When you sell or donate a Mac or give it to a family member, it’s best to make a clean break: wipe the puppy clean, reinstall the latest version of OS X, and hand off a system that you’re not worried has remnants of yourself on it.
But how can you be sure? Readers have written in with several related questions, so let’s talk this week about erasing a drive, how FileVault 2 encryption can play into it, and out-of-date Recovery Drive partitions.
Erase and leave no trace
Reader Jim Kay, who asked about migrating from one Mac to another a couple of weeks ago, had a second question as well that opens a delightful can of worms:
Since I’m looking to resell my current Mac, how do I reinstall OS X, so as to wipe my hard drive and resell knowing the new buyer has a cleaned-up computer, and my files are nowhere to be found on it?
Wiping or erasing a drive has a surprising number of definitions. In the olden days, in the long ago, we ran utility software that often came from third parties, which would simply delete the catalog and related records. Such an erase was, in practice, the best way to create a clean installation. But it doesn’t make all the files on the disk unrecoverable—it just makes them harder to retrieve.
To get rid of old data in a thorough fashion, you need use a multi-pass approach, in which every bit of storage in the disk is overwritten with new data (often zeroes). That’s been built into Apple’s Disk Utility for years. When you select a volume in Disk Utility and then the Erase tab, you can click Security Options to pick how many times the drive is overwritten: once, three times, or seven times. Once is considered enough for regular purposes, while three and seven correspond to different U.S. government security guidelines.
Before Lion, you had to boot from a CD or DVD system disk or a third-party utility, like Disk Warrior, or from an external drive with OS X installed. Then you’d run Disk Utility to erase your startup drive. But this has become easier since OS X Recovery was added in Lion. Restart a Mac and hold down Command-R after the startup chime sounds, and the computer boots into the recovery mode. Select Disk Utility from the startup menu, and you can erase your startup drive securely.
There’s a slightly different way to accomplish the same goal. First, erase a drive without the overwriting part, and reinstall OS X. After you boot, launch Disk Utility, select the startup volume, and click the Erase tab. Now use the Erase Free Space option, which also offers 1, 3, and 7 passes of erase, and only empties out unused parts of the disk. The advantage is that your computer remains available (though often slow) while this operation is underway.
Along with both Secure Erase and the Erase Free Space options, which can take a very, very long time even for a single pass, you’ve got two other options, one of which you don’t need to enable.
Even better with SSD and FileVault 2
If your Mac has an Apple-installed or third-party SSD, you can’t use Secure Erase, nor do you necessarily need it, as Apple explains in a support document (see the note at the end). SSD data can’t be trivially recovered because of how SSDs optimize storage to reduce wear and tear.
This is by no means foolproof, and one should assume that there are forensic tools available that can reconstruct erased SSDs—some are for sale, but I haven’t tested their claims. Apple doesn’t provide in-depth details on why it made its statement about SSDs as it does for some security claims, and thus it’s impossible to confirm.
However, there’s a simple way with both SSD and regular hard drives to perform a fantastically quick and reliable erasure: using FileVault 2. FileVault 2, the full-disk encryption (FDE) option that first appeared in OS X 10.7, keeps your startup drive encrypted at all times. Whenever you boot your Mac and log in to one of the accounts that’s authorized to boot with FileVault 2, OS X encrypts everything written to disk and decrypts everything read on the fly.
With a FileVault-encrypted startup disk, you can restart into OS X Recovery and launch Disk Utility to erase the volume. However, before erasing, you need to select the disk and then choose File > Unlock “volume name”. Enter the password for any FileVault-enabled user account, and the disk is unlocked and can be erased.
Erasing a FileVault-encrypted volume discards the key that’s associated with it, turning a disk into a nearly perfect cacophony of irrecoverable randomness. Without the key, which is uncrackable in any realistic period of time by any current technology, the erased data is as good as gone as if it had been written over millions of times.
You can then install OS X on that partition, either from the recovery system or via an external drive.
A few other recovery and FileVault issues
Reader Peter wondered how FileVault figures in to cloning a disk. Because FileVault encrypts an entire drive and only decrypts files when you’re logged in, it has no effect on how or whether you make a clone, use Migration Assistant, or copy files.
However, if you’re planning on using FileVault on the new computer, I would heavily suggest enabling FileVault on the new machine before moving any files to it. This will speed up the operation by encrypting the new computer’s fewer files first. When FileVault has finished and your new Mac has rebooted and you’ve logged in, then start the migration process, and all new files are encrypted on the fly.
Andrew Robertson writes that when he upgraded to Yosemite, his recovery drive remained out of date with 10.9 Mavericks. Then, when trying to set up FileVault and enable iCloud-based recovery of his key, he doesn’t see an option to do so when booting into OS X Recovery.
Fortunately, there are answers for both:
You can reinstall 10.10 on the startup disk without damaging the rest of your setup, though make a backup first. This should upgrade the recovery partition. (Carbon Copy Cloner can clone a recovery partition from one drive to another, but it can’t create one from an installer or from scratch.)
The reset password option isn’t available with FileVault 2, but you can store a copy of your recovery key with Apple. To recover a key, first start up OS X normally, and enter the wrong password three times. (This is also how to use iCloud password recovery on non-FileVault systems.) You’re then presented with the option to contact Apple, which requires speaking to a representative, and answering multiple questions exactly as you entered them when setting up the recovery option. If correct, Apple’s customer service gains access to the stored key, which they provide to you.
Ask Mac 911
We’re always looking for problems to solve! Email us at email@example.com, tweet them at me (if brief) @glennf, or call 206-337-5833 and leave a voicemail message. (We’ll be experimenting with some audio in the future, and may put your question “on the air.”)
Mac 911 can’t provide direct email responses or answers for every question. For that, turn to AppleCare, an Apple Store Genius Bar, or the Apple Support Communities.