How secure is Secure Erase (EACAS)?
This week has brought worrying reports that securely erased devices have seemingly ‘recovered’ old images stored on them before their erasure, a bug addressed by the iOS/iPadOS 17.5.1 update. Although this doesn’t appear to affect Macs, it has led some to claim that securely erasing your Mac or device may not remove all old data from it. This article explains why that’s incorrect, and how those reports are false.
Structure of internal storage
Since macOS Catalina, Macs have started up not from a single system volume, but from a group of volumes. This is simpler on the internal storage of an Intel Mac, which now has five volumes, of which the relevant ones are the System and Data volumes.
The internal SSD in an Apple silicon Mac consists of three APFS containers, and lacks the legacy EFI partition. Only the Apple_APFS container is normally mounted, and that has a similar structure to the boot container of an Intel Mac.
Since Big Sur, the System volume remains unmounted, and the boot system is a read-only snapshot stored on that volume. Outside macOS installation and updating, nothing can write to either of those, so the only volume capable of storing user data is the Data volume. If old images were to be stored anywhere, they could only be on the Data volume.
Data volume encryption
Intel Macs without T2 chips only encrypt the Data volume when FileVault is turned on. However, Data volumes on the internal SSD in T2 and Apple silicon Macs are invariably encrypted; the SSD is connected directly to the Secure Enclave, which performs its encryption and decryption using keys generated and stored within it. Keys and processes involved are shown in the diagram below.
All volumes on the internal SSD that are encrypted have a Volume Encryption Key (VEK), protected by two internal keys, one the unique hardware UID from the Secure Enclave, the other from xART and intended to protect from replay attacks. The VEK isn’t exposed outside the Secure Enclave, nor is it handled by CPU cores. When FileVault is enabled, the same encryption is applied to the Data volume, but its VEK is additionally protected by a Key Encryption Key (KEK) requiring entry of the user password for that to be unwrapped, and give access to the VEK.
Data volume encryption is all-or-none, and can’t be partial. It applies to the volume’s file system, its data, metadata, even its snapshots. macOS can’t forget to encrypt some parts of the volume, indeed it’s not possible for any of the Data volume to be stored unencrypted, nor can its contents be ‘cached’ somehow to the System volume, which isn’t even mounted. Decryption can only succeed when the whole VEK is used; you can’t provide part of the VEK or KEK to decrypt part of the volume.
EACAS
Intel Macs with a T2 chip and Apple silicon Macs can take advantage of this scheme of encryption when they need to be securely erased. This is offered by Erase All Content and Settings (EACAS), or Erase Assistant, and Erase Manager. This is initiated from System Settings > General > Transfer or Reset > Erase All Content and Settings…. In older versions of macOS still using System Preferences, open them and this is available as a command in the app menu there.
EACAS handles all the signing out that’s required before disposing of a Mac, and disables Find My Mac and Activation Lock. But most importantly it ensures that no one can access the contents of its Data volume, by destroying the encryption keys (both KEK and VEK) used to encrypt that volume. Without those keys, it’s practically impossible for anyone to break that encryption and recover any of the protected data.
This has the effect of destroying the Data volume, as it can’t be mounted or accessed in any way without being decrypted. When that Mac is started up after EACAS has been used, it has to create a new Data volume using a fresh VEK before that can be mounted and macOS goes through its configuration and personalisation sequence. Once complete, that Mac uses the new Data volume and the storage used by the previous Data volume is freed for reuse.
Potential problems
For the great majority of users, secure erase using EACAS is quick, simple, and completely reliable. Unfortunately, there can’t be an equivalent for older Intel Macs without T2 chips, but many of them don’t have internal SSDs, so can be erased conventionally using Disk Utility. Neither does EACAS work with external storage, as that can’t use hardware encryption and the Secure Enclave, so must also be erased conventionally if required.
If your Mac has more than one boot volume group installed on its internal SSD, you might wonder whether you have to run EACAS from each of those systems in turn. Although Apple’s description isn’t accurate, it appears that running EACAS will destroy all encryption keys for internal storage, including other boot volume groups, even Boot Camp. However, as explained above, it doesn’t erase the System volume, which isn’t encrypted anyway.
Claims
As far as I can tell, claims made about securely erased devices recovering old images originate from a single post on Reddit, since deleted by the person who posted it. Although that brought a series of cogent responses pointing out how that isn’t possible, it was picked up and amplified elsewhere, under the title iOS 17.5 Bug May Also Resurface Deleted Photos on Wiped, Sold Devices, which is manifestly incorrect. Sadly, even those who should know better have piled in and reported that single, retracted claim as established fact.
No doubt that will soon be making its way into AI, where we’ll be told that EACAS isn’t reliable, and we should revert to traditional secure erase tools that attempt to overwrite the entire contents of the internal SSD of a Mac we’re going to dispose of.
Summary
Use Erase Assistant (EACAS) to securely erase your Mac’s internal storage before disposing of it, when it’s available.
When someone makes an outlandish claim, verify before you amplify. If you do get it wrong, retract promptly.