Skip to main content

Sanitizing a disk

Disk sanitization enables you to remove data from a disk or set of disks so that the data can never be recovered.

Before you begin

  • The disk must be a spare, and must be owned by a node but not used in an aggregate.

    If the disk is partitioned, neither partition can be used in an aggregate.

  • The disk cannot be a self-encrypting disk (SEDs) or a Federal Information Processing Standard (FIPS) disk.

    You must use the storage encryption disk sanitize command to sanitize an SED or FIPS disk.

    Encryption of data at rest

  • The disk cannot be part of a storage pool.

About this task

When disk sanitization is enabled, it disables some ONTAP commands.
  • dd (to copy blocks of data)
  • dumpblock (to print dumps of disk blocks)
  • setflag wafl_metadata_visible (to allow access to internal WAFL files)

After disk sanitization is enabled on a node, it cannot be disabled.

  1. Enter the nodeshell for the node that owns the disks you want to sanitize: system node run -node node_name
  2. Enable disk sanitization: options licensed_feature.disk_sanitization.enable on
    You are asked to confirm the command because it is irreversible.
  3. If the disks you want to sanitize are partitioned, unpartition each disk:disk unpartition disk_name
  4. Sanitize the specified disks: disk sanitize start [-p pattern1|-r [-p pattern2|-r [-p pattern3|-r]]] [-c cycle_count] disk_list

    Attention
    Do not turn off power to the node, disrupt the storage connectivity, or remove target disks while sanitizing. If sanitizing is interrupted during the formatting phase, the formatting phase must be restarted and allowed to finish before the disks are sanitized and ready to be returned to the spare pool.

    If you need to abort the sanitization process, you can do so by using the disk sanitize abort command. If the specified disks are undergoing the formatting phase of sanitization, the abort does not occur until the phase is complete.

    -p pattern1 -p pattern2 -p pattern3 specifies a cycle of one to three user-defined hex byte overwrite patterns that can be applied in succession to the disks being sanitized. The default pattern is three passes, using 0x55 for the first pass, 0xaa for the second pass, and 0x3c for the third pass.

    -r replaces a patterned overwrite with a random overwrite for any or all of the passes.

    -c cycle_count specifies the number of times that the specified overwrite patterns are applied. The default value is one cycle. The maximum value is seven cycles.

    disk_list specifies a space-separated list of the IDs of the spare disks to be sanitized.

  5. If you want to check the status of the disk sanitization process: disk sanitize status [disk_list]
  6. After the sanitization process is complete, return the disks to spare status by entering the following command for each disk: disk sanitize release disk_name
  7. Exit the nodeshell: exit
  8. Determine whether all of the disks were returned to spare status: storage aggregate show-spare-disks
    If...Then...
    All of the sanitized disks are listed as sparesYou are done. The disks are sanitized and in spare status.
    Some of the sanitized disks are not listed as sparesComplete the following steps:

    1. Enter advanced privilege mode:

      set -privilege advanced
    2. Assign the unassigned sanitized disks to the appropriate node by entering the following command for each disk: storage disk assign -disk disk_name -owner node_name

    3. Return the disks to spare status by entering the following command for each disk:

      storage disk unfail -disk disk_name -s -q

    4. Return to administrative mode:

      set -privilege admin

Result

The specified disks are sanitized and designated as hot spares. The serial numbers of the sanitized disks are written to /etc/log/sanitized_disks.