Switch Storage Device Secure Erase

Secure erase is used when all data must be securely removed from the flash and optional SSD storage device(s) within an Arista switch. It securely erases the storage devices whose partitions mount to /mnt/crash, /mnt/drive, and /mnt/flash (as applicable), then repartitions these storage devices and re-creates the file systems for each of their partitions. In other words, the partition table of each storage device is the exact same as before this secure erase procedure (MBR gets destroyed during a secure erase); each partition will have the same file system type and partition label, and be mounted to the same mount point with the same options. This makes it possible to boot the EOS again by installing a new boot-config and EOS SWI, then rebooting (which can be done using Aboot/fullrecover).

All secure erasing is best effort; we use firmware-based secure erase when available, and a software-based mechanism when the firmware mechanism might fail or be insufficient (e.g., writing random data even after sending an ATA Secure Erase command) or does not exist (e.g., eUSB). Unfortunately, no non-physically destructive mechanism can completely guarantee the destruction of all data on a storage device.

Note: Certain Arista switches have a dedicated storage device for serial console logging. While we do consider console output to be sensitive data, we do not secure erase this storage device. Platform support and usage information regarding serial console logging can be found here: https://www.arista.com/en/support/toi/eos-4-21-0f/14038-reload-console-logs.

Preparing for Secure Erase

Always connect to the switch/supervisor via serial console prior to executing the CLI command described below. Executing the CLI command will leave the switch in Aboot; since the Aboot shell is only available from the serial console, a switch will only be accessible via its serial port after executing this command.

If a system has two supervisors, the redundancy state of the supervisor to be secure erased should be standby.

Performing Secure Erase

To securely erase the flash and optional SSD storage device(s) on supported platforms, use the reset system storage secure command.

Examples

The following commands check the redundancy status of the supervisor to be erased, then perform a switchover to change its status tostandby preparatory to initiating the secure erase:
switch#show redundancy status
  my state = active
peer state = standby
switch#config
switch(config)#redundancy manual switchover
This supervisor will be restarted.
The following command securely erases data stored on the switch, excluding dedicated console-logging storage:
switch#reset system storage secure
WARNING! This will destroy all
data and will NOT be recoverable.
Device will reboot into Aboot, and
execution may take up to one hour.
Would you like to proceed? [y/N]y