How to securely wipe out disk in Linux

Data deletion operations such as deleting files and folders, formatting partitions, or partitioning disks generally do not delete the actual data; instead, they delete the pointer to the real data. For example, deleting a partition only removes the partition's entry in the partition table while the actual partition remains intact. It is a cause for concern if you want to clear the data, such as when disposing a disk with sensitive files or when you're selling your hard drive.

One way to securely erase all the files and data in the disk is by writing empty or random data to every bit of the disk so that all the existing data is overwritten. It can be done in Linux using dd by using zero or random characters as input.

1. Launch terminal.
2. List disks and partitions available in the system.

   $ lsblk
   NAME   MAJ:MIN RM   SIZE RO TYPE MOUNTPOINT
   loop0    7:0    0  55.4M  1 loop /snap/core18/19
   loop1    7:1    0  55.4M  1 loop /snap/core18/19
   loop2    7:2    0    51M  1 loop /snap/snap-stor
   loop3    7:3    0   219M  1 loop /snap/gnome-3-3
   loop4    7:4    0 217.9M  1 loop /snap/gnome-3-3
   loop5    7:5    0  31.1M  1 loop /snap/snapd/104
   loop6    7:6    0  62.1M  1 loop /snap/gtk-commo
   loop7    7:7    0  64.8M  1 loop /snap/gtk-commo
   loop8    7:8    0    51M  1 loop /snap/snap-stor
   loop9    7:9    0  31.1M  1 loop /snap/snapd/107
   sda      8:0    0    20G  0 disk 
   ├─sda1   8:1    0     1M  0 part 
   ├─sda2   8:2    0   513M  0 part /boot/efi
   └─sda3   8:3    0  19.5G  0 part /
   sdb      8:16   0    20G  0 disk 
   └─sdb1   8:17   0    20G  0 part 
   sr0     11:0    1  1024M  0 rom 

3. Make sure the disk or partition (within the disk) you want to delete securely is not mounted.

   $ sudo umount /dev/sdb1
   [sudo] password for user: 
   umount: /dev/sdb1: not mounted.

   Launch live cd such as from Ubuntu installer if the disk can't be unmounted such as the root filesystem.

4. Zero the disk or partition using dd.

   $ sudo dd if=/dev/zero of=/dev/sdb status=progress
   21471859200 bytes (21 GB, 20 GiB) copied, 269 s, 79.8 MB/s 
   dd: writing to '/dev/sdb': No space left on device
   41943041+0 records in
   41943040+0 records out
   21474836480 bytes (21 GB, 20 GiB) copied, 269.451 s, 79.7 MB/s

   This will take a while as dd will need to write every single bit of data within the disk. Time taken depends on the disk size and disk speed.

   Replace /dev/zero with /dev/random or /dev/urandom to fill the disk with random character instead.

   It is recomended to use /dev/random or /dev/urandom and to repeat this step multiple times (multi-pass) for SSD devices as some built-in function in SSD's controller might still leave some data intact with the common disk-zeroing method.

5. Re-read partition table if you've deleted an entire disk instead of just a partition.

   $ partprobe

6. List disks and partitions again to see.

   $ lsblk
   NAME   MAJ:MIN RM   SIZE RO TYPE MOUNTPOINT
   loop0    7:0    0  55.4M  1 loop /snap/core18/19
   loop1    7:1    0  55.4M  1 loop /snap/core18/19
   loop2    7:2    0    51M  1 loop /snap/snap-stor
   loop3    7:3    0   219M  1 loop /snap/gnome-3-3
   loop4    7:4    0 217.9M  1 loop /snap/gnome-3-3
   loop5    7:5    0  31.1M  1 loop /snap/snapd/104
   loop6    7:6    0  62.1M  1 loop /snap/gtk-commo
   loop7    7:7    0  64.8M  1 loop /snap/gtk-commo
   loop8    7:8    0    51M  1 loop /snap/snap-stor
   loop9    7:9    0  31.1M  1 loop /snap/snapd/107
   sda      8:0    0    20G  0 disk 
   ├─sda1   8:1    0     1M  0 part 
   ├─sda2   8:2    0   513M  0 part /boot/efi
   └─sda3   8:3    0  19.5G  0 part /
   sdb      8:16   0    20G  0 disk 
   sr0     11:0    1  1024M  0 rom

7. Check the content of the disk from an administrative account.

   # timeout 1 head /dev/sdb

   A timeout needs to be set to the command since the disk is now empty, or else the command will need to scan the whole disk before it quits.