How to securely wipe out disk in Linux

Whenever you want to safely dispose or sell your hard drive, you'll need to make sure all the data in the disk is completely deleted. Normal methods of wipe out the data such as by deleting files, disk repartitioning and disk formatting does not really remove the data as there are still ways to recover them.

One way to securely erase all the files and data in the disk is by writing empty or random data to every bit of the disk so that all the existing data is overwritten. This can be done using dd and special files in Linux to produce zero or random characters.

1. Launch terminal.
2. List disks and partitions available in the system.

   $ lsblk
   NAME   MAJ:MIN RM   SIZE RO TYPE MOUNTPOINT
   loop0    7:0    0  55.4M  1 loop /snap/core18/19
   loop1    7:1    0  55.4M  1 loop /snap/core18/19
   loop2    7:2    0    51M  1 loop /snap/snap-stor
   loop3    7:3    0   219M  1 loop /snap/gnome-3-3
   loop4    7:4    0 217.9M  1 loop /snap/gnome-3-3
   loop5    7:5    0  31.1M  1 loop /snap/snapd/104
   loop6    7:6    0  62.1M  1 loop /snap/gtk-commo
   loop7    7:7    0  64.8M  1 loop /snap/gtk-commo
   loop8    7:8    0    51M  1 loop /snap/snap-stor
   loop9    7:9    0  31.1M  1 loop /snap/snapd/107
   sda      8:0    0    20G  0 disk 
   ├─sda1   8:1    0     1M  0 part 
   ├─sda2   8:2    0   513M  0 part /boot/efi
   └─sda3   8:3    0  19.5G  0 part /
   sdb      8:16   0    20G  0 disk 
   └─sdb1   8:17   0    20G  0 part 
   sr0     11:0    1  1024M  0 rom 

3. Make sure the disk or partition (within the disk) that you want to securely delete is not mounted.

   $ sudo umount /dev/sdb1
   [sudo] password for user: 
   umount: /dev/sdb1: not mounted.

   Launch live cd such as from Ubuntu installer if the disk cant be unmounted such as the root filesystem.

4. Zero the disk or partition using dd.

   $ sudo dd if=/dev/zero of=/dev/sdb status=progress
   21471859200 bytes (21 GB, 20 GiB) copied, 269 s, 79.8 MB/s 
   dd: writing to '/dev/sdb': No space left on device
   41943041+0 records in
   41943040+0 records out
   21474836480 bytes (21 GB, 20 GiB) copied, 269.451 s, 79.7 MB/s

   This will take a while as dd will need to write every single bit of data within the disk. Time taken depends on the disk size and disk speed.

   Replace /dev/zero with /dev/random or /dev/urandom to fill the disk with random character instead.

   It is recomended to use /dev/random or /dev/urandom and to repeat this step multiple times (multi-pass) for SSD devices as some built-in function in SSD's controller might still leave some data intact with the common disk-zeroing method.

5. Re-read partition table if you've deleted an entire disk instead of just a partition.

   $ partprobs

6. List disks and partitions again to see.

   $ lsblk
   NAME   MAJ:MIN RM   SIZE RO TYPE MOUNTPOINT
   loop0    7:0    0  55.4M  1 loop /snap/core18/19
   loop1    7:1    0  55.4M  1 loop /snap/core18/19
   loop2    7:2    0    51M  1 loop /snap/snap-stor
   loop3    7:3    0   219M  1 loop /snap/gnome-3-3
   loop4    7:4    0 217.9M  1 loop /snap/gnome-3-3
   loop5    7:5    0  31.1M  1 loop /snap/snapd/104
   loop6    7:6    0  62.1M  1 loop /snap/gtk-commo
   loop7    7:7    0  64.8M  1 loop /snap/gtk-commo
   loop8    7:8    0    51M  1 loop /snap/snap-stor
   loop9    7:9    0  31.1M  1 loop /snap/snapd/107
   sda      8:0    0    20G  0 disk 
   ├─sda1   8:1    0     1M  0 part 
   ├─sda2   8:2    0   513M  0 part /boot/efi
   └─sda3   8:3    0  19.5G  0 part /
   sdb      8:16   0    20G  0 disk 
   sr0     11:0    1  1024M  0 rom

7. Check content of disk from administrative account.

   # timeout 1 head /dev/sdb

   A timeout need to be set to the command since the disk is now empty or else the command will need to scan the whole disk before it quits.