Securely Erasing a Switch Storage Device

The Secure erase feature removes all data from the flash and optional SSD storage device(s) on an Arista switch. It securely erases the storage devices whose partitions mount to /mnt/crash, /mnt/drive, and /mnt/flash (as applicable), then repartitions these storage devices and re-creates the file systems for each of the partitions. In other words, the partition table of each storage device returns to the same partition table before the secure erase procedure and destroys the MBR.Each partition has the same file system type and partition label and mount to the same mount point with the same options. Boot the EOS again by installing a new boot-config file and and EOS SWI, then rebooting using Aboot or fullrecover.

All secure erasing is best effort. Use firmware-based secure erase when available and a software-based mechanism when the firmware mechanism might fail or be insufficient such as writing random data after sending an ATA Secure Erase command or does not exist. Unfortunately, no non-physically destructive mechanism can guarantee the destruction of all data on a storage device.

Note: Certain Arista switches have a dedicated storage device for serial console logging. The console output contains sensitive data, and the switch does not secure erasing this storage device. Locate platform support and usage information regarding serial console here.

Preparing for Secure Erase

Always connect to the switch or supervisor through the serial console before executing the reset system storage secure command. Executing the command leaves the switch in Aboot since the Aboot shell is only available from the serial console. Access a switch through the serial port after executing this command. If a system has two supervisors, standby has the redundancy state of the erased supervisor.

Performing Secure Erase

To securely erase the flash and optional SSD storage device(s) on supported platforms, use the reset system storage secure command.

Examples

  • The following commands check the redundancy status of the supervisor to be erased, then perform a switchover to change its status to standby preparatory to initiating the secure erase:
    switch#show redundancy status
  my state = active
peer state = standby
switch#config
switch(config)#redundancy manual switchover
This supervisor is restarted.
  • The following command securely erases data stored on the switch, excluding dedicated console logging storage:
    switch#reset system storage secure
WARNING! This will destroy all
data and will NOT be recoverable.
Device will reboot into Aboot, and
execution may take up to one hour.
Would you like to proceed? [y/N] y