PowerEdge: how to securely erase M.2 SSDs installed on the BOSS adapter.
Summary: Customers trying to securely erase all the data ever written (Cryptographic Erase/Sanitize operations) to M.2 SSDs installed on BOSS adapters without performing "Retire and Repurpose" using LCC, an option is not found at the controller level since the BOSS firmware does not provide it. ...
This article applies to
This article does not apply to
This article is not tied to any specific product.
Not all product versions are identified in this article.
Symptoms
Instructions on how to securely erase all the data that is ever written to the M.2 SSDs installed on the BOSS adapter.
Cause
The BOSS User Guide
https://dl.dell.com/topicspdf/boss-s2_ug_en-us.pdf
States the following: Cryptographic Erase (Sanitize) is only supported if the drive supports it. No other encryption support from controller or drive
Based on the iDRAC User Guide, hard drives on the server are grouped into two categories:
1. Secure erase drives—Includes drives that provide cryptographic erase such as ISE and SED SAS and SATA drives, and PCIe SSDs.
2. Overwrite erase drives—Includes all drives that do not support cryptographic erase.
ISE - Instant Scramble Erase
ISE is a new cryptographic feature for hard drive and SSD that is standard within the next generation of PowerEdge.
ISE is known as instant erase, instant scramble erase, instant secure erase, or crypto erase.
When retiring or repurposing a system or array the Next-Generation PowerEdge servers can help you to permanently erase content (optionally) from hard drive or SSDs.
With ISE, you can use a standard command that triggers the drive to discard its hidden internal media encryption key, to self-generate a new, unrelated key, and then to start using the new key with its internal encryption or decryption engine.
From that point forward the data already on the media is useless ("scrambled").
Even physical locations of reassigned logical blocks are scrambled (in the rare chance that data can be somehow recovered from these "bad" locations).
The drive now uses the new internal media encryption key for its transparent encryption and decryption. Regardless of the drive size, ISE operates consistently to help you repurpose drives quickly.
Cryptographic erasure is a media sanitization technique based on erasing or replacing the Media Encryption Key (MEK) of a Self-Encrypting Drive (SED), including modern SSDs that store data in an encrypted form. While the encrypted data remains on the storage device itself, it is impossible to decrypt, rendering the data unrecoverable.
Resolution
The customer must be made aware of the following details:
- Physical erase deletes only the metadata on the M.2 SSDs. Not the data blocks written to the drives.
- The secure erase option provided in HII, is similar to physical erase. It is NOT the same as cryptographic erase/sanitize.
Dell provides supports for Cryptographic erase/Sanitize only as part of Lifecycle Controller's system wipe or system erase. During system erase operation, iDRAC sends the sanitize command to the M.2 drives connected behind the BOSS adapter.
Note: Crypto erase from
racadm is supported only on the drive which is not part of the RAID volume.
DELL recommends that the customer uses only life cycle controller's System Wipe/System Erase/RACADM tools in-order to SANITIZE the M.2 SSDs.
Affected Products
OEMR R350, OEMR R550, OEMR R6525, OEMR R750, OEMR R750xa, OEMR R750xs, OEMR R7525, OEMR T350, OEMR T550, PowerEdge R350, PowerEdge R550, PowerEdge R6525, PowerEdge R750, PowerEdge R750XA, PowerEdge R750xs, PowerEdge R7515, PowerEdge T350
, PowerEdge T550
...
Article Properties
Article Number: 000206412
Article Type: Solution
Last Modified: 08 Oct 2025
Version: 2
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.