the purpose of hdparm --security-set-pass when erasing an SSD
 

Hi,

I've got a pretty simple question to which I wasn't able to find an answer on the internet: what is the logic of setting a password in order to securely erase the SSD? The SSD has to be locked with a password in order to for the security erase to work. Does it actually use that password somehow in the erasing alghoritm? Or to put it differently: does it matter how complex the password is if you're going to erase the SSD anyhow?

Thanks!

Not sure why a password is created or is needed to do a secure erase. I do know that if you set a password on the SSD (hardware encryption) and forget it, the drive is toast and there is no way to recover it, at least on the Samsung EVO's, can't speak to other manufacturer's.

So by toast you mean you cannot make use of the SSD anymore (let alone keeping the data).
But when you run secure erase and you type in the existing password (which sometimes can be set in BIOS - see Dell computers), then, after the secure erase is finished, there is not password set anymore. I'm not sure how this changes things. But yes, the question in my first post remains.

Sorry, I have never run secure erase so wasn't quite sure what was happening. On Samsung drives, if you set a password to encrypt the drive and forget it, the drive is toast, no way to recover, even using secure erase. I think I confused the topics, sorry.

The password is required to make secure erase hard to do by accident.

The password does not matter. I set a one letter password. It disappears after the secure erase. :)
Ed

Thanks for the answer. Nobody actually explains that on the internet, they take it as a given, which is slightly frustrating :)

That was part of the purpose of creating a drive volume name back in the MS-DOS days. You were prompted to enter the volume name when running FORMAT to make accidentally running destructive commands like "FORMAT C:" less of a problem. (They never did make a similar move to make the RECOVER command less of a disaster in-waiting, though. I always removed it from hard disks.)

I doubt the present answers.

Securely erasing an SSD by writing multiple passes of zeroes and ones across the entire disk is marginally life-shortening for the SSD. The problem is most easily resolved by simply encrypting the data and directories, a single pass, then deleting the directory. Data is still there but unavailable, which is why the password itself does not matter.

That maybe true but due to wear leveling there is no way to know for the user how many passes it will take to erase the entire drive including spare memory cells. Or determine if or when all memory cells are encrypted. The benefit of using the secure erase function versus writing multiple passes with a SSD is that you reset the device back to its original out of the box state. The security feature and secure erase function is part of the ATA specification and it is up to the manufacture on how to implement it. As posted one way to make sure the end user can not inadvertently send the ATA erase command is to make sure you set the security feature i.e. password.

I don't see how what you said contradicts the present answers.