
<ENTITYINFO> creates an entry that goes under
under "blancco_hardware_
"blancco_hardware_report.system"
Set value report.disks.disk"
<DEVICECUSTOMFIELD> creates a global cus-
<DEVICECUSTOMFIELD> creates a per-
tom field if it doesn’t exist
drive custom field if it doesn’t exist
Per-drive variables are evaluated for the
Per-drive variables are not evaluated. current drive.
Condition Per-drive paths in REPORTPATH will fetch a value Automatic filter is applied to per-drive
for the first found drive. REPORTPATHs to fetch the value for cur-
rent drive.
Finalizes the workflow for the machine. Can restart
Finalize Finalizes the workflow for a drive.
or shutdown the machine.
Starts chosen tests. Not supported – the action is skipped if
Diagnose
Note: hardware tests should be enabled in DECT. encountered in per-drive workflow
Can start per-drive workflow only, NOT a
Subworkflow Can start a computer-level or per-drive workflow.
computer-level workflow.
Create Custom Field Creates a global custom field Creates a per-drive custom field
12.6 Running a Workflow

To run a workflow, boot the modified image and enter any communications and/or other settings if neces-
sary. The process will follow the steps specified in the workflow. Whether or not user interaction is required,
depends entirely on the workflow and the steps it takes.
User interface when workflow is being fetched from BMC:

User interface when workflow named “Remapped” is being run with two devices detected in the Drive-level
mode:
12.7 Example Workflow

In the workflow below, the following actions are taken:
1. Connected - Device/hardware is connected and detected.

2. Condition - Device condition is checked.
1. If the condition is not acceptable, the workflow continues directly to the lower “Finalize” step
with the “Show fail” option selected.
3. Set Value - If the condition was acceptable, then workflow continues to “Set Value” step. Here a
value is entered to the device’s custom field in the report.
4. Send Report - Report with the device’s info is sent to BMC/Blancco Cloud. If a report containing
information about this device already exists in BMC/Blancco Cloud, then the report is updated with
the new information.
1. If report sending fails, the workflow continues directly to the lower “Finalize” step with the
“Show fail” option selected.
5. Process is finalized

12.8 Using “REPORTPATH” Attribute and Examples
Notes:
l REPORTPATH attribute can be used only in Condition action at this version.

l XmlPath is a sequence of XML nodes delimited with '.'.
l If syntax error is found in XmlPath, the workflow execution stops with INTERRUPTED status.
l If target node pointed by the path is a leaf node of uint or string type,then the node's text value is
used in expression evaluation.
l If target node is an array node (a node with "entries" name) then the number of children of the target
node is used in expression evaluation.
l If target node does not exist in report, then empty string "" is used in expression evaluation.
12.8.1 XmlPath Examples
Hardware report part:
blancco_data.blancco_hardware_report.disks.disk.interface_type
blancco_data.blancco_hardware_report.disks.disk.capacity
Erasure report:
blancco_data.blancco_erasure_report.erasures.erasure.state
blancco_data.blancco_erasure_report.erasures.erasure.firmware_rounds

Custom fields:
user_data.fields.My custom field
12.8.2 Filters in XmlPath:

Optional filters can be used to choose certain nodes in array node, e.g:
blancco_data.blancco_erasure_report.erasures.erasure[target.target_id=100].failed_sectors
Erasure nodes having child node "target.target_id=100" are selected.
Several filter can be combined to form AND filter condition:
blancco_data.blancco_erasure_report.erasures.erasure[target.target_id=100]
[target.type=disk].failed_sectors
both "target.target_id=100" and "target.type=disk" child nodes must exist for the node to be selected.
Note that only "elementPath=value" conditions are supported in filters at this version.
12.8.3 Drive specific paths

Drive specific paths are automatically filtered by current drive ID:
blancco_data.blancco_hardware_report.disks.disk
disk node with disk ID of the disk currently processed by the workflow is selected.
blancco_data.blancco_erasure_report.erasures.erasure
erasure node, which has current drive as its target is selected.
12.8.4 Usage examples
Checking available memory:
moreThan(<REPORTPATH blancco_data.blancco_hardware_report.memory.total_memory>,
4194967295)
Number of processor cores:
moreThan(<REPORTPATH blancco_data.blancco_hardware_report.processors.total_cores>,
3)
Checking battery capacity:

lessThan(<REPORTPATH blancco_data.blancco_hardware_report.bat-
teries.battery.capacity>, 80)
Note: only one battery will be checked in case the machine has several!

Checking drive features:
<REPORTPATH blancco_data.blancco_hardware_report.disks.disk.features.feature
[.=crypto erase]> == "crypto erase"
Checking drive’s last self test result:
<REPORTPATH blancco_data.blancco_hardware_report.disks.disk.self_tests.self_test
[id=1].Value> == "[0x00] completed without error"
Checking SMART attribute:
lessThan(<REPORTPATH blancco_data.blancco_hardware_report.disks.disk.smart_attrib-
utes.smart_attribute[name=Power On Hours].raw_value>, 1000)
Check if the erasure was not cancelled
<REPORTPATH blancco_data.blancco_erasure_report.erasures.erasure.state> != "can-

celled"
12.8.5 Limitations
• Filtering by index in arrays is not supported.
blancco_data.blancco_hardware_report.ports.port[1].type
‘.’, ‘[‘, ‘]’ are used as special delimiters and cannot be used in XML node names (e.g. custom field names).
The same goes for ‘<‘, ‘>’, ‘(‘, ‘)’symbols in Condition blob expressions.
Some XML report values are can be difficult to use, because of the way they are reported, e.g. timestamps,
resolutions, etc.
blancco_data.blancco_hardware_report.display.resolution = "1920x1080"
12.9 Error Messages

If the workflow is unable to run, the software will display an error message. The list of possible error mes-
sages and their explanations are listed below:
Error Message Explanation Possible Solution(s)
The error is unknown to the software.
Error is not recognized by the soft- If this error happens, collect an issue
Unknown error
ware. report and send it to Blancco for invest-
igation.
Check that BDE version matches the
Invalid start item The first action is invalid. workflow editor version.
Most probable cause is workflow edit-

or/BDE version mismatch.
Listed expression could not be Check “Condition” or “Set Value” item’s
Failed to parse expression [expression]
parsed. expression syntax.
Check that BDE version match the work-
Erasure standard was not recog- flow editor version.
Unknown erasure standard
nized. Most probable cause is workflow edit-
or/BDE version mismatch.
Incorrect workflow data Workflow has incorrect data. workflow editor version. Try to create a
workflow from scratch.
Check the listed operand’s value for syn-
Invalid operand value [value] Listed operand has invalid value. tax errors. Check the entire expression for
syntax errors.
workflow editor version. Most probably
Unknown hardware test [test name] Listed hardware test is unknown. the test is not supported in the old BDE
version. If it is not the case, then dev team
should be contacted.
Parsing failed on the listed hard- Check that BDE version matches the
Hardware test [test name] parsing failed
ware test. workflow editor version
Invalid parentheses placement in Check that parentheses are placed cor-
Invalid placement of parentheses in
listed expression (“()”) in “Condi- rectly and that each parenthesis is closed
[expression]
tion” item. with its pair.
Listed parameter given as Check the parameter spelling. Check that
Unsupported DRIVEATTRIBUTES para-
DRIVEATTRIBUTE is unsup- BDE version matches the workflow editor
meter [parameter name]
ported. version
Check the listed variable spelling. Check
Unsupported variable [variable name] Listed variable is unsupported. that BDE version matches the workflow
editor version.
Check that “Subworkflow” item contains a
Invalid subworkflow name [name of sub- Subworkflow item contains invalid
valid subworkflow name. Name cannot be
workflow] subworkflow name.
empty or longer than 255 symbols.
Check that “Subworkflow” item doesn’t
Workflow cannot call itself recurs-
Workflow cannot call itself contain current workflow name in its “sub-
ively.
workflow” name.
Could not fetch subworkflow [name of the Listed subworkflow could not be Check the called subworkflow’s name is
subworkflow] fetched. correct and that it exists in the system.
Check the drive level subworkflow calls.
Drive-level workflow cannot call com- Drive-level workflow tries to call Computer-level workflows can call drive-
puter-level workflow computer-level workflow. level subworkflows, not the other way
around.
BDE iso file already contains a locked cus-
tom field and the workflow tries to set a
Locked custom field cannot be
Pre-configured custom field is locked custom field item with the same title with
edited by the workflow.
either the "Custom field" or the "Set
Value" action.
"Diagnose" item has "Optical drive"
Either deselect "Optical drive" test in "Dia-
None of the optical test options were test chosen but none of "Read",
gnose" item or select at least one subtest.
chosen. "Write" or "Blank" subtests are
selected.
"Regular Expression" field in
Invalid regular expression "Create Custom Field" workflow
Check the listed regular expression.
"EXPRESSION". item does not represent a valid reg-
ular expression.
"Question to ask" field in "Ques-
Empty question. Please fill in the "Question to ask" field.
tion" item cannot be empty.

"Message" field in "Message" item
Empty message. Please fill in the "Message" field.
cannot be empty.
"Title" field in "Create Custom
The custom field has an empty title. Please fill in the "Title" field.
Field" item cannot be empty.
"Create Custom Field" item has
The custom field's drop-
either "Dropdown" or "Multidrop-
down/multidropdown list does not have Please fill in the "Options" field.
down" type but mandatory
any option.
"Options" field is empty.
Check that "Duration (ms)" field has valid
"Duration (ms)" field in "Sleep" item
Invalid sleep time. value. Allowed range is from 0 to
has invalid value.
2000000000 ms.
"URL" field in "Server Message" Check that the "URL" starts with "http://"
Unsupported URL "URL".
item has unsupported protocol. or "https://".
"Request timeout (seconds)" field Check that "Request timeout (seconds)"
Invalid timeout value "TIMEOUT". in "Server Message" item has field has valid value. Allowed range is
invalid value. from 1 to 2000000 seconds.
Check that JSON_PATH contains
"JSON reply format from server" assignable variable tag: <VARIABLE Vari-
Invalid element in JSON reply: JSON_
field in "Server Message" item has ableName>, <ENTITYINFO InfoName>
PATH.
invalid value. or <DEVICECUSTOMFIELD
FieldName>.
"Extra HTTP headers" field in
Check that "Extra HTTP headers" field
Invalid extra HTTP headers. "Server Message" item has invalid
has valid value.
value.
"Default Value" field value doesn't
Change either "Default Value" or "Regular
Default value doesn't match the regular match the given "Regular Expres-
Expression" so that "Default Value" will
expression. sion" value in "Create Custom
match "Regular Expression".
Field" workflow item.
Workflow contains items, which
Either remove interactive items from the
involve interaction with the oper-
workflow or change the "Erasure control"
Interactive workflow items cannot be ator through UI ("Create Custom
value in Blancco Configuration Tool from
used with remote erasure control. Field", "Diagnose", "Question",
"Blancco Management Console remote"
"Message"), but UI is locked due to
to a different option.
remote erasure control.
Note that only one error message is displayed in at a time. If there are more errors in a workflow, the second
error will be displayed after fixing the first error.

13. Troubleshooting
Please consult the Blancco Support Knowledge Base for extensive information on Blancco Drive Eraser
troubleshooting:
https://support.blancco.com/display/KB/Drive+Eraser
You can also request assistance from Blancco Support:
Please collect beforehand information about the machine where the problem occurs.
In Blancco Drive Eraser, generate an issue report:
1. After the issue is reproduced, click on "Report issue" (or press F2).
2. Fill in a short description of the problem.
3. Save the issue report on a USB stick or send it to the Blancco Management Console.
4. Submit a ticket at http://support.blancco.com:
a. Press "Submit a Ticket".
b. Press "Next".
c. Dill in your details, the description of the problem, attach the issue report you have previously
generated.
d. Press "Submit".

14. Appendix 1: SSD Supplement
14.1 Guidelines for Using SSD Erasure Method
The following guidelines should be carefully followed when erasing an SSD:
l Currently the SSD Erasure Method is only designed to erase SSDs that use the ATA and SCSI inter-
face and support the firmware based erasure commands.
l For these drives, the recommended and most thorough erasure standard available in the soft-
ware is Blancco's SSD Erasure Standard. However, if your erasure policy mandates that a dif-
ferent process should be applied for these drives, other options can be selected but a
message will appear on the report highlighting that an SSD was erased.
l If the SSD you are trying to erase does not support the firmware command, it is not possible to
erase the SSD with Blancco’s SSD erasure method. This information will be displayed on the
UI.
l If it is not possible to remove an applied freeze lock on the SSD you are trying to erase, the
erasure using Blancco’s SSD erasure method will fail. This information will be displayed on
the report.
l If the SSD-drives are really old models (usually 64GB or smaller), it is recommended that only one
SSD should be erased per machine at a time. The success of erasure can be affected if two drives
are attempted to be erased simultaneously.
l The whole drive should be erased, do not erase individual partitions. The use of firmware based
erasure commands will not work on partitions on an SSD. The whole drive must be erased when
using Blancco’s SSD method.
l The SSD should not be connected to the machine through additional pieces of hardware such as
USB/FireWire docking stations or PATA/SATA/SCSI bridges. These could prevent the software’s
ability to issue the firmware erasure command, resulting in a failed process.
l There should also be no instance of a RAID configuration for SSDs being erased. If two SSDs are
attached to the host machine, erase a single drive at a time.
l For ATA SSDs, if the drive is not shown on the drive selection screen, or the erasure process cannot
be run due to non-access to firmware based erasure command, one possible solution is to change
the SSD's mode from IDE/ATA-mode to AHCI/Sata Native-mode (via the appropriate
BIOS/UEFI/EFI settings).
l Blancco Drive Eraser can detect and erase eMMCs to meet the requirements of Clear and Purge, as
specified by NIST.
l Note that if the eMMC has retired sectors, there is a risk that those sectors won’t be erased,
even after Purge-level erasure. Please refer to the chapter dedicated to eMMC drives.
14.2 Erasure Result

14.2.1 Status
The end result of an erased SSD (using Blancco’s SSD method) can be one of only two states: erased (suc-
cess) and not erased (failed or canceled by the user). An erased drive constitutes one that has had the

whole erasure and verification processes completed, without any identified errors. The drive is also
checked for responsiveness once erased and must present itself in an operational condition.
14.2.2 Failure Logic

Blancco’s SSD erasure solution follows a multistep erasure and verification process – if any of the steps fail,
the whole process results in a fail. This will result in an erasure report stating that the erasure process has
not been successful. The logic for erasure failure includes the following:
l An SSD being erased must allow the firmware level erasure process to execute. The software will
reject those that do not support these commands, as it is an essential part of the SSD erasure
method. If the software cannot access the firmware command, for any reason, the drive’s erasure
will result in a fail.
l If an ATA SSD has a Master Password set, it is not possible to access the firmware erasure
command or write data to it. This password must be removed before erasure can be con-
sidered. If it is not possible to retrieve the password or somehow bypass it to unlock the drive,
it cannot be erased.
l ATA drives that have a freeze lock placed on them by the host machine’s BIOS will not allow
access to the firmware erasure command. The latest versions of Blancco’s software will
attempt to automatically remove the lock. Please see the appropriate part of the manual for fur-
ther guidelines on removal.
l The verification stage of SSD erasure must be completed successfully. If it cannot complete, the
erasure is considered a fail.
l The verification of an SSD must show that no data has remained on the device (at the logical
level). If anomalies are found, the erasure will fail.
l There is a possibility that some encrypting SSD models will appear to consistently fail erasure
because verification will fail. See the Failed Erasures section below for further information on
handling.
l Variations in drive implementations may mean that some drives require a slightly different pro-
cess – see Failed Erasures section below for further details.
14.3 Handling Information

14.3.1 Erasure Method
The Blancco erasure software will recognize that an SSD has been detected and will recommend the use of
Blancco’s proprietary method for SSDs. Blancco’s SSD erasure method combines different techniques to
provide the best security available and may exceed the requirements of other erasure standards. However,
the sanitization process is ultimately mandated by the user of the software and based on their internal
policy. For example, the policy may be to strictly adhere to NIST 800-88 and apply those processes.
14.3.2 Inoperable Drives

It is possible that SSDs containing firmware that is flawed or have some other operational deficiency (pos-
sibly due to being near to the end of their life) will be subject to malfunction as a result of the erasure pro-
cess. This highlights drives that are faulty, regarding their internal erasure or operational methods. When an
event arises whereby an organization decides that an SSD is considered to be either unserviceable or have
security concerns about a drive, possibly due to a failed erasure process or some other reason, further dis-

position considerations are required: The organization handling the SSDs should consider if a destructive
process is required on drives that enter an unresponsive state.
It is also possible that the drive’s OEM (or a data recovery lab) can return the SSD to an operational con-
dition. Guidance should be sought from the relevant vendor in this case. It should be noted that (during
Blancco’s testing operations) this situation has occurred in only a few cases.
When proceeding with the erasure of drives, it is advised to monitor the results to identify any particular mod-
els that become unresponsive post erasure.
14.3.3 Failed Erasures

Blancco’s SSD erasure method applies strict verification requirements in order to provide a holistic
approach to SSD erasure and mitigate the issues highlighted by previous research. If a drive does not sup-
port the firmware erasure commands (not because of a BIOS issued freeze lock), then there are some
alternative reasons:
14.3.3.1 Verification Issues

In the case of drives that consistently fail verification (the report will indicate when this occurs), it is possible
that the drive will require some additional process or analysis. If this situation arises, please contact your
local Blancco representative. Blancco is seeking to identify these models and attain details of drive oper-
ations from OEMs in order to offer assurances of security and/or specific methods for handling these drives.
14.3.3.2 Firmware Upgrading

SSD vendors often develop and issue firmware updates over the lifetime of a drive. The firmware updates
may be developed to address some technical issue or bug found after the SSDs are released to consumers.
Updated SSD firmware usually implies performance improvements, security updates or improved drive reli-
ability.
SSD models that consistently fail erasure could benefit from a firmware update to improve the robustness of
their internal operations1.
1Blancco is not in a position to guarantee the success or otherwise of firmware updates. There is also no certainty that this will improve
the result of erasure.

15. Appendix 2: Compliance with Updated NIST Guidelines
At the end of 2014, the US-based National Institute of Standards and Technology (NIST) updated their
guidelines for sanitizing media to include requirements for SSDs. When it comes to sanitization, NIST
describe two processes to achieve different levels of security:
l Clear (an erasure process that protects against non-invasive data recovery methods)
l Purge (for higher security, to protect against laboratory data recovery)
Some of the commands referenced by the NIST guidelines only feature in very new hardware.
The following tables outline where NIST requirements are supported by Blancco products.
15.1 Solid State Drives (SSDs)

Drive Type Erasure Requirements Supported?
Clear – Normal overwrite or Secure Erase Yes*
ATA
Purge – Block Erase or Cryptographic Erase Yes**
Clear – Normal overwrite Yes
SCSI / SAS
Purge – Block Erase or Cryptographic Erase Yes***
Clear - Normal overwrite Yes
NVMe
Purge - Format Unit or Cryptographic Erase Yes****
Clear - Normal overwrite Yes
eMMC
Purge - Sanitize or Secure Erase Yes*****
* Secure Erase is attempted by default, normal overwrite is used if Secure Erase is not supported.
** According to the NIST guidelines, this is only possible on SSDs that support the ATA SANITIZE Block
Erase, the ATA SANITIZE Crypto Erase and/or the TCG Crypto Erase commands, all supported in the
standard “NIST 800-88 Purge”.
*** According to the NIST guidelines, this is only possible on SSDs that support the SCSI SANITIZE Block
Erase, the SCSI SANITIZE Crypto Erase and/or the TCG Crypto Erase commands, all supported in the
standard “NIST 800-88 Purge”.
**** According to NIST guidelines, this is possible on NVMe SSDs that support the NVMe Format - User
Data Erase, NVMe Format - Crypto Erase, NVMe SANITIZE Block Erase, NVMe SANITIZE Crypto Erase,
NVMe SANITIZE Overwrite and/or the TCG Crypto Erase commands, all supported in the standard “NIST
800-88 Purge”.
***** According to NIST guidelines, this is possible on eMMC drives that support the Secure Erase com-
mand or some other equivalent method. However, this also depends on the hardware where the eMMC is
embedded as well as on the eMMC manufacturer. Blancco Drive Eraser supports the Sanitize and Secure
Erase commands, via the standard “NIST 800-88 Purge”.
15.2 HDDs
Drive Type Erasure Requirements Supported?
ATA
Purge – Firmware-based Overwrite or Cryptographic Erase or Secure Erase Yes*
SCSI/SAS
Purge – Firmware-based Overwrite or Cryptographic Erase Yes**

* According to the NIST guidelines, this is only possible on HDDs that support the ATA SANITIZE Over-
write, the ATA SANITIZE Crypto Erase, the ATA (Enhanced) Secure Erase and/or the TCG Crypto Erase
commands, all supported in the standard “NIST 800-88 Purge”.
** According to the NIST guidelines, this is only possible on HDDs that support the SCSI SANITIZE Over-
write, the SCSI SANITIZE Crypto Erase and/or the TCG Crypto Erase commands, all supported in the
standard, via the standard “NIST 800-88 Purge”.
15.3 NIST verification

NIST have specified distinct sampling methods for verifying erasure1:
l NIST normal verification: the drive is split into subsections, two pseudo random locations within each
subsection are selected, then these locations are verified. This NIST verification is available in
Blancco software and the percentage of the verified area is configurable by the user, it is used at the
end of the “NIST 800-88 Clear” and “NIST 800-88 Purge” standards (where 10% of the drive is veri-
fied as a minimum) as well as in all the other supported erasure standards. This means that selecting
any Blancco erasure standard and setting a verification percentage equal or higher than 10% will
ensure at least a clear-level erasure as defined by NIST.
l NIST Crypto Erase verification: pseudo random locations are selected throughout the drive and writ-
ten with a known pattern before the Crypto Erase is triggered. After the Crypto Erase execution,
these pseudo random locations are read to verify the absence of the known pattern. This NIST veri-
fication is available in Blancco software and the percentage of the verified area is configurable by the
user (the minimum being 10% of the drive). It is used at the end of the “NIST 800-88 Purge” stand-
ard.
15.4 Blancco SSD Erasure compliance with NIST

Depending on the firmware commands supported by the drive, the “Blancco SSD Erasure” standard is com-
pliant with NIST Purge or NIST Clear:
l On newer SSDs supporting the Sanitize commands (required to meet the NIST Purge-level erasure),
“Blancco SSD Erasure” is fully compliant with the Purge-level erasure as defined by NIST. In fact,
“Blancco SSD Erasure” exceeds the NIST Purge recommendations.
l On older SSDs not supporting the Sanitize commands (but supporting older commands such as
Secure Erase), “Blancco SSD Erasure” is fully compliant with the Clear-level erasure as defined by
NIST. In fact, “Blancco SSD Erasure” exceeds the NIST Clear recommendations.
l On other data storage devices storing their data on flash memories (e.g. eMMC, NVMe), “Blancco
SSD Erasure” is fully compliant with the Purge-level erasure as defined by NIST.
l “Blancco SSD Erasure” can also be used to erase other drives (e.g. HDD) and compliance with NIST
Purge can be achieved, although this depends on the commands supported by the target drive.
Nevertheless, the “Blancco SSD Erasure” targets essentially drives that store their data on flash
memories (SSD, eMMC, NVMe) and other standards should be preferred when erasing magnetic
drives.
l Whenever a purge-level erasure is achieved on an SSD/eMMC/NVMe, through using "NIST Purge"
or "Blancco SSD Erasure", there is no specific exception in the report. If a successful erasure is
1http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-88r1.pdf pages 20-21

reached via any standard achieving clear-level erasure, there is an exception in the report: “Device is
SSD/eMMC/NVMe, see manual for more information”.
l There are some corner cases, like for an example if the "TCG Crypto Erasure" is successfully
used with 10+% verification on an SSD: this achieves purge-level erasure according to NIST,
but the report exception above is kept.
l If "Blancco SSD Erasure" is successful on an ATA/SCSI SSD via using Sanitize or TCG commands,
the following message is added to the report: "Exceeds NIST-Purge".
l In any other case, if "Blancco SSD Erasure" is successful, it will be through using legacy com-
mands that are not compliant with "NIST Purge", in which case the following message is
added to the report: "Exceeds NIST-Clear".
l If "Blancco SSD Erasure" is successful on an NVMe, the following message is added to the report:
"Exceeds NIST-Purge".
l If "Blancco SSD Erasure" is successful on an eMMC via using the MMC Sanitize command, the fol-
lowing message is added to the report: "Exceeds NIST-Purge".
l If "Blancco SSD Erasure" is successful on an HDD, no additional message is added to the report.

16. Appendix 3: Execution steps of the erasure standards
All verification algorithms that the Drive Eraser uses, are NIST-based. See chapter NIST verification for
more information.
* = depends on the value user has given. See chapter on “Verification”, for more info.
CE = Crypto Erase
ESE = Enhanced Secure Erase
SA = Sanitize
SE = Secure Erase
FU = Format Unit
BE = Block Erase
OW = Overwrite (firmware-based erasure command)
NF = NVMe Format
→ = fallback procedure
16.1 Magnetic standards

HMG Infosec Standard 5, Lower Standard Step #
Overwrite with 0x00 1.
Verify data* 2.
HMG Infosec Standard 5, Higher Standard Step #

Overwrite with 0xAA 1.
Overwrite with random byte 3.
Verify data* 4.
CESG CPA - Higher Level Step #

Verify data* 2.
Verify data* 4.
Overwrite with random byte (periodic random) 5.
Verify data* 6.
DoD 5220.22-M Step #

Verify data* 4.
DoD 5220.22-M ECE Step #

Overwrite with aperiodic random data 4.

Verify data* 8.

Overwrite with 0xFF 1.
Verify data* 8.
Navy Staff Office Publication (NAVSO P-5239-26) Step #

Overwrite with 0xFFFFFFFF 1.
Overwrite with 0xFFFFFFE4 2.
Verify data* 4.
National Computer Security Center (NCSC-TG-025) Step #

Overwrite with 0xCA 2.
Verify data* 5.
National Computer Security Center (NCSC-TG-025) Step #

Overwrite with 0xFA 2.
Verify data* 5.
U.S. Army AR380-19 Step #

Verify data* 4.
OPNAVINST 5239.1A Step #

Verify data* 4.
NSA 130-1 Step #

Verify data* 4.
Peter Gutmann's Algorithm Step #


Peter Gutmann's Algorithm Step #
Overwrite with 0xAAAAAA 6.
Overwrite with 0xBB 21.
Overwrite with 0xCC 22.
Overwrite with 0xDD 23.
Overwrite with 0xEE 24.
Overwrite with 0x6DB6DB 29.
Overwrite with 0xB6DB6D 30.
Overwrite with 0xDB6DB6 31.
Verify data* 36.
Aperiodic random overwrite Step #

Verify data* 2.
RCMP TSSIT OPS-II Step #

Overwrite with the 0x00 byte 1.
Verify data* 8.
Random byte overwrite (3x) Step #

Verify data* 4.

16.2 Firmware and forced standards
Sanitize Cryptographic Erasure Step #
Sanitize CE 1.
Verify data* 2.
Firmware Based Erasure Step #

-For ATA drive: ESE →SE 1.
-For SCSI drive: FU 1.
Verify data* (pattern verification) 2.
Extended Firmware Based Erasure Step #

Overwrite with 0xCB 1.
-For ATA drive: ESE →SE 2.
-For SCSI drive: FU 2.
NIST 800-88 Clear Step #

Remove HPA/DCO (if existing) 1.
-For ATA SSD: SE → Overwrite with 0x00 2.
-For other type of drive: Overwrite with 0x00 2.
-For removable flash-devices: Overwrite with 0x00 and Overwrite with 0xFF 2.
NIST 800-88 Purge Step #

-For ATA SSD: TCG CE -> Sanitize BE -> Sanitize CE 2.
-For ATA HDD: TCG CE -> Sanitize CE -> Sanitize OW -> ESE -> SE 2.
-For SCSI SSD: TCG CE -> Sanitize BE -> Sanitize CE 2.
-For SCSI HDD: TCG CE -> Sanitize CE -> Sanitize OW 2.
-For NVMe: NF (user data erase) -> Sanitize BE -> TCG CE -> NF (CE) -> San-
2.
itize CE -> Sanitize OW
-For eMMC: SA → SE 2.
Verify data* 3.
BSI-2011-VS Step #
BSI algorithm random pattern erasure 1.
100% Verification for presence of BSI random pattern 2.
ESE → SE → Overwrite with 0x00 3.
Verify data 5% (or more) 4.
Reset Master Boot Record 5.
BSI-GS Step #
-For ATA drive: ESE → SE → Overwrite with 0x00 3.
-For SCSI drive: FU → Overwrite with 0x00 3.
BSI-GSE Step #
-For ATA drive: ESE → SE → Overwrite with 0x00 4.
-For SCSI drive: FU → Overwrite with 0x00 4.

TCG Cryptographic Erasure Step #
Write Samples 1.
Verify Samples 2.
TCG CE 3.
Verify data* 4.
16.3 SSD Standards

Blancco SSD Erasure Step #
Proprietary process1 ...
1Contact Blancco for more information

17. Contact Information
Visit the technical knowledgebase (FAQ) and contact Blancco Technical Support by submitting a technical
support ticket at:
https://support.blancco.com/
See the instructional videos for Blancco products at:
https://www.blancco.com/resources/videos/
For contact information and the latest information about secure data erasure solutions, visit the Blancco
website at:
https://www.blancco.com
We are always looking for ways to improve our products. Please let us know if you have any suggestions!

Blancco Drive Eraser Manual en-US

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Blancco Drive Eraser Manual en-US

Uploaded by

Copyright:

Available Formats

Blancco Drive Eraser

User Manual for version 7.3.1

1 Drive Eraser User Manual

1.1 Legal Notice 13

1.2 Copyright and Confidentiality Statement 13

2. Blancco Drive Eraser User Interface 14

2.1 Header area 15

2.2 Process area 15

2.2.1 Basic process 15

2.3 Work area 16

2.4 Popups for special drives 16

2.5 Other Popups 16

3.1 Product name, software version and license control 17

3.2 Image usage 17

3.3 Settings function button 17

3.4 Report Issue function button 24

3.5 Help function button 26

3.6 Shutdown function button 27

4. Process and Work Areas 28

4.2.1 Tab color and overall progress 29

4.2.2 Remaining time and state icon 30

2 Drive Eraser User Manual

4.2.3.2 Locate Drive -button 33

4.2.3.3 Erasure Settings button 34

4.2.3.3.1 Erasure standards 37

4.2.3.5 Drive’s progress bar 40

4.2.3.6 Drive info-icons 41

4.3 Hardware tests –step 44

4.3.1 Tab color and overall progress 44

4.3.2 Work area 44

4.3.2.1 Available tests 45

4.3.2.2 Running tests / Test-button 45

4.4 Custom fields-step 46

4.4.1 Tab color and overall progress 46

4.4.2 Work area 46

4.4.2.1 Custom fields 47

4.5.1 Tab color and overall progress 48

4.5.2 Work area 49

4.5.2.1 Report content 50

4.7 Notification icons 55

4.7.1 Local Time and Current Date 55

3 Drive Eraser User Manual

4.7.3 Small asset report 56

5.1 Generic controls 60

5.1.1 Tab key 60

5.1.2 Arrow keys 60

5.1.3 Space bar 60

5.1.4 Ctrl + Space 61

5.1.5 Ctrl + Enter 61

5.1.6 Escape key 61

5.2 Accessing the Header area 61

5.2.1 F1-F3 function keys 61

5.2.2 F10 function key 61

5.3 Accessing the Process area 61

5.4 Navigation inside the Work area 62

5.4.1.6 Ctrl + Alt + L 62

5.4.1.8 Ctrl + Alt + R 62

5.4.1.9 Ctrl + Alt + E 62

4 Drive Eraser User Manual

5.4.1.11 Ctrl + Alt + U 62

5.4.1.12 Ctrl + Alt + C 63

5.4.2 Hardware tests-step 63

5.4.3 Custom fields-step 63

6.2 Exception notifications 66