Hello, I'm Maneshwar. I'm working on FreeDevTools online currently building *one place for all dev tools, cheat codes, and TLDRs* — a free, open-source hub where developers can quickly find and use tools without any hassle of searching all over the internet.
When you delete a file in Linux, you might think it’s gone — but that’s not always true.
Depending on your storage device (HDD or SSD) and the tool you use, your data might still be recoverable.
This guide explains the differences between rm, shred, blkdiscard, and hdparm --security-erase, how they actually work, and which one is right for your setup.
1. rm — Removes File References, Not Data
rm is the most common command used to delete files in Linux. It works instantly but doesn’t securely erase the file.
How it works:
- It removes the file’s entry from the filesystem table.
- The actual file data remains on disk until new data overwrites those blocks.
Example:
rm secret.txt
Where it works:
On all filesystems and devices.
Problem:
The data can still be recovered with forensic tools like photorec or testdisk.
Summary:
| Feature | Value |
|---|---|
| Security | ❌ Not secure |
| Works on SSD | ✅ Yes |
| Works on HDD | ✅ Yes |
| Speed | ⚡ Very fast |
| Use Case | Regular, non-sensitive deletions |
2. shred — Overwrites File Data Before Deletion
shred is designed for secure deletion on traditional hard drives (HDDs) by overwriting data multiple times with random patterns.
How it works:
- Overwrites the file content several times with random data.
- Optionally removes the file afterward.
Example:
shred -u -z -n 3 secret.txt
Options:
-
-u→ Remove file after overwriting -
-z→ Add a final overwrite with zeros -
-n 3→ Overwrite 3 times
Where it works:
✅ Effective on HDDs
⚠️ Ineffective on SSDs (explained below)
Why it fails on SSDs:
SSDs use wear leveling — they never overwrite the same physical block. Each write goes to a new memory cell, leaving the old data intact. So even after multiple overwrites, the original data may still exist somewhere on the drive.
Summary:
| Feature | Value |
|---|---|
| Security | ✅ On HDDs / ❌ On SSDs |
| Works on SSD | ⚠️ Ineffective |
| Works on HDD | ✅ Yes |
| Speed | 🐢 Slow |
| Use Case | Secure deletion of files on HDDs |
3. blkdiscard — Fast Erasure for SSDs
blkdiscard is a modern command that works well for solid-state drives (SSDs). Instead of overwriting data, it uses the TRIM mechanism to mark all blocks as unused.
How it works:
- Sends TRIM commands to the SSD.
- The drive’s firmware marks those blocks as free.
- Physically erasing might happen later or immediately (depending on firmware).
Example:
sudo blkdiscard /dev/sdX
Secure option:
sudo blkdiscard -s /dev/sdX
(-s = secure discard, erases all block copies if the SSD supports it)
Why it’s better for SSDs:
- Uses internal SSD commands.
- Doesn’t cause unnecessary wear.
- Extremely fast.
Limitation:
Not guaranteed to be 100% secure (firmware may delay erasure), but practically sufficient for normal users.
Summary:
| Feature | Value |
|---|---|
| Security | ⚠️ Medium (depends on firmware) |
| Works on SSD | ✅ Best choice |
| Works on HDD | ❌ No effect |
| Speed | ⚡⚡ Very fast |
| Use Case | Wiping an SSD before reinstalling or selling |
4. hdparm --security-erase — The Proper “Secure Erase” for SSDs
hdparm communicates directly with the SSD controller using the ATA Secure Erase command. This is the most reliable and fastest way to securely wipe an entire SSD.
How it works:
- The drive invalidates its internal encryption key, instantly making all stored data unreadable.
- On drives without encryption, it performs a low-level erase managed by the controller itself.
Example Procedure:
- Check if secure erase is supported:
sudo hdparm -I /dev/sdX | grep erase
- Set a temporary password:
sudo hdparm --user-master u --security-set-pass p /dev/sdX
- Execute secure erase:
sudo hdparm --user-master u --security-erase p /dev/sdX
What happens:
- The SSD forgets its old encryption key.
- All existing data becomes instantly unreadable.
- No physical wear occurs (it’s just key rotation).
Where it works:
✅ SSDs supporting ATA Secure Erase
⚠️ Not available on all external or NVMe drives (NVMe uses a different command set)
Summary:
| Feature | Value |
|---|---|
| Security | ✅✅ Most secure |
| Works on SSD | ✅ Best method |
| Works on HDD | ✅ Yes |
| Speed | ⚡⚡ Extremely fast |
| Use Case | Securely wiping the entire SSD before selling or disposal |
5. Full-Disk Encryption: The Smart Preventive Solution
Instead of worrying about erasure later, the best long-term protection is full-disk encryption.
When the whole disk is encrypted (e.g., LUKS, BitLocker, FileVault), deleting files or even the encryption key renders the data useless. Secure erase becomes as simple as deleting one key.
Recommended tools:
- Linux:
LUKSviacryptsetup - Windows:
BitLocker - macOS:
FileVault
Example (LUKS):
sudo cryptsetup luksFormat /dev/sdX
6. Choosing the Right Tool
| Use Case | Best Tool | Why |
|---|---|---|
| Delete normal files | rm |
Fast, good enough for everyday use |
| Securely delete a file on HDD | shred |
Overwrites physical sectors |
| Wipe entire SSD quickly | blkdiscard |
Uses TRIM, minimal wear |
| Securely erase SSD before resale | hdparm --security-erase |
Firmware-level wipe, instant |
| Long-term data protection | Full-disk encryption | Makes erasure trivial later |
7. Final Notes
-
Never use
shredon SSDs. It doesn’t work properly and reduces drive lifespan. -
Always back up important data before using
blkdiscardorhdparm. Both will erase everything permanently. - For NVMe SSDs, use:
sudo nvme format /dev/nvme0n1 --ses=1
(This is the NVMe equivalent of ATA Secure Erase.)
Summary at a Glance
| Command | Type | Works on | Secure? | Speed | Notes |
|---|---|---|---|---|---|
rm |
File delete | HDD / SSD | ❌ | ⚡ | Removes references only |
shred |
File overwrite | HDD | ✅ | 🐢 | Ineffective on SSDs |
blkdiscard |
TRIM discard | SSD | ⚠️ | ⚡⚡ | Great for full-drive wipe |
hdparm --security-erase |
ATA firmware erase | SSD / HDD | ✅✅ | ⚡⚡ | Most secure method |
cryptsetup |
Full disk encryption | SSD / HDD | ✅✅✅ | ⚡ | Preventive solution |
In short:
- Use
rmfor normal cleanup. - Use
shredonly for HDDs. - Use
blkdiscardorhdparmfor SSDs. - Use full-disk encryption if you care about privacy long term.
I’ve been building for FreeDevTools.
A collection of UI/UX-focused tools crafted to simplify workflows, save time, and reduce friction in searching tools/materials.
Any feedback or contributors are welcome!
It’s online, open-source, and ready for anyone to use.
👉 Check it out: FreeDevTools
⭐ Star it on GitHub: freedevtools
Top comments (0)