Switch Storage Device Secure Erase

The Secure erase removes all data from the flash and optional SSD storage device(s) within an Arista switch. It securely erases the storage devices whose partitions mount to /mnt/crash, /mnt/drive, and /mnt/flash (as applicable), then repartitions these storage devices and re-creates the file systems for each of their partitions. In other words, the partition table of each storage device is the same as before this secure erase procedure (MBR gets destroyed during a secure erase); each partition will have the same file system type and partition label and mount to the same mount point with the same options. It makes it possible to boot the EOS again by installing a new boot-config and EOS SWI, then rebooting (done using Aboot/fullrecover).

All secure erasing is the best effort; we use firmware-based secure erase when available and a software-based mechanism when the firmware mechanism might fail or be insufficient (e.g., writing random data even after sending an ATA Secure Erase command) or does not exist (e.g., eUSB). Unfortunately, no non-physically destructive mechanism can guarantee the destruction of all data on a storage device.

Note: Certain Arista switches have a dedicated storage device for serial console logging. The console output is sensitive data, and we do not secure erasing this storage device. Platform support and usage information regarding serial console logging is here: https://www.arista.com/en/support/toi/eos-4-21-0f/14038-reload-console-logs.

Preparing for Secure Erase

Always connect to the switch/supervisor via the serial console before executing the CLI command. Executing the CLI command will leave the switch in Aboot since the Aboot shell is only available from the serial console, a switch will only be accessible via its serial port after executing this command.

If a system has two supervisors, standby has the redundancy state of the erased supervisor.

Performing Secure Erase

To securely erase the flash and optional SSD storage device(s) on supported platforms, use the reset system storage secure command.

Examples

  • The following commands check the redundancy status of the supervisor to be erased, then perform a switchover to change its status to standby preparatory to initiating the secure erase:
    switch#show redundancy status
  my state = active
peer state = standby
switch#config
switch(config)#redundancy manual switchover
This supervisor is restarted.
  • The following command securely erases data stored on the switch, excluding dedicated console logging storage:
    switch#reset system storage secure
WARNING! This will destroy all
data and will NOT be recoverable.
Device will reboot into Aboot, and
execution may take up to one hour.
Would you like to proceed? [y/N] y