I have to give my computer back to my boss. I want to delete all the data from my SSD. I found "ThinkShield secure wipe" which is implemented in the BIOS apparently.
It gives me two options: ATA Secure Erase method or ATA Cryptographic Key Reset
Which one should I use? Will it delete all my data and make it unavailable so nobody can recover history and datas who were on my computer? I read in this documentation that ATA Cryptographic Key Reset "simply" changes the key but doesn't remove the content of my SSD? I feel like it doesn't make my data unavailable then because it still exists? Also, I have a Thinkpad490 and this documentation says it's for "P-series Workstations" so it doesn't talk about my computer but I have the exact same "ThinkShield secure wipe" took in my BIOS.
Finally, will my computer still be functional? "After the Resetting the Cryptographic Key of FDE is done, you cannot boot your computer from the HDD nor read data in the HDD. The HDD itself makes a cryptographic key and manages it, but the ThinkPad computer does not store any cryptographic key information. Once a new cryptographic key is defined by doing the Resetting the Cryptographic Key, as there is no way to restore the previous key, recovery of the HDD data is impossible."
Thank you for your help.
They'll both erase all your data.
Which one should I use?
Resetting the key is faster, but you have to trust that the drive is able to generate truly random keys. Using standard ATA Secure Erase is slower, although it is actually often implemented using SED, which is similar (they both involve wiping a key). Either way, your data will be unrecoverable.
I feel like it doesn't make my data unavailable then because it still exists
It may exist in the theoretical sense but it cannot be recovered. If the key that was generated is random and unpredictable and is successfully erased, then the rest of your data will be rendered unrecoverable. Destroying a cryptographic key is just as effective as destroying the data itself.
Finally, will my computer still be functional?
Your drive will no longer have an operating system on it. The computer will still work, but you'll need to install a new operating system if you want to do anything other than play in the BIOS menu.
External links referenced by this document: