1. Security Guide for Oracle Exadata
  2. Securely Erasing Oracle Exadata
  3. Secure Eraser Syntax

5.6 Secure Eraser Syntax

Secure Eraser securely erases all data on both database servers and storage servers, and resets InfiniBand Network Fabric or RDMA over Converged Ethernet (RoCE) switches, Ethernet switches, and power distribution units back to the factory default.

Syntax

secureeraser options

Command-Line Options for Secure Eraser

  • --all

    Perform the action (--list or --erase) on all devices on the system. Devices include hard drives, flash devices, persistent memory, USB devices, and ILOM.

  • --devices_to_erase

    This option allows you specify individual disks to be erased by providing their serial numbers. Multiple serial numbers can be provided separated with commas. Introduced with Oracle Exadata System Software release 19.1.0.

  • --erase

    Perform a secure erase of data.

  • -–erasure_method_optional

    If a device is not eligible to be erased with the provided erasure method, the erasure method will silently fall back to the default method. Otherwise erasure will fail. This option can be used with all types of disks. Introduced with Oracle Exadata System Software release 19.1.0.

  • --flash

    Erase all flash devices.

  • --flash_erasure_method=FLASH_ERASURE_METHOD

    Force all flash devices to be erased using the specified method. The following values are supported:

    • 3pass (Only on Oracle Exadata X4-8 or earlier systems)

    • 7pass (Only on Oracle Exadata X4-8 or earlier systems)

    • crypto (Only on Oracle Exadata X5-2 or later systems, and requires Oracle Exadata System Software release 19.1.0 or later.)

  • --help, -h

    Show this help message and exit.

  • --hdd

    Erase all hard drives.

  • --hdd_erasure_method=HDD_ERASURE_METHOD

    Force all hard drives to be erased using the specified method. The following values are supported:

    • 3pass

    • 7pass

    • crypto (Only on Oracle Exadata X6-2 or later systems, and requires Oracle Exadata System Software release 19.1.0 or later.)

  • --ilom

    Reset Integrated Lights Out Manager (ILOM) to factory default.

  • --list

    List devices (hard drives, flash devices, persistent memory, USB devices, and ILOM) on the system.

  • --m2

    Erase all M.2 devices.

  • --m2_erasure_method=M2_ERASURE_METHOD

    Force all M.2 devices to be erased using the specified method. The following values are supported:

    • 3pass

    • 7pass

    • crypto (Requires Oracle Exadata System Software release 19.1.0 or later)

  • --output=CERTIFICATE_DIRECTORY, -o

    Specify a full path to the directory for the certificate output location. The default is /var/log/cellos.

  • --pmem

    Erase all persistent memory (PMEM) devices using cryptographic erasure.

  • --quiet, -q

    Quietly skip prompts.

  • --technician=TECHNICIAN_NAME, -t TECHNICIAN_NAME

    Specify the name of the technician performing the erasure. This name will be recorded in the certificate.

  • --usb

    Erase all internal USB devices.

  • --usb_erasure_method=USB_ERASURE_METHOD

    Force all internal USB devices to be erased using the specified method. The following values are supported:

    • 3pass

    • 7pass

  • --witness=WITNESS_NAME, -w WITNESS_NAME

    Specify the name of the person witnessing the erasure. This name will be recorded in the certificate.

Usage Notes

Before you begin, download and install the latest Secure Eraser package available for your system.

To download the Secure Eraser package, examine the Supplemental Readme associated with your current Oracle Exadata System Software version. To find the Supplemental Readme associated with each Oracle Exadata System Software version, see Exadata Database Machine and Exadata Storage Server Supported Versions (My Oracle Support Doc ID 888828.1).

Examples of Secure Eraser Syntax

List all devices (hard drives, flash devices, persistent memory, USB devices, and ILOM) on the system. 

secureeraser --list --all

List all hard drives.

secureeraser --list --hdd

Securely erase all devices, and enter the names of the technician and witness in the certificate.

secureeraser --erase --all --technician="jdoe" --witness="jsmith"

Reset ILOM to factory default. 

secureeraser --erase --ilom

Securely erase all hard drives.

secureeraser --erase --hdd

Securely erase all hard drives, all flash devices, and all internal USB devices. Force "crypto" method on flash devices.

secureeraser --erase --hdd --flash --usb --flash_erasure_method crypto

Parent topic: Securely Erasing Oracle Exadata