Securely Erasing a Switch Storage Device

The Secure Erase feature completely wipes all data from the flash and optional SSD storage devices. It targets partitions mounted at /mnt/crash, /mnt/flash, and /mnt/drive (if present), securely erasing them. After erasing the data, it restores the original partition structure, destroys the Master Boot Record (MBR), and recreates the file systems, labels, and mount points with the same options. The EOS.swi and the boot-config files must be manually reinstalled afterwards, followed by a reboot using Aboot or the full recovery process.

All secure erasing is best effort. Use firmware-based secure erase when available and a software-based mechanism when the firmware mechanism might fail or be insufficient such as writing random data after sending an ATA Secure Erase command or does not exist. Unfortunately, no non-physically destructive mechanism can guarantee the destruction of all data on a storage device.

Note: Certain Arista switches have a dedicated storage device for serial console logging. The console output contains sensitive data, and the switch does not secure erasing this storage device. Locate platform support and usage information regarding serial console here.

Preparing for Secure Erase

Always connect to the switch or supervisor through the serial console before executing the reset system storage secure command. This command leaves the switch in Aboot mode, which is only accessible via the serial console. If the system has dual supervisors, Secure Erase can only be run on the standby supervisor or when redundancy is disabled (Simplex redundancy) or the command will fail. After execution, access the switch through the serial console to complete the recovery process.

Performing Secure Erase

To securely erase the flash and optional SSD storage device(s) on supported platforms, use the reset system storage secure command.

Examples

  • The following commands check the redundancy status of the supervisor to be erased, then perform a switchover to change its status to standby preparatory to initiating the secure erase:
    switch# show redundancy status
  my state = ACTIVE
peer state = STANDBY WARM
      Unit = Primary
   Unit ID = 1

Redundancy Protocol (Operational) = Route Processor Redundancy
Redundancy Protocol (Configured) = Route Processor Redundancy
Communications = Up
Ready for switchover

Last operational redundancy mode change time = 2:17:51 ago
Last operational redundancy mode change reason = Supervisor has control of the active supervisor lock
Last peer switchover time = never
Last peer switchover cause = None
switch#

switch# redundancy manual switchover
This supervisor will be restarted.
  • Example of error output when attempting to use Secure Erase in the active supervisor with redundancy enabled.
    switch# reset system storage secure  
! ERROR! Cannot reset system storage  
on the active supervisor while another  
supervisor is on standby.
  • The following command securely erases data stored on the switch, excluding dedicated console logging storage. The Secure Erase process does not restore or reinstall the EOS, that is, it doesn't copy the EOS.swi and boot-config files.
    switch#reset system storage secure
WARNING! This will destroy all
data and will NOT be recoverable.
Device will reboot into Aboot, and
execution may take up to one hour.
Would you like to proceed? [y/N] y

Aboot# pwd  
/mnt/flash  
Aboot# ls -l  
drwxrwxr-x    3 root     eosadmin      4096 Jul 21 10:23 aboot  
drwxrwx---    2 root     eosadmin     16384 Jul 21 10:21 lost+found  
drwxr-xr-x    2 root     root          4096 Jul 21 10:01 secure_erase_log  
drwxr-xr-x    2 root     eosadmin      4096 Jul 21 10:23 tpm-data