Blancco Drive Eraser

User Manual for version 7.16.0

2025-06-23

1
 Table of Contents

1. General information 12

1.1 Legal Notice 14

1.2 Copyright and Confidentiality Statement 14

2. Blancco Drive Eraser User Interface 15

2.1 Header area (1.) 16

2.2 Process area (2.) 16

2.2.1 Basic process 16

2.2.2 Multitasking 17

2.3 Work area (3.) 17

2.4 Popups for special drives 17

2.5 Storage controller mode switching 17

2.6 Other Popups 17

3. Header Area 18

3.1 Product name, software version and license control 18

3.2 Image usage 18

3.3 Settings function button 18

3.3.1 General settings 18

3.3.2 Communication 20

3.3.3 Operation 21

3.3.4 Networking 22

3.3.5 Network Security 23

3.4 Report Issue function button 25

3.5 Help function button 27

3.6 Shutdown function button 28

4. Process and Work Areas 29

4.1 Processes 29

4.1.1 Manual 29

2
 4.1.2 Semi-automatic 29

4.1.3 Automatic 30

4.1.4 Workflow 30

4.2 Erasure-step 30

4.2.1 Tab color and overall progress 30

4.2.2 Remaining time and state icon 31

4.2.3 Work area 31

4.2.3.1 Erase-button 34

4.2.3.2 Locate Drive -button 35

4.2.3.3 Erasure Settings button 35

4.2.3.3.1 Erasure standards 38

4.2.3.3.2 Verification 39

4.2.3.4 Hexviewer-button 39

4.2.3.5 Drive’s progress bar 41

4.2.3.6 Drive info icons 42

4.3 Hardware tests –step 46

4.3.1 Tab color and overall progress 46

4.3.2 Work area 46

4.3.2.1 Available tests 47

4.3.2.2 Running tests / Test-button 47

4.4 Custom fields-step 48

4.4.1 Tab color and overall progress 48

4.4.2 Work area 48

4.4.2.1 Custom fields 49

4.4.2.2 Update-button 50

4.5 Report-step 50

4.5.1 Tab color and overall progress 50

4.5.2 Work area 51

3
 4.5.2.1 Report content 52

4.5.2.2 Save-button 53

4.5.2.3 Send-button 56

4.6 Restart/Shutdown-step 57

4.7 Notification icons 57

4.7.1 Local Time and Current Date 57

4.7.2 Battery charge 58

4.7.3 Small asset report 59

4.7.4 Network 59

4.7.5 Remote Control 61

4.7.6 Network share 61

4.7.7 BMPOP/BMC 61

4.7.8 Licenses 62

4.7.9 Software Update 63

4.7.10 DHCP Server 64

4.7.11 NVMe-oF 65

5. Keyboard Controls 66

5.1 Generic controls 66

5.1.1 Tab key 66

5.1.2 Arrow keys 66

5.1.3 Space bar 66

5.1.4 Ctrl + Space 67

5.1.5 Ctrl + Enter 67

5.1.6 Shift + Space 67

5.1.6.1 Alt+Shift 67

5.1.7 Escape key 67

5.2 Accessing the Header area 67

5.2.1 F1-F3 function keys 67

4
 5.2.2 F6-F9 function keys 67

5.2.3 F10 function key 68

5.3 Accessing the Process area 68

5.4 Navigation inside the Work area 68

5.4.1 Erasure-step 68

5.4.1.1 Ctrl + R 68

5.4.1.2 Ctrl + P 68

5.4.1.3 Ctrl + J 68

5.4.1.4 Ctrl + M 69

5.4.1.5 Ctrl + N 69

5.4.1.6 Ctrl + F 69

5.4.1.7 Ctrl + A 69

5.4.1.8 Ctrl + L 69

5.4.1.9 Ctrl + Alt + L 69

5.4.1.10 Ctrl + H 69

5.4.1.11 Ctrl + Alt + R 69

5.4.1.12 Ctrl + Alt + E 69

5.4.1.13 Ctrl + Alt + P 69

5.4.1.14 Ctrl + Alt + U 69

5.4.1.15 Ctrl + Alt + C 69

5.4.1.16 Ctrl + G 69

5.4.1.17 Ctrl + E 69

5.4.1.18 Ctrl + Alt + S 70

5.4.1.19 Alt + M 70

5.4.2 Hardware tests-step 70

5.4.2.1 Ctrl + T 70

5.4.2.2 Ctrl + A 70

5.4.3 Custom fields-step 70

5
 5.4.3.1 Ctrl + D 70

5.4.4 Report-step 70

5.4.4.1 Ctrl+S 70

5.4.4.2 Ctrl+N 70

5.4.4.3 Ctrl + M 70

5.4.5 Software Updates 71

5.4.5.1 Ctrl + U 71

6. Screensaver 72

6.1 Presentation 72

6.2 Exception notifications 74

6.3 Temperature Warning 75

6.4 Remote erasure 75

6.5 Screensaver lock 77

7. Blancco Drive Security Features 79

7.1 Booting Options 79

7.1.1 Description 79

7.1.2 When to use the booting options? 79

7.2 Automatic Restart/Shutdown 80

7.3 Crash reporter 80

7.4 Automatic report backup 81

7.5 Detecting HDDs 82

7.6 Show/Hide Storage Area Network (SAN) endpoint devices 82

7.7 Read/write error handling 82

7.8 Remapped sectors 83

7.9 Hidden areas in a drive 84

7.9.1 Shadow MBR 85

7.10 Resume Erasure 86

7.11 Erasure Standard Switch for SSDs 86

6
 7.12 Erasing and preserving drive partitions 86

7.13 Erasure verification 88

7.13.1 Traditional verification 88

7.13.2 Alternative/Fallback verification 88

7.14 Freeze lock 88

7.15 Persistent Software Detection 89

7.16 Hot swap capability 89

7.17 Erasure status and exceptions 91

7.18 CD-eject 92

7.19 Digital Fingerprint 92

7.20 Bootable Asset Report 93

7.21 Dismantling RAID configurations 93

7.21.1 Erasing RAID controllers with multiple modes 94

7.22 Remote erasure control and monitoring 94

7.22.1 Monitoring the erasure process through Blancco Management Portal On-Premise 94

7.22.2 Controlling the erasure process through Blancco Management Portal On-Premise 95

7.23 Sanitize Cryptographic Erasure Standard 95

7.24 Support for TCG Security Features 96

7.24.1 Process TCG Opal and Enterprise (PSID) 96

7.25 TPM Device Detection and Reporting 98

7.26 Trusted Platform Module (TPM) 98

7.27 Fallback for NIST Erasure Standards 98

7.28 Block SID Authentication 99

7.28.1 Turning off the Block SID Authentication 99

7.28.2 Re-enabling the Block SID Authentication feature. 100

7.28.3 XML report 100

7.29 Drive self-tests 100

7.30 Drive Life Estimation 101

7
 8. Hardware Which Requires Special Handling 102

8.1 Unsupported processors 102

8.2 SSDs 102

8.2.1 eMMCs 102

8.2.2 Hybrid Drives 103

8.3 NVMe Drives 104

8.3.1 Multiple Namespaces and Unallocated Space 104

8.3.2 FC-NVMe / NVMe-oF 106

8.3.3 Port Mapping 107

8.3.3.1 Port Mapping Example 107

8.3.3.2 Port Alias 108

8.3.3.3 Custom Drive Order 109

8.3.3.4 Hybrid Appliances 109

8.4 RAID-controllers connected to SAS/SATA drives 110

8.5 NVDIMM 110

8.6 Password locked drives 111

8.7 Removable flash devices 111

8.8 Chromebooks 111

8.9 Apple T2 Machines 112

8.10 Microsoft Surface Pro 4 112

9. Hardware Tests 113

9.1 Battery Capacity 113

9.2 Battery Discharge 114

9.3 BIOS logo 115

9.4 CPU Basic 117

9.5 CPU Stress 117

9.6 Display 117

9.7 Keyboard 119

8
 9.8 Memory 123

9.9 Microphone 123

9.10 Motherboard 124

9.11 Network 125

9.12 Optical devices 125

9.13 PC speaker 126

9.14 Pointing devices / Touchpad 127

9.15 SIM card presence 129

9.16 Speaker 130

9.17 Touchscreen 131

9.18 USB ports 132

9.19 Webcam 134

9.20 Wi-Fi adapters 136

10. Report Per Connected Device 138

10.1 Erasure-step 139

10.1.1 Report (Ctrl + Alt + R) 139

10.1.2 Custom fields - Per Drive (Ctrl + Alt + E) 139

10.2 Report & Per Drive Custom fields Status-icons 140

10.3 Custom fields-step 141

10.4 Report Viewer 141

11. Permanent Installation 144

11.1 Prerequisites 144

11.2 Installation Process 144

12. Processing Chromebooks with Drive Eraser 146

12.1 Supported Chromebooks 146

12.2 Minimum requirements 146

12.3 Prepare Blancco Drive Eraser 146

12.4 Preparing a Chromebook 147

9
 12.4.1 Enable the Recovery and Developer Mode 147

12.4.1.1 Regular Chromebooks 147

12.4.1.2 Keyboardless Chromebooks 148

12.5 Process a Chromebook 148

12.6 Chromebook Hardware tests 150

12.7 Process outcome 151

12.8 Troubleshooting 151

12.8.1 Required files not found 151

12.8.2 Device stays in Developer-mode after erasure 152

12.8.3 Limitations of HPE SR932i-p Gen 11 Tri-Mode controller 152

13. Workflow Process 153

13.1 Requirements 153

13.2 Create/Edit Workflow 153

13.3 Workflow Editor 154

13.4 List of Available Activities 155

13.4.1 Server Message Examples 164

13.4.2 Variables 164

13.4.3 Supported Condition Expressions 166

13.5 Drive-level & Computer-level Workflow-mode 169

13.6 Running a Workflow 170

13.7 Example Workflow 171

13.8 Using “REPORTPATH” Attribute and Examples 171

13.8.1 XmlPath Examples 172

13.8.2 Filters in XmlPath: 172

13.8.3 Using Index to address XML report array elements in REPORTPATH 172

13.8.4 Drive specific paths 173

13.8.5 Usage examples 173

13.8.6 Limitations 174

10
 13.9 Error Messages 174

14. Troubleshooting 177

14.1 Information on data recovery tools 177

15. Appendix 1: SSD Supplement 178

15.1 Guidelines for Using SSD Erasure Method 178

15.2 Erasure Result 178

15.2.1 Status 178

15.2.2 Failure Logic 179

15.3 Handling Information 179

15.3.1 Erasure Method 179

15.3.2 Inoperable Drives 179

15.3.3 Failed Erasures 180

15.3.3.1 Verification Issues 180

15.3.3.2 Firmware Upgrading 180

16. Appendix 2: Compliance with Updated NIST Guidelines 181

16.1 Solid State Drives (SSDs) 181

16.2 HDDs 181

16.3 NIST verification 182

16.4 Blancco SSD Erasure compliance with NIST 182

17. Appendix 3: Execution steps of the erasure standards 184

17.1 Magnetic standards 184

17.2 Firmware and forced standards 187

17.3 SSD Standards 188

18. Contact Information 189

11
 1. General information
This manual is written for the Drive Eraser family for x86 based computer architectures.
PLEASE CAREFULLY READ THE NEXT PARAGRAPH BEFORE YOU START USING THE
PROGRAM
Thank you for choosing Blancco for your data erasure needs. Before you start using the Blancco Erasure
software make sure that all files, folders, software applications or any other information that you want to
save for later use are backed up on an appropriate media device other than the original data storage device
(HDD, SSD). If you are not sure whether to erase the information on the drive, please contact your system
operator, information management or a corresponding party, which maintains the computers in your
organization. For future use of the erased computer, an operating system must be installed. Data that has
been erased from a data storage device with this program cannot be recovered by any existing method.
Minimum System Requirements

l 64-bit, x86 architecture machine / ARM64 based servers

l 2 GB of RAM in most cases. Erasing servers with 2+ drives requires more RAM.
l CD-drive or a CD-compatible drive for CD-booting.
l USB-port for exporting / saving reports locally and/or USB-booting.
l [Optional] SVGA display (1024*768 resolution or higher) and VESA compatible video card for
graphical user interface.
l [Optional] Ethernet NIC, DHCP Server running on local network.
l If the client software is running on a desktop, a sufficient PSU for all connected drives and hardware.

Blancco Drive Eraser can also be booted from a USB flash drive. A bootable USB flash drive can be created
with the help of Blancco USB Creator tool. Contact Blancco for more information.
If there is a dedicated network for erasing machines, Blancco Drive Eraser can also boot via a Preboot
eXecution Environment or PXE (as long as the machines to be erased support PXE booting). Contact
Blancco for more information.
As of version 6.3.0, UEFI Secure Boot is supported.
Version 6.6.0 and newer releases are fully compatible with Blancco Management Portal On-Premise
(BMPOP). However, older Blancco Management Console releases (<4.8.0) are not compatible due to
updated Digital Signature in a later version. Starting from version 6.12, the digital signature can also be
customized via CT 2.12 or newer (see the CT user manual for more details).

12
 Drive Eraser can erase any connected drive (SATA1, SCSI2 / SAS3, FC4, USB, eMMC, NVMe5) as well as
removable flash-based devices (check the chapter “Removable flash devices” for additional information).
Requirements for the User
Person(s) using this program should have prior experience using computers and the user should, at all
times, follow the guidance of this documentation and all guidance given by Blancco.
Booting and Computer Settings

l Check that all the drives are attached properly to the computer. See the manufacturer’s guide for
this.
l Check that the BIOS clock’s time is up to date.
l If you have a laptop computer, plug in the power adapter. There may be problems when erasing a
laptop on battery power.
l Disable or type the BIOS passwords requested during the booting up phase. This refers to the
passwords that some computers require even before the actual booting starts. Other kinds of BIOS
passwords do not usually prevent erasing the drive.
l Disable power saving features from the BIOS.
l Set the storage configuration as "AHCI" (not as "RAID").
l Note. This step is usually not needed, but some hardware may have problems if power saving is
enabled, so if you have just one license, it is prudent to do this. In a recycling center or corporate
environment this should be done only if there are problems with the given computer model when the
power saving is on.
l If your Blancco Drive Eraser software is in *.iso image form, make a bootable USB-stick or burn it to a
CD.
l Switch-on the computer power, put in the Blancco Drive Eraser CD and boot the system from the CD
(or use the booting that suits you best).
l Follow the user instructions in order to start erasing the data. Double-check that all data storage
devices have been detected correctly so that all the data will be correctly erased from them.

Note Blancco provides the SHA256 checksum of the ISO image in the delivery email. To verify that the
SHA256-checksum for your image is correct, please use a SHA256 checksum verification tool.
Warning! Shutting the computer down, exiting the program, disconnecting the drive(s) or
pausing/cancelling the process when Blancco Drive Eraser is performing an erasure on the drive(s) with
NIST 800-88 Purge6 - ATA, BSI-GS/E, (Extended) Firmware based erasure or Blancco SSD Erasure, can

1Serial ATA or SATA is an evolution of the Parallel ATA physical storage interface. SATA is a serial link – a single cable with a
minimum of four wires creates a point-to-point connection between devices.
2Short for Small Computer System Interface, a parallel interface standard used by Apple Macintosh computers, PCs, and many UNIX
systems for attaching peripheral devices to computers.
3Short for Serial Attached SCSI, it is a communication protocol used to move data to and from computer storage devices such as hard
drives and tape drives. SAS is a point-to-point serial protocol that replaces the parallel SCSI bus technology.
4A serial data transfer architecture. The most prominent Fibre Channel standard is Fibre Channel Arbitrated Loop (FC-AL).
5NVM Express (NVMe) is a logical device interface specification for accessing non-volatile storage media attached via a PCI Express
(PCIe) bus. NVM, stands for non-volatile memory, which is commonly flash memory that comes in the form of solid-state drives
(SSDs).
6A level of security defined by NIST that protects against laboratory attacks.

13
 permanently damage the drive(s). This also applies to any erasure with the “Erase remapped sectors”
option checked.
Note In a general way, you should avoid shutting down the computer, exiting the program or disconnecting
any drive while erasing it with any standard. This is because all erasure information will be lost and the drive
may result damaged.

1.1 Legal Notice

Notwithstanding the foregoing, Blancco shall bear no responsibility for any interference, operability, or other
compatibility issues which may arise as a result of any changes or updates made to the operating systems
and/or hardware upon which the Blancco Software is executed. Likewise, Blancco shall be in no way
responsible for any interference, operability, or any other issues resulting from infection of systems and
hardware upon which the Blancco Software is executed by any form of virus, Trojan Horse, worm, malware,
or spyware of any form or type (collectively referred to hereafter as “Virus” of “Viruses”). The sole
responsibility for maintaining a Virus free environment for the operation of the Blancco Software or
Hardware solutions shall rest solely with the Company.
The license to the Product is non-transferable and is granted personally to the Licensee, and the Licensee
shall not, without prior written consent of Blancco, be entitled to assign or transfer the license for any reason
including, without limitation, merger, reorganization, sale of all or substantially all of the assets, change of
control or operation of law.

1.2 Copyright and Confidentiality Statement

No part of this manual, including the products and software described in it, may be reproduced, transmitted,
transcribed, stored in a retrieval system, or translated into any language in any form or by any means,
except documentation kept by the purchaser of Blancco Drive Eraser. The information contained in this
document is subject to change without notice. Products and corporate names appearing in this manual may
or may not be registered trademarks or copyrights of their respective companies, and are used only for
identification or explanation and to the owner’s benefit, without intent to infringe.
Copyright © 2025 Blancco Technology Group. All rights reserved.
This document is strictly confidential and personal to its recipients and may contain legally privileged and/or
copyrighted, trademarked, patented or otherwise restricted information viewable by the intended recipient
only. Blancco Technology Group makes no representations and gives no warranties of whatever nature in
respect of this document, including but not limited to the accuracy or completeness of any information, facts
and/or opinions contained therein. By accessing this document, you acknowledge, accept and agree to the
foregoing.

14
 2. Blancco Drive Eraser User Interface
When booting up the software, the booting option can be selected from the first splash screen:

The options are:

l Normal startup (safe resolution)

l Normal startup (native resolution)
l Installer
l FLR during startup - Default selection
l Show startup messages
l Customized startup

For more information about the booting options, see the chapter “Booting Options”.
If the memory test is enabled, the system memory (RAM) is tested during this phase. A message about
ongoing memory test is displayed on the screen (works mostly on BIOS machines). Note that if the device
has a large amount of RAM, this test might take a long time to complete.
When Blancco Drive Eraser is booted, the main view is shown after the loading screen. It is divided into
three main areas: the header area, the process area and the work area.
Note: You can adjust the display scaling for better readability with the "Scaling" settings in the General tab
of Blancco Configuration Tool (CT). Default setting is 100% and it can scale up to 200%.

15
 2.1 Header area (1.)
The header area contains information about the software in use, such as the software name and the
version.
The Header area also contains a series of buttons called Function buttons which have a general purpose,
such as changing the user interface language, keyboard layout configuration, screensaver settings,
communication settings, reporting an issue, help menu and shutting down the machine.

2.2 Process area (2.)

The process area contains the numbered steps required to detect and erase the machine’s drives
(“Erasure”-step), run hardware tests (“Hardware tests”-step), update the erasure report (“Custom fields”-
step), view and back up the erasure report (“Report”-step).

2.2.1 Basic process

The basic erasure process is articulated around four steps. These steps can be followed in order, but not
necessarily:

16
 1. Erasure – Choosing what to erase and how and starting the erasure
2. Hardware tests – Testing the main components of the machine (not available in all modes, can be
turned off)
3. Custom fields – Report filling and updating (can be turned off)
4. Report – Checking the report and sending and/or saving it.

2.2.2 Multitasking
Blancco Drive Eraser’s user interface makes multitasking possible by letting the user navigate freely
between the tabs during an active erasure process.
Example scenario: The machine has 3 drives. The user starts erasing the drive 1 (Erasure). After this, the
user can update the report (Custom fields), run tests on the hardware (Hardware tests), or even send/save
an incomplete report (Report), all while the drive is being erased. Also the user can start erasing the drives 2
& 3 simultaneously, or erase them individually.

2.3 Work area (3.)

The work area contains all the specific information and details for every process step: available drives and
erasure standards in “Erasure”-step, additional fields for report editing in “Custom fields”-step, asset and
erasure information in “Report”-step.
Most of the actions of the user and interaction with the software take place in the Work area. Also, if an
erasure raises a warning, a “yellow” informative message is written in the report.

2.4 Popups for special drives

A popup is displayed if the system has at least one extra removable Flash-based drive is detected on the
machine, with the information: "Device Detected - Blancco Drive Eraser has detected removable flash drive
(s). Please consider removing or erasing them.".

2.5 Storage controller mode switching

When Blancco Drive Eraser detects a storage controller with several modes and the mode of a storage
controller can be changed, a popup is displayed informing that. In the pop up, an approval to reconfigure the
operating mode is requested. This reconfiguration is done to increase the amount of control Blancco Drive
Eraser has over the drive, which can increase the erasure performance.
There are two options on the pop up: "Yes, proceed" proceeds with the reconfiguration and "No, skip" skips
the reconfiguration ("No, skip" is highlighted by default, configurable via CT). There is a time limit on the pop
up (default value 30 seconds, configurable via CT).
Note that during reconfiguration all virtual volumes are deleted and the system is restarted. This can result
in permanent data loss.

2.6 Other Popups

A pop up is displayed if the CA certificate on BMPOP fails validation, with the following
information: "Blancco Drive Eraser Warning - Certificate validation failed.".

17
 3. Header Area
3.1 Product name, software version and license control
Blancco Drive Eraser product name (Volume Edition, Enterprise Subscription Edition, Enterprise
Volume Edition) and software version are located on the top left of the screen, under the logo.

3.2 Image usage

Under the version number there is a space where the user can set a label that specifies the usage of the
Blancco Drive Eraserimage, for easy identification in environments where several images are configured
with different settings. Example: “For laptops with SSDs”, “For servers, HMG 1x”.

The image usage label is configurable with CT1.

3.3 Settings function button

The Blancco Drive Eraser settings are accessed via the “Settings”-button.

3.3.1 General settings

Pressing the button opens the Settings-window. The Settings-window has several tabs. The General tab
contains information related to the User Interface, Licenses and Screensaver:

1Blancco Drive Eraser Configuration Tool. Blancco software used to configure the Drive Eraser ISO image to best fit the user’s needs.
Please read the DECT manual for more information.

18
 Item Example Description
User Interface Settings
Language: English – en The language used in the software.
Keyboard Layout: English (United States) - us Keyboard layout used in the system.
Enable switching input method for Japanese or Korean. The
Enable input
On or off method can be switched easily with Shift+ Space. See also Key-
method switching
board Controls chapter for other keys.
Screensaver Settings
Enable
On or Off Enable/disable the screensaver.
screensaver
Timeout of the screensaver (in seconds), time of inactivity before
Timeout (sec.): 30 the screensaver is turned on. Possible values: from 5 sec. to
86400 sec. (1 day).
License options
Allows user to change the license container between HASP and
License container Local HASP
BMPOP.
Sound
Volume 70 Allows the user to change the volume of the sound notifications.
Accessibility
Screen reader Allows the user to hear vocal feedback about what happens on
On or off
enabled* the UI. Requires a separate ISO filed with the feature enabled.
Speaking rate 80 Adjust the speaking speed with the slider.
Enabling key echo makes the reader say each button press out
Key echo enabled On or off
loud.

19
 * If you need the Screen reader feature, please contact Blancco for an image file with the feature enabled.

3.3.2 Communication
The Communication tab contains information related to BMPOP and BMP connectivity and Network share
connection. You can change wireless settings in CT as well.

Item Example Description

Communication settings
Select which Blancco product you want to set com-
Either Blancco Management Portal or
Blancco Account munication with. With BMP, there is no need to add Host-
Management Portal On-Premise
name or Port.
IP-address of the server running the BMPOP. Supports
Hostname / IP: 10.1.1.1
both IPv4 and IPv6.
Port number of BMPOP. This port was set up when
installing BMPOP; it is the port 8443 by default (HTTPS pro-
Port: 8443
tocol always enforced). Please check the BMPOP manual
for more information.
User details for accessing BMPOP/BMP. Username and
password can be shown temporarily by clicking the eye
Username: ExampleBMPOPUser
symbol. Minimum length is 3 characters and maximum 64
characters.
Password for accessing the BMPOP/BMP. Minimum length
Password: VeryStrongPassword
is 6 characters and maximum 64 characters.
The validation of the hostname remote certificate is
Do Not Validate
enforced by default. If turned on, this checkbox disables the
The Remote Cer- On or Off
certificate validation for hostnames. Certificate validation is
tificate:
disabled by design on IP addresses.
Network share connection
Hostname / IP 10.1.1.1 IP-address of the server running the BMPOP/ BMP.
Path Root/folder The path (i.e. folder) where reports will be saved
Username ExampleUser User for accessing Network share. Username and pass-

20
 Item Example Description
word can be shown temporarily by clicking the eye symbol.
Password VeryStrongPassword Password for accessing the Network share
Domain example.testing.com Optional, can set a domain address

Note: For VNC remote control settings, please see the CT manual.

3.3.3 Operation
The Operation tab contains information related to erasure and power saving:

Item Example Description

Erasure Settings
Maximum number of simultaneous erasures. If the number
of simultaneous erasures is less than the limit, then new
erasures can be started until the limit is met.
Simultaneous Erasures If the number of erasures exceeds this value, the excess
50
Limit and new erasures are put to erasure queue and are paused
until they can be started.
Note that the maximum number supported here can differ
between client software editions.
Fail the erasure if the erasure speed is lower than the value
Enable Speed Threshold On or off set in the “Speed Threshold” field.
Turned off by default.
The speed threshold for erasures.
Speed Threshold (MB/s) 0 The value range is 1-10000. The value is
Megabytes/second.

21
 Item Example Description
You can set a threshold for cancelling processes (erasure or
verification) that exceed the set time (configure in CT).
Process timeout enabled On or off The allowed time range is between 1 hour and 8760 hours
Note: Using this may result in bricked drives if the process
ends during a firmware-based erasure command!
Power Saving Settings
When enabled, this option allows the client software to spin
down magnetic disks when they have been idle for 5
minutes.
Also, when this option is enabled, maximum of one erasure
can be started per second. This is to prevent power peaks.
Spin Down Idle Disks On or off
In case of HDDs being erased in batches, this can reduce
the surge in power consumption by 40% (the HDDs being
queued or already erased stop consuming electricity). This
also saves energy after all drives are erased and before they
are removed.

3.3.4 Networking
The Networking tab contains information related to wired network, DNS and WLAN settings:

Both IPv4 and IPv6 protocols are supported, but if both are active at the same time, IPv4 is prioritized.
Note: IPv6 does not currently support Chromebooks or NVMe-oF features.
Note: You can change wireless settings (such as the encryption type and SSID) in both BDE and CT. As for
the encryption type, the "WPA-PSK" includes WPA-PSK, WPA2-PSK and WPA3-SAE (WPA3-PSK).
Wired network settings:

22
 Item Example Description
Interface Dropdown menu Chosen interface device for the wired network.
Is wired network enabled or not. If the wired network is not
Enabled On or Off
enabled, the settings below cannot be accessed.
Is DHCP used or not. If DHCP is on, the “IP address”, “Sub-
net mask” and “Gateway” settings are greyed out. Using
Use DHCP On or Off
DHCP is required when erasing storage systems, such as
HPE Alletra.
IP address 10.0.2.15 IP address of the device. Can be either IPv4 or IPv6.
Subnet mask of the device or prefix length (e.g. 64) when
Subnet mask / Prefix 255.255.255.0 / 64
using IPv6.
Gateway 10.0.2.2 Gateway address of the device.

MTU settings (for NVMe-oF)

Item Example Description
MTU represents the largest data packet
that a network-connected device will
Maximum Transmission Unit (MTU) 9000 accept, resulting in better efficiency. In
case of systems like Alletra, this value
would be 9000.

DNS Settings:
Item Example Description
Primary IP 8.8.8.8 Primary IP-address for the DNS-server.
Secondary IP 4.4.4.4 Secondary IP-address for the DNS-server.

VLAN Settings:
Item Example Description
ID of the Virtual LAN (VAN). Acceptable value range is 1-
VLAN ID 1234
4094.

Note that static network settings which have been pre-configured in the CT will applied to the first network
adapter which accepts the settings by default ("First suitable interface" option). If "Loop until succeeds"
option is selected on the CT, then the network adapters are looped until connection to BMPOP/Cloud is
successful.

3.3.5 Network Security

The Network security tab contains information related to proxy, Remote SSH and IEEE 802.1x
authentication settings:

23
 Proxy settings:
Item Example Description
Hostname / IP 10.1.1.2 IP-address of the proxy-server.
Port: 8080 Port number of the proxy-server.
Username ExampleProxyUser Username for accessing the proxy-server.
Password: VeryStrongPassword Password for accessing the proxy-server.

Remote SSH Connections:

Item Example Description
Allow remote connection from If enabled, remote SSH connections are allowed. If turned off,
On or off
Blancco Support remote SSH connections cannot be made to the Drive Eraser.

IEEE 802.1x authentication:

Item Example Description
Whether or not this feature is enabled. If network security is
enabled, then the support for 802.1x authentication is
Enabled On or off
enabled. This will allow network connection over network
adapters and WP2 enterprise Wi-Fi.
Whether or not the CA (Certificate Authority) certificate is
Use CA Certificate On or off used or not.
CA certificate can be included by using the CT.
Protocol PEAPv0/EAP-MSCHAPv2 Selected protocol for 802.1x authentication.
Identity networkidentity Identity used with the 802.1x authentication.
Password VeryStrongPassword Password used with the identity.

Notes:

24
 l If CA Certificate is enabled, adding a certificate is mandatory. Only a valid PEM with certificate and
private key or PKCS12 can be loaded. Size cannot exceed 10000 bytes.
l After entering sensitive data (username, password etc.), they will show up as "encrypted data" when
you re-open the settings menu.
l If there are issues with IEEE 802.1x authentication, it will be disabled after one round of every NIC
attempts. Returning to security has to be enabled manually from the settings.
o 802.1x authentication will be disabled only if "Fallback if inaccessible" setting is enabled in
DECT.

The NVMe-oF tab allows user to add NVMe-oF connections and adjust the settings.

Item Example Description

Add a new connection with the "Add
Manage NVMe-oF connections N/A new" button or delete one with the
"Delete" button.
Added connections will be listed in this
Connection (number) Connection 1
dropdown menu.
Available protocols are either TCP or
Protocol TCP
RDMA (RoCEv2).
Target IP 10.10.10.5 Target IP address
Target port 4420 Target port for the IP address

3.4 Report Issue function button

If issues are found, they can be reported by pressing the “Report issue”-button: with this button the user
generates a detailed report that contains additional system information and logs used to understand and
reproduce the problem. These issue reports must be attached and sent via email to Blancco Support for
further analysis.

25
 Pressing the button opens the Report issue-window:

The window is divided in to two fields: “Describe the issue”-field and settings related to saving the issue
report on an external media device. “Describe the issue” is mandatory, because it explains the problem.
If you want to save an issue report on an external device (USB-stick), first plug the media device into the
machine, then press the “Report issue”-button. The settings for saving the issue report consist of:

l Select media from the "Select media" menu, and choose the appropriate media device (USB-stick)
to save the issue report.

26
 l File name field, which defines the file name of the report. The default name of the report follows the
format: Date (yyyymmdd) time(hh24miss)_report
l A report named “20210527_092742_report” was created 27th of May, 2021 at 9:27:42 AM.
l This name can eventually be changed before saving the issue report to the external media.
l The only available file format is XML (it will automatically be added to the issue report name).
l Screenshot settings
l Max screenshots per issue report slider limits how many screenshots can be included.
l Screenshots can easily be removed or exported with the buttons below the slider.
l Save button, press this button to save the issue report on your external device (USB-stick).

The other available buttons in the window are:

l Send button, for sending the issue report to the BMPOP. This requires:
l A network connection and a server running the BMPOP.
l Correct Blancco Management Portal On-Premise settings filled in the Settings window.
l The chapter Send-button has more general information about report sending.
l Cancel button, to cancel the issue report generation and exit the window.

Note. When saving a report on a USB stick, make sure that:

l The USB stick has been preformatted by the user to FAT32 (most suitable format).
l The USB stick has a single partition.
l The USB stick name is not empty. Use preferably a name containing characters in the range a-z, A-Z
and 0-9.
l The USB stick is in a good condition, if you have any doubt re-format it or replace it.

Issue report can also be fetched by using Blancco Management Portal On-Premise (requires a working
connection to the BMPOP).

3.5 Help function button

The “Help”-button is used to open the quick-help menu.

Pressing this button opens the Help-window. This window contains general information about the software
(in English).
The Help window consists of two columns:

l The left column contains the Help table of contents.

l A search box is located on the top right corner of the screen.

27
 l The right column contains the Help content, selecting a chapter in the table of contents will
automatically update the content.

3.6 Shutdown function button

In order to shut down or restart the machine after a successful erasure, click on the “Shutdown” button.

If the report has not been saved or sent or if there are unsaved changes to the erasure report, then a popup
will be displayed informing the user about the situation. To continue to the shutdown dialog, click “Yes”. To
cancel and return to the main menu, click “No”.
After pressing the button, a confirmation popup window will appear. Confirm that you really wish to shut
down the machine by clicking on “Shut down” or restart the machine by pressing “Restart”. The machine
then powers off or restarts.

28
 4. Process and Work Areas
4.1 Processes
Processes define how the erasure process is handled and how much user interaction it requires. All
processes consist of predefined steps which are numbered and have to be followed to complete an erasure
and a report generation. There are three default processes: “Manual”, “Semi-automatic” and “Automatic”.
The configured process is visible in the Blancco Drive Eraser UI but can only be changed via the CT
software.

4.1.1 Manual
In this mode, everything is done manually. The erasure must be started by the user. The user must then
manually send the report to BMPOP or save it to a USB memory stick. Running hardware tests or updating
the report fields must also be done manually.
Step Behavior
1 - Erasure Must be run manually.
2 - Hardware Tests Must be run manually.
3 – Custom fields Must be run manually.
4 - Report Must be run manually.
5 - Shutdown Must be run manually.

4.1.2 Semi-automatic
In this mode, the erasure is automatically started. This process waits for the user to perform manual
hardware tests, but updating the custom fields must be done manually if they are set as mandatory (skipped
if not mandatory). The report is automatically sent to the BMPOP/BMP after the report fields have been
updated. A popup to shutdown or restart the machine is always shown at the end of testing.
Report saving is optional and it must be done manually.
If one of the automatic steps doesn’t finish successfully, the process will be interrupted, but a report will be
sent nevertheless.
Step Behavior
1 - Erasure Automatically run.
2 - Hardware Tests Run manually 1.
3 – Custom fields Must be run manually.
4 - Report Automatically run (report sending)1.
This behavior can be modified through the CT. For more
5 - Shutdown
information, see the chapter “Automatic Restart/Shutdown”.

1The report saving is also possible but it is a manual procedure.

29
 4.1.3 Automatic
In this mode the erasure is automatically started and the report is automatically sent to the BMPOP. This
process waits for the user to perform manual hardware tests, but updating the custom fields must be done
manually if they are set as mandatory (skipped if not mandatory). Saving reports is optional and must be
done manually. A popup to shutdown or restart the machine is always shown at the end of testing.
After the erasure, a report will be sent to BMPOP /BMP.
Step Behavior
1 - Erasure Starts automatically.
2 - Hardware Tests Run manually 1
3 – Custom fields Must be run manually. 2
4 - Report Automatically run (report sending) 3.
This behavior can be modified through the CT. For more
5 - Restart/Shutdown
information, see the chapter “Automatic Restart/Shutdown”.

4.1.4 Workflow
The process is managed by a workflow which is fetched from BMPOP/Blancco Cloud. See chapter
“Workflow Process” for more information.

4.2 Erasure-step
The Erasure-step is the first defined default step. When clicking on this step, the user can see in the work
area the drives available for erasure. If the software has been configured to display drive partitions, then all
detected drive partitions are displayed and they can be erased separately. The erasure step’s tab also
shows some information about the erasures’ overall process.

4.2.1 Tab color and overall progress

The Erasure-step tab’s color informs of the overall erasure progress: not started (gray), ongoing (dark blue),
successful (green), failed or canceled (red), paused (blue). Whenever there is at least one erasure ongoing,
the erasure percentage is also displayed in the tab. Information about the number of drives being erased
and their status is written under the “Erasure” tab.

Erasure tab – erasure not yet started:

Erasure tab – ongoing erasure (1).

1The software will wait until the step is finished.

2The software will wait until the step is finished.
3The report saving is also possible, but it is a manual procedure.

30
 Erasure tab – successful erasure(1)

Erasure tab – failed erasure(s)

Erasure tab – canceled erasure(1)

Erasure tab – paused erasure(1)

4.2.2 Remaining time and state icon

Indication of the remaining erasure time is also displayed next to the “Erasure” tab.

If there are multiple drives in different states, then the erasure-tab may look like the next picture:

4.2.3 Work area

More specific functionality and information is shown in the work area. Most of the physical interaction with
the software is done in this area.
In this view the user can individually select or group the drives for erasure. The erasure method (or
standard) the user wants to use, whether or not the remapped sectors are erased from the drive as well as
the level of the verification (which is done during or after the erasure) can also be defined individually or per
group. By clicking “Erase”, the software starts the erasure process for all of the selected drives. The
progress bar and time remaining indicator show how long it takes before the process completes.
The drives can be displayed in either List-view or in Grid view. To change between the views, click on the
List/Grid-view icon or press CTRL+W:

31
 In the Grid-view, the drive cards are more compact and they are arranged in a grid-structure:

When Grid-view is used, some of the information is only displayed when mouse is hovered over the specific
icons, like the device info icons:

Note that the erasure standard shown during the erasure is shown in shortened form. For example, "HMG
Infosec Standard 5, Lower Standard" is displayed as "HMG Lower".
The default option is List-view and that view is used in the majority of the screenshots in this documentation.
The listed drives can be narrowed down by using the search bar. To start a search, click on the Search-field,
or use press CTRL+F. For example, using the term SATA would only display drives with that term on their
information:

The search bar can search all the drive information available in GUI (Number of drives, Vendor, Model,
Type, Size, Serial number) and by status. For Chromebooks, the CPU type is also a searchable
information. Note that the search bar also accepts regular expressions and because of this, characters
outside of [A-Z], [a-z] and [0-9] may need to be escaped with backslashes.
The search function is not case-sensitive. The search will start as soon as something is entered in the field,
and it can easily be emptied by clicking the (x) icon.

32
 It is possible to search by erasure status by using the exclamation mark ( ! ). There are multiple possibilities,
such as:

l ! – Shows everything, same as not writing anything in the field.

l !s or !successful – Searches all drives with a successful status.
l !c – Searches all drives with a canceled status.
l !f – Searches all drives with a failed status

If the computer has empty drive slots, which are visible to the software, the visibility of those slots can be
toggled on/off by using the "Show empty slots" button or by pressing CTRL+M:

All the drives connected and running in the computer are shown in the view. Please check that the drives
have been correctly identified. The drive information available in the GUI is:

l Number of drives,
l Vendor/Model – vendor or the model of the drive,
l Type – connection type (SATA, SPI, SSD…),
l Size – size of the drive (in GB),
l Serial number – serial number of the drive.

The drives have both a running ID and a bay ID: X (Y-Z) with X being the running ID, Y-Z being the bay ID
(where Y is the controller ID and Z is the controller port number where the drive is connected).

33
 If the color of the bay ID is black (e.g. 2-13) this means that the controller supports port mapping e.g. “2-13”
would correspond to the 13th port in the controller number 2. This port mapping is remembered between
boots and it is shown consistently.
If the color of the bay ID is yellow (e.g. 1-2) this means that the controller does not support port mapping:

l The controller detected in first position by the OS will get the value 1-*, the controller in second
position will get the value 2-* and so on.
l Similarly, the drive detected in first position will get the value *-1, the drive detected in second
position will be *-2 and so on.
l Therefore, "2-13" would correspond to the drive detected in 13th position on the controller detected
in second position.
l This numbering changes between boots and it is not consistent.

4.2.3.1 Erase-button
The erasure process is always started from the “Erase” button, which is located on the bottom right of the
screen, or press the Ctrl + E combination.

After the “Erase”-button is pressed a confirmation window is shown: pressing “Yes” continues to the
erasure, pressing “No” exits the window and does not start the erasure. The Blancco EULA can also be
accessed from the confirmation window.

Warning! If a drive has a Freeze lock, Blancco Drive Eraser can attempt to remove it: in such case, the
screen may momentarily turn off but should resume after few seconds. Please be patient and wait for the
screen to resume. For more information about Freeze lock, see the chapter Freeze lock.

34
 4.2.3.2 Locate Drive -button
There is the possibility to blink the LED of a drive from the GUI. This helps to locate the drive on the machine
or in an enclosure.
Select one or several drives and press the Locate drive-button to toggle the blinking:

When the locate drive button or CTRL + L is pressed, the selected drives will start on the UI.
If keyboard shortcut CTRl + ALT + L is pressed, then all detected drives start blinking their LEDs’:
The button’s operation follows these rules:

l User can start blinking a drive that is not erasing, or is erasing but paused.
l If the drive is erasing (not paused), the button is disabled.
l Blinking will continue for 30 seconds or until the user stops it or erasure is started on that drive.
l There is no limit on the amount of drives that can be blinking at one time.

The actual LED blinking for a drive will happen in one of two possible ways:

l If there is an enclosure with LEDs available, the actual LED on the enclosure will do the blinking (the
enclosure has to be supported by Blancco Drive Eraser).
l If there is no enclosure available, the blinking will be done by reading the drive in a pattern that is
distinguishable from regular drive usage (or erasure).

4.2.3.3 Erasure Settings button

The erasure options can be accessed by clicking the gear-icon on the bottom right of the screen and then
clicking the sub menus:

35
 In the erasure options, the following settings are available:
Pre-processing options (see "Drive self-tests " on page 100)
In-process options:

l Choose erasure standard and verification level. For info, see the chapters Erasure standard and
Verification.
l Overwrite pattern type – Select in what pattern an erasure is completed (works only with NIST
800-88 Clear)
l With the Static option, you can choose the byte value.
l Erase remapped sectors – If this option is turned on, the remapped sectors are erased during the
process. This option is turned off by default.

36
 l Fail erasure if unsuccessful – This option is available only if the option “Erase remapped
sectors” is activated:
l If this option is turned on, and the drive has at least one remapped sector, and the
erasure of remapped sector fails or it is not supported by the drive, then the whole
erasure will fail immediately and the report will display the error message "Drive
doesn't support remapped sectors erasure".
l If this option is turned off (default), and the drive has at least one remapped sector, and
the erasure of remapped sector fails or it is not supported by the drive, then the erasure
continues but in the end the report will display the exception "Drive doesn't support
remapped sectors erasure".
l Remove hidden areas – If this option is turned on, hidden areas of the drive (e.g. HPA, DCO) are
removed.
l Enforce Blancco SSD method on SSDs – If this option is turned on, all drives detected as SSDs are
systematically erased with the “Blancco SSD Erasure” standard, other drives (e.g. HDDs) are erased
with the (pre)selected erasure standard. Note that NVMe drives are affected by this as they are a
type of SSD.
l Show Drive Partitions – If this option is turned on, the drive’s partitions are displayed and they can be
erased separately.
l Preserve recovery partition – If this option is turned on, any GPT partitioned drive that has a
Windows recovery partition is partially erased (the area of the drive containing the partition is
preserved / not erased while other areas are erased), other drives are erased normally.
l Use WRITE SAME command – This option is enabled by default. It allows faster erasure with
periodic patterns. Only applied to SCSI/SAS drives.
l Configure firmware-based commands – From this dropdown menu, you can select which commands
are enabled/disabled. By unchecking any of the options, that command will not be performed.
o If NVMe Format commands (Crypto Erase and User Data Erase) are executed with IEEE
2883-2022 Purge standard, an exception message is shown in the reports "Sanitization
includes vendor-specific purge commands" (NVMe drives). In such case, purge level might
not be achieved and that should be confirmed by the drive vendor.

Post-processing options

l Format Drives After Erasure – if this option is turned on, erased drives are formatted after their
erasure process have been completed. The file system, to which the drives are formatted to, can be
selected from the dropdown menu below the option. Available file systems are: NTFS, FAT32 and
exFAT. This option can be used with ATA, SCSI and SAS, NVMe, eMMC, USB based drives.
o If "Format Drives after Erasure" option is enabled in the Erasure Settings, Bootable asset
report and Fingerprint options will be disabled if they were enabled through CT.

More information about the effects of these options can be found in the Blancco Drive Eraser Security
features chapter.
If the lock icon is displayed, then the erasure settings have been locked in CT. This means that none of the
erasure settings can be changed by the user:

37
 4.2.3.3.1 Erasure standards

The erasure method or standard used to wipe out the drives can be selected from the “Erasure standard”
drop-down list:

Note: this list can be configured via CT, where you can select a subset of standards (for example, only
standards that comply with your company policy), which will then be displayed in the drop-down list instead
of a full list of standards shown below.
Blancco Drive Eraser supports more than 20 erasure standards. See the detailed list below:
Erasure Standard Overwriting Rounds
Air Force System Security Instruction 5020 4
Aperiodic random overwrite 1
Blancco SSD Erasure 2+*
Bruce Schneier's Algorithm 7
BSI-2011-VS 1-2*
BSI-GS 1-2*
BSI-GSE 2-3*
BSI-GSK 1
CESG CPA – Higher Level 3
Sanitize Cryptographic Erasure 0**
DoD 5220.22-M 3
DoD 5220.22-M ECE 7
IEEE 2883-2022 Clear 0-1*
IEEE 2883-2022 Purge 0*
NIST 800-88 Clear*** 0-1*
NIST 800-88 Purge 0*
NIST 800-88 0-1*
Firmware Based Erasure 0*
Extended Firmware Based Erasure 1*
HMG Infosec Standard 5, Higher Standard 3
HMG Infosec Standard 5, Lower Standard 1
National Computer Security Center (NCSC-TG-025) 4
Navy Staff Office Publication (NAVSO P-5239-26) 3
NSA 130-1 3
OPNAVINST 5239.1A 3
Peter Gutmann's Algorithm 35
U.S. Army AR380-19 3
RCMP TSSIT OPS-II 8
Random byte overwrite (3x) 3
TCG Cryptographic Erasure 1
Erasure standards supported by Blancco Drive Eraser. See the chapter Execution steps of the
erasure standards for more information
*: standard including a firmware based erasure step

38
 **: See chapter “Sanitize Cryptographic Erasure Standard”
*** With NIST 800-88 Clear, you can select the Overwriting type in the BDE and CT settings (either Static
or Aperiodic random)

4.2.3.3.2 Verification

The amount of verification done during or after the drives’ erasure can be selected from the “Verification”
slider:

See the Erasure verification section for more details.

4.2.3.4 Hexviewer-button
The Hexviewer is used to check the content of a storage media in hexadecimal format. Whenever a drive is
overwritten with Blancco Drive Eraser, a pattern (either static or random) is used to overwrite it: the hex-
format of this pattern (e.g. 0x00, 0xAA, 0x924924…) can be viewed with the Hexviewer thus providing a
visual verification of the performed erasure result. In order to access the Hexviewer, select one or several
drives (before or after the erasure) and press the Hexviewer button to check their content.

39
 Item Example Description
Drive pane (left side)
A list displaying all the drives selected by
the user. Each drive is identified with its
Drive: 1 VBOX HARDDISK (1.07 GB) VB1a...
number, vendor and model, capacity
and serial number.
Sector pane (Right panel)
The left side of the Hexviewer displays
the sector’s data in hexadecimal format.
Left column 48 69 21 00 AA
If the sector size is 512 bytes, the left
side will be a 32 x 16 matrix.
The right side of the Hexviewer displays
the sector’s data in ASCII format. If the
sector size is 512 bytes, the left side will
Right column Hi!..
be a 32 x 16 matrix. Non-printable ASCII
chars and non-ASCII chars are
represented by a dot (“.”).
Used to scroll through different sectors.
Horizontal slider - It can be moved with the arrow keys and
with the mouse.
Moves to and displays the first sector of
<< (First-button) -
the drive.
< (Previous-button) - Moves to and displays the previous

40
 Item Example Description
sector.
Sector being viewed currently, displayed
against the total amount of sectors of the
drive. Typing a sector number and
pressing the Enter-key will show the
Select sector: 100
sector in question. Note that the first
sector is numbered 0 i.e. a drive with
100 sectors will have sectors in the
range 0-99.
> (Next-button) - Moves to and displays the next sector.
Moves to and displays the last sector of
>> (Last-button) -
the drive.

The Hexviewer can also be used to read the Digital Fingerprint information, please check chapter Digital
Fingerprint for more information.

4.2.3.5 Drive’s progress bar

The erasure progress of each individual drive can be monitored via a progress bar which displays the
erasure state, erasure standard, percentage of erasure, erasure speed and also offers the possibility to
pause and/or cancel the erasure.

Not started
In this state, the erasure has not been started or the selected drive is
not active.

Ongoing In this state, the erasure process is being performed. The progress is
shown by the progress bar. Current erasure percentage, remaining
time to complete the erasure, write speed and erasure standard are
displayed above the progress bar.

In this state the, the progress bar has a looped animation and the drive
Ongoing Firmware is executing a firmware based command e.g. ATA secure erase, SCSI
Command format unit, Sanitize feature set command, TCG command, etc. If
available, the percentage of completion of the firmware command is
shown above the progress bar.
When a firmware command is being executed, the drive cannot be
paused or canceled and the locate drive button is turned off.

Paused
In this state, the erasure has been paused by the user. The erasure can
be resumed by pressing the resume-button or canceled by pressing the
cancel-button.

41
 Completed
When the erasure has been successfully completed.

Canceled
If the erasure has been canceled by the user.

Failed
If the erasure has failed (due to e.g. read/write errors during the
erasure).

Pause button
This button pauses an ongoing erasure. Select one or several drives
being erased and press the Pause button to pause the drive erasures.

Resume button
This button resumes a paused erasure. Select one or several drives
being paused and press the Resume button to resume the drive
erasures.

Cancel button
This button cancels an ongoing erasure. Select one or several drives
being erased or paused and press the Cancel button to cancel the drive
erasures.

4.2.3.6 Drive info icons

Depending on the drive, several icons can appear under the progress bar. Note that the Grid-view uses
smaller icons, which show their info when the mouse cursor is hovered over them. The icons can be:
Grid-
Name List-icon Explanation
icon
If this icon is displayed. It means that the drive has
been inactive for 5 minutes and has been spun
Standby-mode
down. This feature can be managed in the
Settings-window or in the CT.
This icon will appear if remapped sectors are
detected on the drive. The number displayed after
the Remapped string is the number of remapped
Remapped sectors sectors detected on the drive.
count The number of detected remapped sectors can
change during the erasure, as it is first detected
before the erasure takes place but it can be
updated after the erasure (in particular if the

42
 Grid-
Name List-icon Explanation
icon
erasure standard includes a firmware based
erasure step).
This icon will appear if read or write errors are
detected on the drive. The number displayed after
the Errors string is the number of read and write
Error count errors occurring during the erasure.
The number of errors can change during the
erasure, as it is detected in real time.
These icons will appear if hidden areas are
detected on the drive. The possible hidden areas
are DCO, HPA or both.
Hidden areas The detected hidden areas info can change after
the erasure, as they are first detected before the
erasure takes place but they may be removed
during the erasure (and not be displayed after it).
This icon is displayed when the drive is password
Password protected. Blancco Drive Eraser cannot erase
protected drive password protected drives, unless the password is
entered by the user before the software boots.
This icon is displayed in case the drive does not
support at least one of the erasure options:
l E.g. selecting an erasure standard that
Erasure option is enforces a firmware based erasure while
not supported the drive doesn’t support it.
l E.g. selecting the "Erase remapped
sectors" option while the drive doesn’t
implement commands to do it.
This icon is displayed in case the drive does not
fully support the erasure standard, but the latter
offers a fallback:
Erasure standard
has a fallback l E.g. selecting an erasure standard that
possesses a firmware based erasure step
that can fall back to a normal overwriting
during the erasure process.
GPT recovery This icon is displayed whenever the software
partition detected detects a GPT Windows recovery partition.
This icon is displayed if the software is configured
to preserve the GPT Windows recovery partition (or
to show the drive partitions) and the user attempts
Erasure not to erase the drive with the recovery partition (or an
allowed individual partition) with erasure options that erase
the whole drive (e.g. using an erasure standard that
contains firmware-based erasure step(s) or
selecting the “Erase remapped sectors” option).
Displays the current temperature of the drive. Only
Drive Temperature
available on NVMe and SATA devices.
This icon is displayed, if the “Execute Self-tests On
Self-Tests Drives” erasure option is activated and the drive
supports those tests.
This icon is displayed, if the drive supports TCG
TCG Cryptographic Cryptographic Erasure, which is used in “TCG
Erasure Supported Cryptographic Erasure” and “NIST 800-88 Purge”
erasure standards.

TCG Enterprise This icon is displayed, if the drive supports TCG

43
 Grid-
Name List-icon Explanation
icon
Cryptographic Erasure, which is used in “TCG
Cryptographic Erasure” and “NIST 800-88 Purge”
erasure standards and drive is TCG Enterprise
SSC specification compliant standard.
This icon is displayed if the drive supports the TCG
Opalite feature set. This feature set can
cryptographycally erase the drive. The feature set
is detected and reported but presently the
TCG Opalite
cryptographic erasure is not supported yet, it will be
supported within “TCG Cryptographic Erasure” and
“NIST 800-88 Purge” erasure standards in the
coming releases.
This icon is displayed if the drive supports the TCG
Pyrite feature set. This feature set can
cryptographycally erase the drive. The feature set
is detected and reported but presently the
TCG Pyrite
cryptographic erasure is not supported yet, it will be
supported within “TCG Cryptographic Erasure” and
“NIST 800-88 Purge” erasure standards in the
coming releases.
This icon is displayed if the drive supports the TCG
Ruby feature set. This feature set can
cryptographycally erase the drive. The feature set
is detected and reported but presently the
TCG Ruby
cryptographic erasure is not supported yet, it will be
supported within “TCG Cryptographic Erasure” and
“NIST 800-88 Purge” erasure standards in the
coming releases.
This icon is displayed if the drive is completely
locked (read/write protected) via a TCG command.
Such command can be issued by the BIOS/UEFI
(e.g. automatic drive locking on re-power is
TCG Locked enabled) or by the machine operating system. The
drive needs to be unlocked before it can be erased,
this can be achieved by entering the drive
password or by performing a PSID Revert
operation.
This icon is displayed if the TCG commands on the
drive are locked with a password. The drive can be
Password Locked
read and written, but in order to erase it with TCG-
TCG Drive
based erasure commands (e.g. with the "TCG
Crypto Erasure" standard) it needs to be unlocked.
This icon is displayed if a Shadow MBR area is
Shadow MBR area
detected on the drive. For more information, see
detected
the Shadow MBR chapter.
This icon is displayed if a the drive has Block
SID Authentication enabled.
Drive Eraser will detect if SID block is active on
certain drives during boot and will show a popup
asking the operator whether they want to disable
SID block enabled
the SID block. If user confirms the action, the PPI
request is sent to BIOS, the machine is rebooted
and SID block is removed.
For more information, see the Block SID
Authentication chapter.

44
 Grid-
Name List-icon Explanation
icon
Drive has depopulated areas that were not erased
Storage Element and can contain data. Restoration of the depop-
Depopulation ulated elements can be only done on IEEE Clear
and Purge.
Drive has detected detached namespace(s) or
NVMe detached
namespaces without a block device, which may
namespaces
contain data.

Drive has unallocated space. User can try attach-

Unallocated space
ing unallocated space by clicking the icon.

Namespaces with This icon is displayed if one or more namespaces

Key Value IO Com- on the NVMe are associated with the NVMe Key
mand Set Value Command Set.
When this icon is displayed, it means that the drive
Persistent Memory
has Persistent Memory Region (PMR). This is sup-
Block (PMR)
ported by NVMe.
NVMe Boot Par-
Drive has NVMe Boot Partitions.
titions
Drive has "Write Protection / Write Protect Until
Namespace Write
Power Cycle / Permanent Write Protection"
Protection
enabled. In that case, erasure is not supported.
Drive has "Replay Protected Memory Block
(RPMB)" area. The RPMB partition is a small por-
tion of memory dedicated to storing system secur-
Replay Protected
ity-related information, such as certificates, device
Memory Block
IDs, login attempt counters, etc. This area cannot
be removed. This area is not designed to store user
data (supported by NVMe).
"Drive is a zoned storage device." The icon is dis-
played when certain SAS / SCSI, SATA/ATA or
Zoned Storage NVMe drives are zoned storage device type (e.g.
Device Host-aware, Host-managed or Sequential Write
Zone type), which means that erasure is often not
compatible with them.

If the Report Per Device mode is turned on, or a workflow is run on the drive-level, each drive will show the
following icons:
Report state:

Custom fields state:

Workflow state:

Their color logic follows the same general logic with the rest of the software:

l Gray - Not started or not defined.

l Yellow - There is an issue or not fully finished.

45
 l Green - Successful.
l Red - Error, stopped, canceled.

More information is available by mouse hovering over the icon.

4.3 Hardware tests –step

By default, this step is disabled. This step can be turned on or off from the CT. When enabled, the Hardware
tests-step is the second defined default step. When clicking on this step, the user can see in the work area
all the hardware tests available.

4.3.1 Tab color and overall progress

The Hardware tests-step tab’s color informs of the overall hardware test progress: not started (no icons),
successful (green check mark), failed (red !-icon). Information about the number of tests ongoing and their
status is also written under the “Hardware tests” tab.

Hardware tests tab – manual tests not started.

Hardware tests tab – all tests successful.

Hardware tests tab – at least one test has failed.

4.3.2 Work area

The list of available hardware tests and their current states are visible in the work area.

46
 4.3.2.1 Available tests
Detailed information about each test is found in the chapter “Hardware tests”.

4.3.2.2 Running tests / Test-button

To run the tests, select the tests to run:

After that, click on the "Run selected tests" or press CTRL + T:

On the right side of the tests names are their current state in the Results column. The state can be:
Not performed – The test has not yet been run.
[No icon is shown]
Successful – The test was run and the tested hardware worked correctly.

47
 Failed – The test was run and the tested hardware didn’t work correctly.

Cannot be performed - The test cannot be run with current hardware setup:

4.4 Custom fields-step

The "Custom fields”-step is the third defined default step. In this step, the erasure report can be edited
before, during and after the erasure.

4.4.1 Tab color and overall progress

The Custom fields-step tab’s color informs of the overall report editing progress: not started (gray), ongoing
(blue), successful (green), incorrect (red). Information about the update status is also written under the
“Custom fields” tab.

Custom fields tab – report editing not started.

Custom fields tab – text has been filled into the fields but it is
not yet validated.

Custom fields tab – fields have been filled in and validation is

successful.

Custom fields tab – validation is not successful, mandatory

fields have been left empty.

4.4.2 Work area

The Customer details, the Operator details as well as all the configured Custom fields are visible in the work
area. They can be filled in with your own Company’s information to customize the final report. The
maximum string length for these fields is 255 characters.

48
 4.4.2.1 Custom fields
Custom fields are usually created and filled in by the Operator i.e. the person or company that carries out
the drives’ erasure. There are two types of custom fields:

l Normal entry fields - Values can be freely typed in. Note that the maximum string length is 1023
characters.
l Dropdown lists - Values are predefined and only one can be picked.
l Multi-selection dropdown lists – One or multiple predefined values can be selected from a list.

Custom fields are created with the CT. The user can customize them:

l By giving them any name. Note that maximum length of the name is 238 characters.
l By filling them in with any default value.
l By setting them as normal or mandatory fields (the latter are highlighted with red color and marked
with *-sign: report can’t be sent / saved until those fields have been filled).
l Examples of custom fields’ names: “Asset ID”, “Asset type”, “Asset value”, “Destroy asset” etc…

Note that a custom field can be in a locked state, which means that it cannot be edited by the user. A locked
custom field has a predefined value, which cannot be edited by the user and the field itself is greyed out. CT
must be used to edit the locked custom field.
Custom fields (normal entry fields) can also be configured to require that the input must follow predefined
rules. The rules are set in the CT by using regular expressions. If the input does not follow the rules set for
that field, then the update process will fail until the user inputs a value that matches the rule.
For example, the custom field using regular expression (A|F)[0-9]{3} would require that the value is either
“A” or “F” followed by 3 numerical characters (e.g. A245 would be an accepted input). If the entered value is
invalid, i.e. it doesn’t match the specified regex, the frame around the field turns red.
If the regex itself is syntactically incorrect, it is purged from the field and a red warning-icon "!" is shown,
indicating that the user has committed a mistake during configuration:
Note that when an invalid regexp is purged, the field then becomes a normal textfield.
For more information, refer to the CT user manual.

49
 4.4.2.2 Update-button
This button is used to validate all changes. After pressing it (or using shortcut Ctrl + D):

l All filled-in information will appear in all reports (“Report”-tab, PDF, XML).
l The fields that are left empty will be filtered out from the general reports (“Report”-tab, PDF) but will
be visible in the detailed XML report.

4.5 Report-step
The “Report”-step is the fourth and final defined default step. In this step, the report can be viewed before,
during and after the erasure.

4.5.1 Tab color and overall progress

The “Report”-step tab’s color informs of the overall report backing-up progress: not started (gray), ongoing
(blue), successful (green), failed (red). The report can be saved, sent or both sent and saved. Information
about the saving/sending status is also written under the “Report” tab.

Report tab – report can be viewed but has not yet been
backed up.

Report tab – report is being saved.

Report tab – report is being sent.

Report tab – report was successfully saved.

Report tab – report was successfully sent.

Report tab – saving the report was unsuccessful.

50
 Report tab –sending the report was unsuccessful.

4.5.2 Work area

The “Report”-step’s working area contains the report. It can be viewed before, during and after the erasure
of the drives or editing of the fields.
In the top right of the Work area there is a single button that allows changing between the two report types:
Standard-report and Advanced-report. The Advanced-report also contains the self-monitoring information
of the drive (a.k.a. SMART information).
From the Standard view (default view), the user will be able to access the advanced report view by clicking
this button (or by pressing using Ctrl + M):

The Advanced view can be set as the default view in the CT.

51
 From the advanced report view, the user will be able to access the Standard view by turning of the "Show
advanced report" from this button (or by pressing using Ctrl + M):

Note: If the report is saved as a PDF file, then the chosen report type in the UI is used to determine which
type (Standard or advanced) of report is saved.

4.5.2.1 Report content

Before the erasure has been completed, the report is simply an asset report which contains information
about the hardware of the machine. After the erasure, it becomes an erasure report with combined asset
information and erasure information. This report is the unique proof that the erasure has been initialized and
completed, which makes it extremely valuable.

52
 The report is divided into the following categories:

l Licensee/Customer/Operator information (info about the owner of the Blancco license, the owner of
the erased machines and the operator executing the erasure)
l Hardware information (asset report about the host machine)
o While detected USB devices are listed in the report, the software cannot separate between
internally and externally connected USB-devices.
o USB hubs and HASP sticks are filtered out of the USB device listing.
o Note that the screen resolution is only detected on laptops and only the current resolution is
reported (this resolution might not be the maximum resolution of the display). If the device has
multiple displays, only the first one is reported.
o Self-monitoring attributes are reported for ATA drives (S.M.A.R.T) and for SCSI- and SAS-
drives (log pages).
o For HDD drives (SATA/IDE and SAS/SCSI), reporting also includes Nominal Media Rotation
rate (RPM) and Form Factor information in XML, CSV and PDF formats.
o BIOS also includes information on whether the BIOS password is "Enabled" or "Disabled" on
the device. If data could not be retrieved, the report will show "Unknown" or "Not
implemented."
l Custom fields (information customized by the user/operator)
l Erasure result information (detailed information about the erasure results per erased drive)
l Hardware test results (results of the hardware tests)
l Report information (detailed information about the report file itself)

BDE is able to automatically detect and fetch IPMI network data (MAC and IP address) during booting and
save it automatically to an XML report (not available for PDF).

4.5.2.2 Save-button
The save button is used to save the report to an external physical media, such as a USB-stick.

Plug your external device (USB-stick) into the machine, then press the “Save” button (or use shortcut Ctrl +
S). The following window is shown:

53
 l Choose the desired media from the “Drive” list.
l The name of the report file is displayed on the “Filename” field. The default name of the report follows
the format: Date(yyyymmdd)_Time(hh24miss)_report.
l A report named “20210527_115442_report” was created the 27th of May, 2021 at 11:54:42
AM.
l This name can eventually be changed before saving the report to the external media.
l Maximum character limit for report name is 255 character.
l Choose the report format from the “Format” list. Possible report formats are:
l XML (report created with an XML extension, can be imported to the BMPOP/BMP),
l XML+PDF (two reports are created, one as a PDF-file and other one as a XML-file)
l Press “Save” to save the report or “Cancel” to exit this window.

If the saving was successful then the following pop up is shown:

54
 If the report saving fails, an error pop up is shown. This error can occur for numerous reasons, the most
common ones being:

l There is not enough free space on the external device.

l The external device has been disconnected.
l A report file with the same name already exists in the external device.
l The report’s name contains invalid characters.
l The external device is faulty and data cannot be written on it.

Note. When saving a report on a USB stick, make sure that:

l The USB stick has been preformatted by the user to FAT32 (most suitable format).
l The USB stick has a single partition.
l The USB stick name is not empty. Use preferably a name containing characters in the range a-zA-
Z0-9.
l The USB stick is in a good condition, if you have any doubt re-format it or replace it.

55
 4.5.2.3 Send-button
Send-button is used to send the report to Blancco Management Portal On-Premise or Blancco
Management Portal.

When the “Send” button is pressed (or the shortcut Ctrl + N is used), the report is sent to BMPOP/BMP:

Only one report per BDE session is kept in BMPOP/BMP. The information of the latest report will always
replace the information from previously sent ones.
If the report sending fails, an error popup is shown. If there was an attempt to send a report, but some of the
Blancco Management Portal On-Premise settings are missing, the error pop up is shown.
Note: The popup shows only one missing parameter at a time. The popup will also show details about the
missing parameter:

56
 If the Blancco Management Portal On-Premise credentials are incorrect/missing, a popup is shown that
requests to add the credentials.

4.6 Restart/Shutdown-step
This step is only available if in the CT, the "Process" has been set to "Automatic" and "Shutdown" or
"Restart" is selected.

When the process is finished, the system will automatically restart or shutdown when the timer runs out, or if
the "Restart now" or the "Shutdown now" button is pressed.

4.7 Notification icons

The notification icons are located on the lower left corner of the screen. They provide various information
about the status of the software and the hardware. Hovering the mouse on the icon shows a tooltip with the
corresponding information.

4.7.1 Local Time and Current Date

The local time and current date is displayed here. The time is in 24-hour time format with the UTC offset
displayed next to it and the date is Year-Month-Day. The UTC offset can only be modified via CT (General
settings).

57
 Note that the date and time is taken from BMPOP/BMP, HASP or BIOS in that priority order. Also, when a
time is taken from a higher priority source, it is never changed to the time from a lower priority time source,
unless the machine is restarted, and the higher source is no longer available.
BDE is able to sync time with BMPOP/BMP and update a device's BIOS time automatically when it's
connected to BMPOP/BMP. The timezone can be configured in the CT settings.

4.7.2 Battery charge

The current charge of the connected battery is displayed here. If the machine does not have a battery
connected to it, this information or icons are not displayed.
The icon has two main states:
Charging:

Discharging:

In addition to percentage value, the colored bar inside battery indicates the battery level:

l Green when >= 50%

l Orange when < 50%
l Red when < 25%

When a charger is connected, a socket icon is added to the top right corner of the battery icon. Charging
status for individual batteries is shown inside the tool tip. Charging status is updated once every 5s and
battery level information once every 60s. Possible values for Status are: Discharging, Charging, Full and
Unknown.

58
 4.7.3 Small asset report
The small asset report icon shows a small report with the machine’s basic hardware information. The tooltip
displays:

l The machine model.

l The CPU model and frequency.
l The RAM amount and its type.

More detailed information about the machine is found from the generated report (“Report”-step).

4.7.4 Network
The network icon shows whether or not Blancco Drive Eraser can reach the network. The icon can have two
states:

- Everything ok.

- There is a problem with the network connection.

The tooltip displays the available network interfaces and their status:

59
 Note that if there is a problem with the network, then BMPOP/BMP cannot be reached either.
At the top the icon, the current network looping status is shown for the detected NICs (Network Interface
Controllers). This is only displayed if:

l The software image has a static IP enabled and configured via CT.
l BMPOP settings have been set correctly.
l Network looping has been turned on ("Networking - DHCP (not enabled) - Interface selection" set to
either "First suitable interface" or "Loop until succeedes") via CT.

The status of the network looping can be:

l Interface looping in progress - Network settings are currently looped through for the detected NICs.
l Interface looping on hold (green text) - When suitable NIC is found, text turns green and the name of
the NIC in use is shown.
l If a machine has two or more NICs with each connected to a different network, BMPOP will attempt
different ones (loop) until a connection is established.
l Interface looping disabled - When a manual configuration has been applied to a NIC, looping is
disabled. Also shown, if the network looping has not been turned on.
l Interface looping disabled (green text) - If the network looping is disabled but there is connectivity to
BMPOP, the text appears green. NIC which is used for the connection, cannot be detected when the
network looping is not active.

60
 4.7.5 Remote Control
BDE supports 3rd party software to remote control machines. Note that these settings can only be changed
in CT (see the CT manual for configuration options.)

After configuring Remote control, you can hover the mouse over the icon to see more details on the mode,
port and the number of connected clients.

4.7.6 Network share

User can configure a network share connection in the "Communication" panel in Settings. The icon is
hidden if there are no settings configured.

After clicking "Apply", the program will attempt a connection. If it fails, the tooltip will show an error status.

4.7.7 BMPOP/BMC
The BMPOP icon shows the connection to BMPOP/BMP1. The icon can have three states:

1Blancco Managemet Portal. A centralized data management reporting solution to store and manage data erasure reports. Please see
the BMP documentation for more information.

61
 - The connection settings are not set, no connection to BMPOP/BMP. Enter the settings in Settings –
Management Portal On-Premise Communication Settings to establish a connection.

- Everything ok.

- There is a problem with the connection to BMPOP/BMP.

The tooltip displays the BMPOP/BMP connection status:

4.7.8 Licenses
The License icon shows the number of available licenses and assets per machine. The icon can have two
states:

- No licenses available.

- Licenses available.
The tooltip displays the number of available licenses:

If the license container cannot be reached, the following messages will be displayed:

62
 Note that the Enterprise Subscription Edition does not display the number of licenses. Instead it displays the
subscription status (subscription / not available).
Blancco Drive Eraser has several license types:

l Erasure licenses: these licenses are necessary to erase drives. Consuming one erasure license
allows the user to save/send reports.
l Asset licenses: in case there are no Erasure licenses (or if the user hasn’t erased any drive), these
licenses are necessary to save or send a report with all the hardware information of the machine
(asset report).

Blancco Drive Eraser license control is done either from a local HASP dongle, or from the BMPOP via the
network. There must be enough licenses in order to start the erasure or save/send an asset report.

4.7.9 Software Update

The installed mode of BDE can do over-the-air updates. Available updates can be checked from the icon
located on the bottom of the screen or by using the keyboard combination CTRL + U.

Click "Yes" to confirm the update. After that, BDE will begin updating.

63
 The frequency at which the software checks for updates can be configured in DECT.

4.7.10 DHCP Server

DHCP Server settings become available in the Networking settings, when the BDE image is configured with
Chromebook support enabled. A static IP must be configured before DHCP can be enabled.
When DHCP Server is enabled, an icon will appear in the work area:

A green dot will appear on the icon, when at least one IP has been leased. It is possible to select a DHCP
client from the Blancco Configuration Tool's (CT) networking settings.
Up to 5 latest leases are shown when hovering the mouse over the icon:

64
 IP lease time is one hour. Preconfiguration through CT is not possible, but a system reboot does not change
the settings.

4.7.11 NVMe-oF
Shows the successfully created connections in the work area icon tray. The settings for NVMe-oF
connections can be found in the Settings menu. This feature also requires the user to use DHCP, which can
be found in the Networking settings menu.
Once at least one connection was successfully established, an icon will show up in the work area with a
green blob:

1The software will wait until the step is finished.

65
 5. Keyboard Controls
Blancco Drive Eraser can exclusively be controlled with the keyboard only (no mouse required).

5.1 Generic controls

5.1.1 Tab key
The Tab key moves the focus between the elements in the work area, active buttons on the lower right
corners and other possible elements (like the search-bar in the Erasure-step). In menus, it moves the focus
between available tabs and fields.
The focus moves from left to right, top to bottom, in a circular way. By combining the Shift-key with the Tab-
key (Shift + Tab), the direction is reversed (goes backwards: from right to left, bottom to top).
The X-button that is visible in the top right of popup/dialog windows cannot be reached via the Tab key. Use
the Escape-key to close such windows.

5.1.2 Arrow keys

Whenever the focus is:

l On an area that contains a horizontal and/or vertical scroll-bar (Report-step, Hexviewer, Help
window, EULA window…):
l The Arrow keys can be used to go up/down/left/right inside that area.
l On a drop-down list (list of erasure standards, list of languages, list of keyboard layouts…):
l The Arrow keys can be used to scroll those lists.
l On a slider’s handle (verification slider):
l The Arrow keys can be used to move the handle.
l On a scrollable container with elements:
l The Arrow keys can be used to move from one element to another.
l Use the arrows keys to move between drives and hardware tests.

5.1.3 Space bar

Whenever the focus is:

l On top of a check-box:
l The Space bar selects/deselects it.
l On top of a button:
l The Space bar pushes it.
l On top of a link:
l The Space bar opens it.

66
 l On a drop-down list:
l The Space bar expands it and it can also select its elements.

5.1.4 Ctrl + Space

Displays the tooltips of the notification icons located in the bottom-left corner of the screen (system tray).
Otherwise "CTRL+SHIFT+SPACE" goes to the previous information tip.

5.1.5 Ctrl + Enter

Apply changes and close the window in Settings-menu and Erasure settings -window.

5.1.6 Shift + Space

Toggle Japanese or Korean keyboard input. This combination toggles Hangul with Korean and Hiragana
with Japanese. If you want to use Kanji, press the space button (multiple times for more options).

5.1.6.1 Alt+Shift
Rotate between language input methods.

5.1.7 Escape key

Whenever the focus is:

l On top of an expanded drop-down list:

l Esc key collapses it.
l Inside an open window (popup, dialog):
l Esc key closes it without saving any change (equivalent of Cancel/Close or x).
l While running a hardware test:
l Esc key exits the test.

5.2 Accessing the Header area

The buttons of the Header area are accessed exclusively with the function keys.

5.2.1 F1-F3 function keys

l F1 – pushes the Help-button (opens the Help-window).
l F2 – pushes the Settings-button (opens the Settings-window).
l F3 – pushes the Report issue-button (opens the Report issue-window).

These buttons might differ depending on the version of the software. The logic always follows the same
formula: first button on the left of Shutdown-button is F1, next one on the left is F2, etc…

5.2.2 F6-F9 function keys

These buttons are related to the foreign language keyboard input method:
Japanese

67
 l F6 – convert to Hiragana
l F7 – convert to Katakana
l F8 – convert to Half-width kana
l F9 – convert to Wide Latin
l Alt + Shift can be used to rotate between input methods

Korean

l F9– Toggle Hanja

l See Shift + Space and Alt + Shift for other Korean input keys.
l Alt + Shift can be used to rotate between input methods

5.2.3 F10 function key

Pressing F10 is similar to pushing the Shutdown-button (opens the Shutdown-popup).
If the report has not been saved or sent or if there are unsaved changes to the erasure report, then a popup
will be displayed informing the user about the situation. To continue to the shutdown dialog, click “Yes”. To
cancel and return to the main menu, click “No”.

5.3 Accessing the Process area

The steps of the Process area are accessed exclusively with the key combinations CTRL + number key (1,
2, 3…) or CTRL+SHIFT + number key. The latter is preferred especially with AZERTY keyboards.

l Ctrl + 1 – selects the first step that is defined and visible.

l Ctrl + 2 – selects the second step that is defined and visible.
l Ctrl + 3 – selects the third step that is defined and visible.
l Ctrl + 4 – selects the fourth step that is defined and visible.

These buttons might differ depending on the configuration of the software. The logic always follows the
same formula: the first step is accessed with Ctrl + 1, the second step is Ctrl + 2, etc...

5.4 Navigation inside the Work area

5.4.1 Erasure-step
The drives, erasure options and the Erase-button can be accessed with the Tab key and the Arrow keys,
but this step has also few key combinations.

5.4.1.1 Ctrl + R
Refresh drives. Available when the "Report per Connected Device" and "Hotplug" options are enabled.

5.4.1.2 Ctrl + P
Take a screenshot.

5.4.1.3 Ctrl + J
Opens the "Enter PSID" dialog popup.

68
 5.4.1.4 Ctrl + M
Toggle Show Empty Slots in Erasure-step.

5.4.1.5 Ctrl + N
Shows NVMe namespaces belonging to a drive.

5.4.1.6 Ctrl + F
Search-function (search visible drives).

5.4.1.7 Ctrl + A
This key combination selects/deselects all drives for erasure.

5.4.1.8 Ctrl + L
Locate the selected drive.

5.4.1.9 Ctrl + Alt + L

Locate all drives.

5.4.1.10 Ctrl + H
Opens the Hexviewer.

5.4.1.11 Ctrl + Alt + R

Show Per Drive -report.

5.4.1.12 Ctrl + Alt + E

Edit Per Drive -custom fields.

5.4.1.13 Ctrl + Alt + P

Pause the erasures of the selected drives.

5.4.1.14 Ctrl + Alt + U

Unpause the erasures of the selected drives.

5.4.1.15 Ctrl + Alt + C

Cancel the erasures of the selected drives.

5.4.1.16 Ctrl + G
This key combination opens the erasure “Erasure settings” window.

5.4.1.17 Ctrl + E
This key combination pushes the Erase-button (starts the erasure).

69
 5.4.1.18 Ctrl + Alt + S
Trigger SID block disabling dialog.

5.4.1.19 Alt + M
When there are minimized dialogs and none are open, pressing Alt+M first time opens a list of minimized
dialogs. Pressing the combination second time opens the focused dialog in the list. If only one minimized
dialog exists, it will open directly.

5.4.2 Hardware tests-step

The test checkboxes and buttons can be accessed with the Tab key.

5.4.2.1 Ctrl + T
This key combination activates the execution of marked tests.

5.4.2.2 Ctrl + A
Select/deselect all tests.

5.4.3 Custom fields-step

The fields and the Update-button can be accessed with the Tab key.

5.4.3.1 Ctrl + D
This key combination updates the report.

5.4.4 Report-step
The elements can be accessed with the Tab key. Use the Arrow keys to scroll the report content.

5.4.4.1 Ctrl+S
This key combination saves the report.

5.4.4.2 Ctrl+N
This key combination sends the report.

5.4.4.3 Ctrl + M
This key combination switches between Standard & Advanced views/modes.

70
 5.4.5 Software Updates
5.4.5.1 Ctrl + U
This combination activates the Update icon in a same way as clicking the icon manually would. Some of its
functions are:

l If the icon says "Click to check for updates.", the shortcut starts checking for updates
l If the icon says "Click on the icon to download and install.", the shortcut triggers the update process
l If the icon says "Click on the icon to retry", the shortcut activates retrying

71
 6. Screensaver
Blancco Drive Eraser screensaver shows the current state of the erasure on the machine’s monitor.

6.1 Presentation
The following information is displayed:

l The erasure progress bar

l The overall percentage of erasure(s)
l The overall time left to complete the erasure(s)

The screensaver provides a good overview of the ongoing erasures and their final result, whether
successful (green icon) or failed/canceled (red icon). The screensaver can be turned on or off via the CT
and from the “Settings” window. The screensaver timeout (in seconds) can also be defined in the “Settings”
window.
Ongoing erasures:

All erasures finished successfully:

72
 At least one erasure failed or was canceled:

Paused:

73
 6.2 Exception notifications
If the erasures are successful, but there has been at least one exception reported (e.g. "DCO area removal
failed"), the screensaver will provide a notification of this by displaying a successful icon which color shifts
between green and yellow. This notification informs the user that there is something in the report that
requires user’s attention. The notification of erasure exceptions can only be turned on or off via the CT.

74
 The only exception that is not notified is the purely informative message "Device is SSD, see manual for
more information", which is always displayed when an SSD is successfully erased.

6.3 Temperature Warning

If an NVMe or SATA drive is detecting high temperature, the screensaver will provide a notification of this by
displaying an !-symbol on yellow background.

6.4 Remote erasure

When Blancco Drive Eraser is being remotely controlled by BMPOP (the remote control has to be activated
from the CT), a screen with the following message will be shown: "REMOTE ERASURE - This computer is
being remotely erased. Please do not shutdown unless you are certain the process has been completed.".

75
 When the erasure is started, the screen will display a progress with the remote erasure message inside it.
The main difference with the normal erasure screensaver is the text over the erasure percentage number
and the BMPOP identifier number on the top right corner of the screen.

If the remote erasure has been successfully completed, the a success symbol is displayed, with the remote
erasure message next to it.

76
 If the remote erasure has failed, a failure symbol (!) will be displayed, with the remote erasure message next
to it.

6.5 Screensaver lock

The screensaver lock, when active, forces the screensaver on when the erasure starts and makes it
impossible to exit the screensaver. Mouse and keyboard are turned off and have no effect on the software.
The screensaver lock needs to be activated through the CT and is only available in the Automatic-process.
The screensaver is unlocked in case a user interaction is required, for example in the following situation:

l The erasure standard is not supported (erasure cannot proceed).

l Erasure licenses cannot be consumed (erasure cannot proceed).
l The erasure has failed (user can check the problem and manually restart the erasure or save/send
the report).
l There are mandatory custom fields that are empty (report cannot be sent).
l There is a network problem or communication problems with the BMPOP (report cannot be sent).

77
 l The erasure has succeeded and the report has been sent but the machine needs to be shutdown
manually (automatic shutdown/restart is turned off).

78
 7. Blancco Drive Security Features
7.1 Booting Options
The Booting Options allow Blancco Drive Eraser to be booted with alternative settings, if there are issues
with the default booting.
Blancco Drive Eraser image can be booted in four different ways, each way enabling a different set of
features. These four booting options can be accessed by pressing the up or down arrow key right after the
first Blancco Drive Eraser static screen appears.

7.1.1 Description
These options are:

1. Normal startup (safe resolution) – Blancco Drive Eraser is loaded using a standard/universal
graphical driver. The screen resolution of the GUI is static (1024*768). If any drive is locked, the
Freeze lock removal is attempted just before the erasure process (the screen turns black for few
seconds then restarts and the erasure begins, see the Freeze lock). This booting option has been
tested on several configurations, however the Freeze lock removal procedure may not work in all
machines (the standard/universal graphical driver often presents display problems when the
machine is awakened).
2. Normal startup (native resolution) – Blancco Drive Eraser is loaded using any available driver
that corresponds to the graphical card of the machine (the standard/universal graphical driver is just
a fallback). The screen resolution is the native resolution of the machine (1024*768 or higher). If any
of drives is locked, the Freeze lock removal is attempted just before the erasure process (the screen
turns black for few seconds then restarts and the erasure begins, see the Freeze lock). This booting
option works better than the first option in many/most cases when Freeze lock removal procedure is
needed.
3. Installer – This booting option allows to install the software on a machine (persistent installation). To
be used to process loose drives or Chromebooks, for instance. All erasure reports are stored on the
installation drive but can be exported to an external USB stick or sent to BMPOP.
4. FLR during startup – This is the default option. The Freeze lock removal process is carried out
during the booting phase, before loading all the system drivers, to increase the chances to wake up
the machine after the freeze lock removal. Then, Blancco Drive Eraser is loaded using any available
driver that corresponds to the graphical card of the machine. The screen resolution is the native
resolution of the machine (1024*768 or higher). This booting option works better than the first option
in many / most cases when Freeze lock removal procedure is needed.
5. Show startup messages – This is the same option as the second one, except that startup
messages are shown in the screen instead of the animated loading screen. This can be used as a
troubleshooting measure for machines where Blancco Drive Eraser hangs during the booting phase.
6. Customized startup - This option allows to create a customized booting where the user can
enable/disable the freeze lock removal at boot time and enable/disable extra kernel parameters. See
CT manual for more information.

7.1.2 When to use the booting options?

Depending on the hardware where Blancco Drive Eraser is booted, some issues may arise during the
Freeze lock removal process performed by the default booting option (FLR during startup), such as

79
 screens staying black or unresponsive machines. In these cases, the suggested procedure is the following:

l Try booting Blancco Drive Eraser using the second booting option (Normal startup (native
resolution))
l If problems arise with the aforementioned booting option (black screen, machine is unresponsive),
try booting Blancco Drive Eraser using the first option (Normal startup (safe resolution)

If problems arise during the booting phase (Blancco Drive Eraser hangs), try booting Blancco Drive Eraser
using the fourth option (Show startup messages), take note of the last messages shown in the screen
before the hanging and contact the Blancco Support.
These options are hidden by default and the time limit to select a booting option other than the default one is
5 seconds.

7.2 Automatic Restart/Shutdown

Automatic restart or shut down can be activated with the Semi-automatic and Automatic processes via CT.
See CT manual for more information.
The following options are available on the CT:

l None – The default value. No automatic restart or shutdown.

l Restart, after erasure – Machine is automatically restarted, after the erasure process has finished:
all drives erased, successful erasure is optional.
l Restart, after successful erasure – Machine is automatically restarted, after the erasure process
has finished in a successful state: all drives erased, successful erasure and no exceptions at all or
informative exceptions only.
l Shutdown, after erasure – Machine is automatically shut down, after the erasure process has
finished: all drives erased, successful erasure is optional.
l Shutdown, after successful erasure – Machine is automatically shut down, after the erasure
process has finished in a successful state: all drives erased, successful erasure and no exceptions at
all or informative exceptions only.

Note that a report has to always be backed up before the machine shuts down or restarts!

7.3 Crash reporter

Blancco Drive Eraser crash report is a detailed report that contains additional system information and log
files which can be used to understand and reproduce problem that has occurred with Blancco Drive Eraser
erasure software. It is very similar to the Blancco Drive Eraser issue report.
If Blancco Drive Eraser erasure software freezes or crashes, the software will try to generate a crash report
automatically. If there is a USB stick plugged in when the software crash happens, a crash report will be
copied on the USB stick. The crash report will be copied on all detected USB sticks. If a USB stick is
connected later to a computer, where the crash has occurred, the report is automatically copied on the USB
stick.
For more information, there are several articles about the crash reporter in the Blancco Knowledge Base
(https://support.blancco.com/pages/viewpage.action?pageId=66071).

80
 7.4 Automatic report backup
If the automatic report backup option is turned on from the CT, reports are automatically sent to Blancco
Management Portal On-Premise. If the report sending to BMPOP is not possible or it fails, the reports are
saved to a connected USB stick.
Automatic report backup is only available on the Manual-process (the other processes already include an
automated report sending).
Some notes regarding the automatic report backup:

l The report created during the automatic report backup is not yet considered an official report, just a
backup. This is because the backup report is sent right after the erasure is finished and it doesn’t
contain the session ID at this point. The session ID is added after the possible Custom fields
modifications, when the report is sent/saved.
l The report is sent to BMPOP once the erasure of a single drive has been finished, failed or canceled.
l If the BMPOP cannot be reached, then all (whether they have already been sent or not)
reports are automatically saved to a connected USB stick.
l The automatically saved report will be identified by its report UUID (ex: d508BDE2e-
g052-5f63-0e4g-15ddf753e1g0_report.xml).
l Each time USB saving is done, all reports currently saved on the memory are saved to
the USB.
l If the USB-sticks are changed between saves, the new USB stick will then
receive all the old reports in addition to the new reports.
l If there are several USB stick connected simultaneously, then the reports are saved to
all of them.
l If no USB stick has been connected, the report is saved once a USB stick is connected.
l The reports will disappear if the machine is shut down or restarted.
l If there are already auto-saved reports on the USB and the BMPOP-connection starts
working, all the saved reports will be sent to BMPOP, whether or not they have already been
saved to the USB stick.
l If the “Report per Connected Device” mode is enabled, several reports might be automatically
sent/saved (one per connected drive). Otherwise expect one report containing all the erasure
information (one per session).
l If the BMPOP is changed, only the reports which have not yet been sent to BMPOP will be sent to the
new BMPOP. Reports are sent only once (if their content is not updated).
l If there are mandatory custom fields, their validation will be skipped and reports are sent without
those fields filled.
l The automatically sent reports are always sent/saved in XML-format, even if the default saving
settings have been set to PDF+XML.
l If an erasure is run multiple times, the report will be updated after each erasure and then sent or
saved, replacing the previous version of the report. Only one report with the specific entities is
produced and maintained.

81
 l Reports are also updated after custom field(s) are updated.
l Information about the sending/saving is shown on the UI with messages on the tabs. Note that
Report-tab does not change its color when handling backup reports.
l For example: “Backup to BMPOP/USB completed”

7.5 Detecting HDDs

Magnetic storage media, such as HDDs, use physical addressing when storing information on a media
device. With this addressing, the HDD is divided into smaller parts that can be appointed according to
certain parameters. In magnetic media the aforementioned physical parameters are sectors, cylinders and
heads. During the computer usage, these parameters enable the operating systems to locate the
information on a HDD but they also define the size and storage base of a HDD. A reliable and protected
detection of these hardware level parameters is essential and the erasure software must be capable of
detecting the correct HDD sizes regardless of the techniques used in altering the HDD information. Failure
to accurately detect the HDD may result in an incomplete erasure.
All Blancco data erasure tools utilize hardware level detection for HDDs which enables the software to
detect correct HDD sizes regardless of faulty or incorrect BIOS-set HDD values. As a result, the overwriting
process will reach the whole HDD surface, leaving no areas untouched.

7.6 Show/Hide Storage Area Network (SAN) endpoint devices

By default, SAN devices are visible in BDE. However, it is possible to hide them through a setting in DECT.
In this case, GUI and asset reports do not show these drives. In order to change these settings, go to DECT
> Process > Show more.

7.7 Read/write error handling

If the totality of the addressable area of a drive cannot be erased or verified, this can cause a potentially
remarkable data security risk. Examples:

l A drive may contain damaged areas (also known as "bad sectors") that are not remapped and
cannot be accessed anymore with read or write commands.
l A drive (especially an HDD) which temperature has risen above a certain value can start producing
read and write errors randomly.
l A drive behind a RAID controller that does not accept read or write commands.

Those problematic sectors/areas/drives have one thing in common: although they can still contain data,
attempting to reach them generates write or read errors. Data erasure tools must be able to detect such
problems and report them.
Blancco Drive Eraser keeps track of the erasure process and informs if the data overwrite or verification
cannot be performed due to some error on the drive level. In case there is a problematic area on the drive,
the software will first try to write (read) data to (from) the defective area. If the area generates write (read)
errors, Blancco will try to write (read) a smaller block (half of the original block size) to (from) the area in
order to overwrite (verify) the maximum amount of data. The same procedure will continue until the software
tries to write (read) the smallest possible block to the drive and if unable to do so after three tries, the sector
will be considered unreachable and the software will count one error. In all cases, all the areas that can be
reached will be erased and only the areas that cannot be written/read will be reported. The sum of the errors
will be visible in the user interface (under the drive) and in the erasure report.

82
 If there is at least a write/read error detected during the erasure process (during overwriting rounds or
verification), the erasure result will be “Not erased”.
A threshold on the write error count can be configured in the CT. The default threshold is 5 errors. If the
amount of write errors equals or exceeds the defined threshold, the erasure is immediately stopped and
marked as failed. This helps identifying problematic drives quickly and can save a lot of time, additionally
the report will show an error message informing about this.
A similar threshold exists on the read error count.
The verification mechanism on Blancco Drive Eraser is configured to provide the statistically most effective
analysis of the drive on any given verification percentage (through checking sectors at evenly spaced
intervals). The higher the percentage selected by the user means that a larger amount of the drive will be
analyzed, resulting in a greater chance that read errors will be detected. The verification also counts
mismatching sectors (sectors not containing an expected pattern) as read errors.

7.8 Remapped sectors

Modern drives have a lot of functions for self-testing, self-recovering and keeping track of their state. One of
the possibilities is sector remapping. This allows the drives to detect and hide the sectors, which will either
be or have become impossible to access. The drives have a so-called spare area intended precisely for
this. When a failed sector is detected, the drive controller assigns the address of the sector to a new one in
the spare area. The address remains the same but the owner is changed. The remapped sector may
contain some of the user's data.
Blancco Drive Eraser can activate internal drive commands that are capable of erasing the remapped
sectors. This functionality can be predefined via CT or enabled via the setting “Erase remapped sectors”.
Assuming that the drive possesses the proper internal command, the remapped sectors erasure can be
selected along with any erasure standard that Blancco Drive Eraser supports.
If an erasure is started with this option enabled, the following actions will happen:

l An extra step running a specific firmware based erasure is added to the selected erasure standard
only in case:
l the drive has at least one remapped sector
l the erasure standard does not include any firmware based erasure step
l This additional step is capable of erasing the remapped sectors but is merely optional: if this extra
step fails, it will not fail the whole erasure process, which will continue nevertheless.

Note that erasing remapped sectors can be a time consuming process depending on the drive size and
speed.
A threshold on remapped sector count can be configured in the CT. If before/after the erasure the amount of
remapped sectors equals or exceeds the defined threshold, the erasure is stopped and marked as failed,
additionally the report will show an error message informing about this.
Note that if the setting “Fail Erasure if Unsuccessful” is selected from the erasure options the whole erasure
will fail if a drive does not support the commands necessary for the remapped sector erasure or those
commands fail for some reason. Conversely, if this setting is turned off, erasure will start even on drives that
do not support the erasure of remapped sectors, nevertheless there will be an exception in the report
informing about this lack of support.
For more information about the erasure status, see Erasure status and exceptions .

83
 Note. Assuming that the drive possesses the proper internal command, the erasure standards (Extended)
Firmware based erasure, BSI-GS/E, NIST 800-88 Purge – ATA and Blancco SSD Erasure include de facto
a remapped sector erasure.
Warning! Erasing the remapped sectors can also result in erasing any hidden area existing in the drive. Be
careful that you enable this option on drives where you also want to erase/remove any existing hidden area.
Warning! Avoid turning off the computer, exiting the program, disconnecting the drive(s),
pausing/cancelling the erasure during the Remapped Sector erasure process or the drive(s) may be
damaged.
Warning! Disable the BIOS HDD detection when using Remapped Sector erasure. In many computers the
remapped sectors can be erased even without changing BIOS settings, but by disabling the BIOS HDD
detection some problems can be avoided.

7.9 Hidden areas in a drive

There can be hidden areas in an ATA storage device (HDD, SSD) which cannot be seen or accessed via
the O.S. or the BIOS. These areas are:
Item Explanation
The HPA is commonly used to store the recovery part of the operating system
Host Protected Area (HPA)
and can contain sensitive data.
The DCO feature allows to reduce the size of a drive to a certain amount of
sectors via the creation of a hidden partition. This special area of the drive
Device Configuration Overlay (DCO) creates a risk that some data might be left on the drive after the erasure unless
the erasure product is capable of detecting and also extending and erasing
DCO areas.

Blancco Drive Eraser can be configured to detect and automatically remove these areas by activating
internal drive commands. This functionality can be predefined via CT or enabled via the setting “Remove
hidden areas”. The hidden areas removal can be selected along with any erasure standard that Blancco
Drive Eraser supports.
If an erasure is started with this option enabled, the following actions will happen:

l An extra step running a specific drive command to remove the hidden areas is added to the selected
erasure standard only in case:
l the drive has at least one hidden area
l the erasure standard does not include any hidden area removal step
l This additional step is merely optional: if this extra step fails, it will not fail the whole erasure process,
which will continue nevertheless.

Note that hidden areas defined with the Max Address Configuration feature set (available with the ACS-3
standard) can also be detected and removed (will be identified as HPA).
For more information about the erasure status, see Erasure status and exceptions .
Warning! Drives that contain HPA and/or DCO areas that have not been removed should not be erased
with NIST 800-88 Clear, NIST 800-88 Purge - ATA, BSI-GS/E, (Extended) Firmware based erasure,
Blancco SSD Erasure or any other standard with the “Erase remapped sectors” feature activated. Using
these options could end up erasing such areas.

84
 Warning! Hidden areas removal is not reliable if the storage is connected to the machine via an adapter
(e.g. external USB enclosure). Blancco recommends hidden areas removal only for storage, which is
directly connected to the machine, with no adapter of any kind in the middle.

7.9.1 Shadow MBR

The "Shadow MBR" is special storage area on some drives supporting TCG commands. This area has a
size of at least 128MB and it is intended for storing a boot image used for pre-boot authentication.
For example, the machine boots normally from the drive, but gets a special image that shows a drive
unlocking screen. Entering the correct password on this screen, unlocks the drive and inactivates the
shadowing, so the boot process can continue using the real data stored on the drive.
This area cannot be removed or erased via normal means (overwriting or firmware-based erasure
commands) and requires special TCG commands (PSID Revert operation or admin password).
If the "Shadow MBR" is supported by the drive, it can be:

1. Disabled
2. Enabled and active
3. Enabled and inactive

If disabled, the area doesn't exist at the moment so no data can be kept in the Shadow MBR (no risk).
If enabled and active, the area exists, contains data and the area is presently mapped to the drive logical
space (the drive only sees the "Shadow MBR" area and does not see the user addressable area). The drive
requires a password to give access to the user data, providing it turns the "Shadow MBR" to inactive for the
rest of the session.
If enabled and inactive, the area exists, contains data but the area is presently not mapped to the drive
logical space (the drive only sees the user addressable area and does not see the "Shadow MBR" area). In
this scenario, the user addressable data can be erased, but this won't affect the "Shadow MBR" area. If the
machine is shut down and rebooted later, the "Shadow MBR" area becomes active again and the drive will
request the user to enter the password: at this point, the user may see information from the company that
enabled the "Shadow MBR" area (name, logo, etc.).
Shadow MBR can be inactive and not enabled but still be accessible, i.e. the Shadow MBR storage area is
allocated and is writeable/readable through TCG commands and therefore can be used to store data,
though in generic Shadow MBR use case for pre-boot authentication it should also be enabled. If it is
accessible then still there is a risk that it contains user data and so the "Shadow MBR" icon is shown. In
XML this state can be identified by checking that "tcg_locking" == enabled and "tcg_shadow_mbr_
supported"== true.
BDE 7.1.0 can detect this area:

l A new "Shadow MBR" icon is shown on the drive if this area is enabled, hovering on it provides
additional information.
l The report contains three new fields: tcg_shadow_mbr_supported, tcg_shadow_mbr_enabled and
tcg_shadow_mbr_active
l These fields can be used within a Workflow to detect the presence of a "Shadow MBR" and
act accordingly.

85
 7.10 Resume Erasure
The client software can be configured to resume the erasure process in the event of the process has been
interrupted in an uncontrolled manner (power loss, system failure, etc…).
The functionality has the following requirements:

l The feature must be activated via the CT.

l A USB stick, which is not full, must be plugged in during the erasure. A file with the erasure
information is saved to the USB device and that file is used to resume the erasure.
l Generally, a few KB of free space are required per erased drive.
l The erasure is resumed at the beginning of execution step where the interruption took place.
l For example, if an erasure was started with the “Peter Gutmann’s Algorithm” selected and the
erasure was interrupted at 50% through the step #7 (Overwrite with 0x924924), the erasure is
resumed at the beginning of the step #7.
l The feature only works with magnetic erasure standards.
l See chapter “Magnetic standards” for more information.

Resuming an erasure works the same way as resuming a paused erasure.

7.11 Erasure Standard Switch for SSDs

Blancco Drive Eraser can detect SSDs and use for these specific drives an appropriate erasure standard
instead of the preconfigured erasure standard. This functionality can be predefined via CT or enabled via
the setting “Enforce Blancco SSD method on SSDs”.
If an erasure is started with this option enabled, the following actions will happen:

l For each SSD, the default erasure standard is switched to the Blancco SSD Erasure standard.
l All other drives, which are not SSDs, are unaffected (erased with the default erasure standard).

7.12 Erasing and preserving drive partitions

The software can be configured (either in the Blancco Drive Eraser UI or via the CT) to handle drive
partitions. This is done by either detecting and displaying all the partitions and/or preserving the Windows
recovery partition:

l Detecting and displaying the drive partitions can be enabled via the setting “Show drive partitions”. It
works with all partitioning standards (MBR, GPT). When enabled, the drive is not displayed as a
single item, but as a multi-selection dropdown list containing all detected partitions (in Erasure step).
The partitions are shown (file system, label, size), can be selected, erased and reported individually
(if no partition is detected, the drive is displayed as normally as a single drive):

86
 l Preserving the Windows recovery partition can be enabled via the setting “Preserve recovery
partition”. It works on GPT partitioned drives only (Windows 7/8 or above). When enabled, the
software will erase all partitions while leaving the recovery partition untouched and un-erased.
l The recovery partition can be reused later to reimage the machine.
l If a Windows recovery partition is detected on a drive, a “RECOVERY” icon is displayed under
the drive (in Erasure step), otherwise the drive is displayed as a normal drive.

Depending on the selected settings and the detected drive partitions there are three (3) main cases that can
happen, these cases can allow/prevent some erasure options as described in the table below:

l Case 1: “Show drive partitions” is enabled, partitions are detected, the user selects individual
partitions for erasure.
l Case 2: “Show drive partitions” is enabled, partitions are detected, the user selects all the partitions
for erasure. Case 2 overrides Case 1.
l Case 3: “Preserve recovery partition” is enabled and a GPT Windows recovery partition is detected.
Case 3 overrides Case 2.

Erasure option Case 1 Case 2 Case 3

Normal overwriting (1) Allowed (a) Allowed (c) Allowed (d)
Firmware command (2) Not allowed (b) Allowed (c) Not allowed (b)
Remapped sectors erasure (3) Not allowed (b) Allowed (c) Not allowed (b)
Hidden area removal (4) Not allowed (b) Allowed (c) Not allowed (b)
Blancco SSD switch (5) Not allowed (b) Allowed (c) Not allowed (b)
Bootable asset report (6) Ignored (e) Allowed (c) Ignored (e)
Fingerprint (6) Ignored (e) Allowed (c) Ignored (e)

(1): Available with plain overwriting standards like “HMG Lower Standard”, “DoD 5220.22-M”, etc. (check
the Appendix for details).
(2): Available in erasure standards such as “NIST 800-88 Purge” or “Blancco SSD Erasure” (check the
Appendix for details).
(3): Available on any erasure standard with the setting “Erase remapped sectors”.
(4): Available on any erasure standard with the setting “Remove hidden areas”.
(5): Available with the setting “Enforce Blancco SSD method on SSDs”.
(6): Setting available from CT.
(a): Only the selected partitions are affected: the partition content, label and file system are erased but the
partition location on the drive (partition table) is left untouched. The erased partitions are also reported
individually, but an exception message will inform that there is data left on the drive.
(b): A red icon "NOT ALLOWED" is shown under the drive, attempting an erasure will display an error
popup and the erasure will not proceed. Only overwriting is possible in this case, check the option (1).
(c): This case does not differ from a normal erasure, the drive is erased as a whole including all partition
information (table, content, label, file system), the report will not mention any partition either.
(d): If “Show drive partitions” is enabled: this is the same as (a) with the difference that the Windows
recovery partition will be greyed out and won’t be erasable. If “Show drive partitions” is turned off: no
partition will be displayed, all partitions (but the Windows recovery) will be erased in the background, but an
exception message will inform that there is data left on the drive.

87
 (e): This setting is simply ignored, the user will not get any notification.

7.13 Erasure verification

The user of Blancco Drive Eraser can select the level of verification of the erasure. The verification process
reads data at random intervals across the whole drive and makes sure that the erasure’s overwriting
patterns were written correctly. The default verification corresponds to checking 1% of the surface of the
drive (fast process), while the full verification corresponds to checking 100% of the surface of the drive
(slower process).
Taking samples at various intervals across the drive can efficiently detect any problems in the erasure,
while being faster than reading all the overwritten data. The user of Blancco Drive Eraser can increase the
level of verification from the default 1% all the way up to 100% (full verification) when higher level of security
is required. If the verification finds any data left on the drive (overwriting patterns are missing) or if sectors in
the drive cannot be read, it will alert the user that the erasure process has failed.
It is possible to set verification to 0% with certain erasure standards, which allows a faster, minimal
verification. A warning is shown if less than the minimum percentage is selected. Some standards will not
allow moving the slider below the minimum percentage required.
A systematic verification step is always enforced after the last overwriting pass.
All verification algorithms are based on the NIST-algorithm (see chapter "Compliance with Updated NIST
Guidelines").

7.13.1 Traditional verification

As a default, Blancco Drive Eraser uses the traditional verification algorithm to verify the erasure. This
algorithm searches for known patterns throughout the whole drive, whether it is a periodic pattern (resulting
from a normal overwriting with a fixed pattern e.g. 0x00 or resulting from a firmware-based erasure) or an
aperiodic pattern (resulting from a normal overwriting with aperiodic random patterns). Note that this
traditional verification is always attempted after a firmware based erasure has been done.

7.13.2 Alternative/Fallback verification

Some drives have their firmware commands implemented in a way that a periodic pattern is not written
throughout the whole drive, but instead pseudo-random data is written. This pseudo-random data cannot be
verified by using the traditional verification algorithm that fails.
In case the traditional verification algorithm fails after executing a firmware-based erasure command,
Blancco Drive Eraser can re-verify this pseudo-random data by searching for absence of known patterns
overwritten prior to the execution of the firmware-based erasure command. If this alternative verification
algorithm is successful, the erasure will succeed, however there will be an exception in the report informing
about the existence of non-periodic patterns in the drive.

7.14 Freeze lock

If the drive is Freeze locked, removal of the drive’s hidden areas or issuing the firmware based erasure
commands is not possible.
Blancco Drive Eraser detects if at least one of the drives about to be erased is Freeze locked. When a
Freeze lock is detected, Blancco Drive Eraser tries automatically to remove the Freeze lock by power
cycling the machine: the machine is put to sleep, the drives’ locks are removed and the machine is woken
up. When this power cycling happens the screen usually goes black for a few seconds before returning. As
the machine is power cycled, Blancco Drive Eraser attempts to remove the freeze locks on all locked drives
at once, so this process occurs at most once per session.

88
 Warning! With some hardware configurations, the screen might not turn back on. This depends heavily on
the machine’s BIOS, graphics chipset and/or the graphical driver used, as some devices do not wake up
properly/at all. The erasure process is either interrupted or continues in the background. To prevent this
from happening, the freeze lock procedure can be avoided by doing the following actions:

l At boot phase, ensure that the selected booting option is any but “FLR during startup”.
l Once Drive Eraser has booted and before starting the erasure:
l Select an erasure standard with no firmware commands (normal overwriting only).
l Disable the erasure of remapped sectors.
l Disable the removal of hidden areas.
l Disable the enforcing of the Blancco SSD erasure on SSDs.

7.15 Persistent Software Detection

Special software can be embedded in the BIOS/UEFI of the machine, from where they can be executed by
the operating system. Such software are called "persistent" because they remain on the machine even after
its data has been sanitized. This software can be detected and reported via a CT configuration (Security -
Security options - Device enrollment detection - Persistent software). If a persistent software is detected,
the BDE report will show a field called "Persistent Software" displaying the name of the software in
question. The most popular persistent software is Computrace (by Absolute Software) and it is used for
tracking computer hardware.
When Computrace is active, it works as a Windows program that is always enabled, even after the machine
is erased and reimaged. This software is executed every time the machine is booted to a Windows OS.
Note that if the BIOS has a Computrace setting shown as "Active" or "Enabled", this does not necessarily
mean that the feature is working. The only actual way of ensuring Computrace is working correctly, is by
installing Windows OS on the erased machine and checking if the Computrace process appears on the
machine.

7.16 Hot swap capability

Drives can be hot swapped (or hot plugged) without affecting the erasure process running on other drives in
the machine.

1. To begin the hot swap process, remove a drive or connect a new drive to the machine.
2. Press the Refresh drive list button (or Ctrl + R) in Blancco Drive Eraser’s Erasure-tab. Software will
indicate when process is complete.

Notes.

l Hot swap can be activated from the CT only if the “Report per Connected Device” mode is enabled.
l Pressing the Refresh drive list button disables all actions in the Erasure-tab and pauses all ongoing
erasures. The erasures are resumed and the Erasure-tab becomes active again, after the drive re-
detection has been completed. The following message is displayed:

89
 l If one or more drives are executing firmware commands when the Refresh drive list button is
pressed, the refresh starts after those firmware commands have been finished. A pop up is
displayed, informing the user that the drives will be refreshed after the firmware commands
have been finished with the message: "A firmware command is being executed on one of the
drives. The list of drives will be refreshed after it finishes.".
l Drive Eraser provides hot swap support for SAS/SCSI/SATA/FC/USB/NVMe drives only, in case
they are visible as nodes in the system (it does not work if the drives are behind a RAID controller
being passed through). Hot swap support for other interfaces will be added in the upcoming
releases.
l For NVMe drives:
l SuperMicro 10XSLL-F and 10XSRL-F motherboards are the only motherboards
officially supported for hot swap.
l Hybrid appliances (with both NVMes and traditional SAS/SATA drives) are supported.
l Port mapping for SAS/SATA port mapping will be consistent and based on the
internal cabling of the appliance, while for NVMe drives the port mapping is
learned on the fly. See the chapter “NVMe drives” for more information about
port mapping with NVMe drives.
l The “hotplug timeout” is a setting to configure the time to wait for a drive to be detected and
displayed. It can be set from the “Settings” (General tab). It is useful to spot drives that take too long
to detect, especially faulty drives. If only SATA or USB drives are plugged, the recommended
timeout should be at least 30 seconds. If SAS/SCSI/FC/NVMe drives are plugged, set at least 60
seconds.
l Upon plugging an HDD, wait for 10-15 seconds before pressing the “Refresh drive list” (time for the
drive to spin and get ready for the detection).
l In case a drive is not detected during the period set by the “hotplug timeout” (30 seconds by default),
the detection for that drive stops and a warning is displayed:

90
 l If the detection process fails three times in a row with the same drive, the hot plug service
goes into an error state and displays a notification to reboot the machine. The drive in
question is probably faulty and is compromising the stability of the software. The error state
and the notification may disappear if the faulty drive is removed and the drive list is refreshed.
Otherwise, subsequent detections will fail and a restart will be necessary. The error message
looks like this:

l Some drives (particularly some older EMC 1GB drives) produce inconsistent results with hot
swapping; these drives will need to be inserted prior to a full system boot or reboot.
l If the system still doesn’t recognise some drives, shutdown the system, connect the drives and boot
it with the drives already connected.

7.17 Erasure status and exceptions

The Blancco Drive Eraser erasure process can be separated into two parts:

l Mandatory steps: these steps are considered as essential, according to the erasure standard
applied. They consist of overwriting steps, verification steps, firmware based erasure steps and
hidden area removal steps.
l Optional steps: these steps are not necessary to achieve a successful erasure result as they are not
a vital part of the erasure standard. For example, some erasure standards do not explicitly require

91
 remapped sectors erasure or the removal/erasure of hidden areas but they may be attempted
anyway, depending on the user’s configuration of the software.

If all mandatory steps succeed, the whole erasure process is considered a success (final status = "Erased").
Conversely, if any mandatory step fails, the whole erasure process fails (final status = "Not erased"). If any
optional step fails, the erasure process generates an exception (information message) acknowledging the
failure of this step but indicating that it was considered optional. The final status always depends on the
success or otherwise of the mandatory steps.
In some occasions, the status "Erased" will be accompanied by an information message such as e.g.
"Remapped sectors area erasure failed" or "DCO area removal failed". This is simply the result of the logic
described above. The description of the erasure standards’ steps is located in chapter Execution steps of
the erasure standards .

7.18 CD-eject
The CD-eject functionality can be enabled or disabled through the CT. The CD-ejection can be configured
to occur at four different phases of the erasure process:

l After Blancco Drive Eraser boot-up (option selected by default).

l After the erasure has been completed.
l After the report has been saved or sent.
l When the machine is shutting down.

When the CD-eject is enabled, any optical media drive detected on the machine will be opened (tray ejects).
This way the user can check if a Blancco Drive Eraser boot CD or any other optical media has been left in
the machine. This also prevents the risk of forgetting to remove media from a machine before shipping it
away, since this presents a security risk as these media may contain personal/professional information.
Note. It is very important, that at least one option for ejecting the CD tray is selected, to prevent potential
data breaches.

7.19 Digital Fingerprint

The Digital Fingerprint is a small report that is written on the drive after the erasure. It contains a brief
summary of the erasure report information. It acts as a further proof that the storage device has been
erased and can be used for erasure report auditing purposes.
The Fingerprint is written on a single sector of the erased drive (sector 67000 by default, can be modified via
CT)and visualizing its content requires a tool that can read and display binary data, such as the Blancco
Drive Eraser Hexviewer. The implementation of the Fingerprint is only in English language (independently
of the report language) for compatibility with the ASCII characters.
The Fingerprint contains the following data (separated with spaces and semicolons):
Field name Explanation
The name of the Company that purchased Blancco (“Licensed to” field from the
Customer name erasure report).
Note: special characters (non-ASCII) are displayed as “?” chars.
Date & time of erasure completion Displayed with the format: yyyy-mm-dd hh:mm:ss
Blancco software version e.g. Blancco Drive Eraser 6.0.0
Drive serial number Also displayed in the “Erasure”-step.
Erasure status "Successful", "Failed" or "Cancelled"
Unique report ID Report UUID | Format: "Asset: <uuid>"; "Per-drive: <uuid>"

92
 The Digital Fingerprint is disabled by default. Enabling it, as well as setting its sector location, is done via the
CT (Report > Fingerprint settings). If the configured sector value is higher than the disk capacity, the
fingerprint will be written on the last sector, if possible.
Fingerprint sector and status will be visible in an XML report (both asset and per drive reports).

7.20 Bootable Asset Report

The bootable asset report (BAR) is a small report generated by Blancco Drive Eraser providing basic
computer information, it is visible upon rebooting the machine after the data erasure is complete. It is
displayed as a static splash screen when a successfully erased drive is used for booting. This functionality
is turned off within Blancco Drive Eraser by default, when switched on the BAR is written on any data
storage drive successfully erased.
The Bootable Asset Report can provide a fast visual proof that the drive has been successfully erased with
Blancco, as only the booting of the machine is required to view this report, however it does not replace the
Blancco erasure report which is the real proof that the erasure has occurred. It can also be used for auditing
an erasure report. Another use is displaying the hardware information of a machine/drive that is meant to be
sold on the second hand market.
To activate the Bootable Asset report, the following conditions need to be fulfilled:

l The Bootable Asset report has to be enabled from the CT.

l The detected drive has to be erased successfully (at least once).
l The erasure report has to be successfully saved on a USB stick or sent to the BMPOP (at least
once).

In order to create a Bootable Asset Report, the software writes data on the first 200 (BIOS mode) or 67000
(UEFI mode) sectors of the drive. This data can be viewed by using the Hexviewer or other similar tools.
The sectors containing the Bootable Asset Report will show a different pattern compared to the rest of the
drive. This should not be confused with data that Blancco Drive Eraser has failed to erase. If enabled, the
Bootable Asset Report is always written after a successful erasure and after a report is successfully saved
or sent.
Note: If "Format Drives after Erasure" option is enabled in the Erasure Settings, Bootable asset report and
Fingerprint options will be disabled if they were enabled through CT.
If you wish to not see the BAR on your device, please see the KB article related to Bootable Asset Reports
for troubleshooting. In most cases, however, the BAR will be overwritten during a new OS installation.

7.21 Dismantling RAID configurations

Blancco Drive Eraser has a RAID dismantling capability that can break the RAID and access directly the
physical hard drives for erasure. This capability is disabled by default but can be enabled via the CT. Below
the list of the RAID controllers that can presently be dismantled:

l Adaptec/IBM ServeRAID Controllers

l DAC960/AcceleRAID/eXtremeRAID PCI RAID Controllers
l LSI MegaRAID/Dell PERC/INTEL RAID Controllers
l HP Smart Array Controllers
l DELL BOSS RAID controller cards (such as DELL BOSS-S1 storage adapter)

93
 l Dell PERC H965i
l LSI 9305-16i/24i
l HPE SR932i-p Tri-Mode

If your RAID controller is not in the list, Blancco highly recommends that the array is dismantled manually
from the BIOS of the RAID card or via the software provided by the manufacturer. If your controller supports
the JBOD mode, please set it to that mode. Then Blancco Drive Eraser can attempt to detect the physical
drives for erasure. Please make sure that the firmware in your RAID adapter has been updated recently in
order to avoid any unnecessary problems with the RAID controller.
Support for other RAID controllers will be implemented in upcoming versions.

7.21.1 Erasing RAID controllers with multiple modes

Certain storage controllers have multiple operating modes. BDE will detect such controllers and suggest to
use an alternative mode in order to improve the erasure performance, especially when using the NIST 800-
88 Purge standard. It is also possible to configure this behavior in CT. The settings are found under Security
> Storage controller options.

Note: Proceeding can result in irreversible data loss and reconfiguring the controller mode may prevent
data recovery from the drives. The machine may also be rebooted.

7.22 Remote erasure control and monitoring

Blancco Drive Eraser’s erasure can be controlled or monitored remotely either from Blancco Management
Portal On-Premise (BMPOP) or from an external Asset Management System integration.
Note: Blancco Management Portal On-Premise is required in both cases.

7.22.1 Monitoring the erasure process through Blancco Management Portal On-
Premise
To monitor the process, remote monitoring must be activated on the client image (via the CT), and the
settings to connect to the BMOP must be filled in as well(either via CT or via the erasure client’s “Settings”
menu).
Note: Process control must be set as Local user interface.

94
 During remote monitoring, the erasure process can be followed from the BMPOP (Client Overview tab).
BMPOP cannot control the erasure directly but it can detect any problem occurring during the process.
BMPOP assigns a numeric ID to each monitored machine for a quick identification. This ID is visible in the
erasure client’s screensaver (top right corner of the screen) and in the UI (Process Area).

7.22.2 Controlling the erasure process through Blancco Management Portal On-
Premise
To completely control the erasure process through the Blancco Management Portal On-Premise, the client
image must be configured for controlling (via the CT). The Process control must be set as Blancco
Management Portal On-Premise remote and the settings to connect to the BMPOP must be filled in (via the
CT).
During remote controlling, the erasure process is controlled from the BMPOP's Client Overview tab.
BMPOP can either push an erasure standard to sanitize the drives of the target machine(s) or a workflow to
fully control the process on the target machine(s). The BMPOP assigns a numeric ID to each controlled
machine for a quick identification, this ID is visible in the erasure client’s screensaver (top right corner of the
screen). See the Blancco Management Portal On-Premise’s Admin Manual for more information.
When the remote control session is cleared from BMPOP, Blancco Drive Eraser will fetch command on the
next polling round to stop communication. After receiving the stop-message, software acknowledges it and
the session will be removed from the process management list. After this, Blancco Drive Eraser doesn't
accept any remote commands and waits to be shut down manually. UI will show #-character in session ID
when communication has stopped. Connectivity and license status will turn to red. BMPOP icon pop up will
show "Communication with the BMPOP has failed..." error message.

7.23 Sanitize Cryptographic Erasure Standard

The “Sanitize Cryptographic Erasure” erasure standard performs a cryptographic erasure, on drives that
support this firmware command only. It was introduced in version 6.1.1.
When a Cryptographic Erasure command is given, the drive self-generates a new media encryption key.
Thus, the old data is not overwritten, only the encryption key is replaced rendering data ‘erased’ by making
it indecipherable, since the key required to decrypt the data is no longer available. The strength of this
obfuscation is relative to both the encryption standard used and effectiveness of the key replacement
process. It is possible that mistakes in the implementation of the crypto-system or future advances in
technology could allow for the reconstruction of data by recovering the key or breaking the encryption
algorithm used, respectively.
Any drive erased with this standard will display an exception "Device has been cryptographically erased,
see manual for more information."
Cryptographic erasure is verified in the following way:

1. Pseudo random locations are selected throughout the drive.

2. These locations are written with a known pattern
3. Cryptographic erasure command is triggered.
4. After the cryptographic erasure, these pseudo random locations are read to verify that the previously
written pattern is no longer present, thus demonstrating (or otherwise) the success of the process.

This verification is available in BDE, but the percentage of the verified area is configurable by the user (1-
100%, default value 1%).

95
 Because replacing the data encryption key is a very fast operation, the “Cryptographic Erasure” standard is
very quick compared to a traditional overwriting (few minutes at worst, even on large drives). But given the
concerns described above, Blancco recommends using this standard in cases, such as in the following
cases:

l The machine needs to be erased quickly, before being redeployed within the same company (same
or higher security level).
l The machine needs to be erased quickly, before being sent to another location where it will be
erased using a more traditional standard.

7.24 Support for TCG Security Features

The Trusted Computing Group (TCG) is a group formed by large hardware manufacturers to implement
security standards and concepts across personal computers. Among other things, they develop the Trusted
Platform Module standard (used on TPM chips), they also develop specifications that describe the protocol
to communicate with self-encrypting drives (SEDs). On the latter point, Security Subsystem Class (SSC)
Specifications describe the requirements for specific classes of devices; specifically, the Enterprise SSC
defines minimum requirements for Data Center and Server Class devices while the Opal SSC defines
minimum requirements for client devices.
BDE supports ATA, SCSI/SAS and NVMe self-encrypting drives that implement the TCG Enterprise, Opal,
Opalite, Pyrite and Ruby security features as follows:
Drive interface
ATA/SATA SCSI/SAS NVMe
- CE: reporting & erasure - CE: reporting & erasure - CE: reporting & erasure
Opal - BE: N/A - BE: N/A - BE: N/A
- OW: N/A - OW: N/A - OW: N/A
- CE: reporting & erasure - CE: reporting & erasure - CE: N/A
Enterprise - BE: N/A - BE: N/A - BE: N/A
TCG - OW: N/A - OW: N/A - OW: N/A
- CE: reporting & erasure - CE: reporting & erasure - CE: reporting & erasure
Opalite - BE: N/A - BE: N/A - BE: N/A
- OW: N/A - OW: N/A - OW: N/A
- CE: reporting & erasure - CE: reporting & erasure - CE: reporting & erasure
Pyrite - BE: reporting - BE: reporting - BE: reporting
- OW: reporting - OW: reporting - OW: reporting

(with CE = Crypto Erase command, BE = Block Erase command, OW = Overwrite command)

TCG commands are used in the "NIST 800-88 Purge" and “TCG Cryptographic Erasure” erasure
standards. Any standard supporting the TCG Cryptographic Erasure command first reverts the drive to
factory default before replacing the encryption key and scrambling the data.

7.24.1 Process TCG Opal and Enterprise (PSID)

When a drive (Opal or Enterprise) is marked with "TCG locked" or "TCG password", the user can process
such disks by executing a "PSID Revert" command on the drive. Such command resets the drive back to its
factory settings, removing any lock or password and destroying the drive data at the same time. This
commands requires entering the drive PSID. The PSID can be entered via the user interface or via using a
workflow.

96
 *PSID = Physical Security ID, a 32-character password that can prove the user having a physical access to
a drive. Usually printed on the drive sticker.
To enter the PSID via the user interface:
1. Click and select a locked drive. Check that the drive has the icons "TCG locked" or "TCG password", click
on the icons or select the drive and press Ctrl+J. This opens an "Enter PSID" popup window.

2. Enter the PSID password into the empty field in the popup.

You can cancel entering PSID by pressing "Cancel", nothing else happens.
3. After entering the PSID and clicking "OK", a green "PSID" label will show up next to the existing drive
labels.

When starting an erasure on a drive with a green "PSID" icon, the program will add an extra PSID revert
step before any other erasure steps. When the erasure is completed, some of the drive labels will
disappear. If a PSID revert operation was performed during an erasure, it will be shown in the report.
If a TCG session cannot be established because of an authorization problem, an error popup will be shown:

97
 To unlock PSID via workflow, see Workflow Editor.

7.25 TPM Device Detection and Reporting

TPM (Trusted Platform Module) device(s) can be detected and reported under two conditions:

1. The TPM device must be present on the machine.

2. The TPM device must be enabled in the BIOS/UEFI settings.

Variable for this is available in workflows as variable "tpm_devices".

7.26 Trusted Platform Module (TPM)

TPM are components (usually a motherboard chip) that can secure the operating system. TPM can contain
encryption keys or certificates that are used by the operating system or by some software running on it.
BDE is able to clear TPM during the machine startup. This can be enabled and configured in the CT
Security settings.
When you enable "Clear TPM at startup", a popup will be shown asking (if not configured otherwise): "This
machine has Trusted Platform Module (TPM) installed. This module may contain private data. Do you want
to clear it? This may require to reboot the machine, additional confirmation screen may be shown at boot."
If you wish not to receive a popup and perform an action automatically instead, enable "Timeout (seconds)
and set it to 0. BDE will then either clear or skip TPM.
Warning: This option can erase data, which cannot possibly be recovered. Clearing the TPM may also
reboot the machine.

7.27 Fallback for NIST Erasure Standards

When “Enable fallback from NIST Purge to NIST Clear” is enabled in the CT, the erasure standard "NIST
800-88 Purge" can fall back to "NIST 800-88 Clear".
When Erasure button is pressed, if NIST Purge is not supported by the device or the standard fails, then the
erasure process falls back to NIST Clear. Falling back from NIST Purge to NIST Clear can ensure keeping
compliance with the NIST guidelines.
Note that this functionality requires that both "NIST 800-88 Purge" and "NIST 800-88 Clear" erasure
standards are enabled.
For more information about the NIST standards, see chapter “Compliance with Updated NIST Guidelines”.

98
 7.28 Block SID Authentication
The TCG Storage Workgroup has developed the TCG Storage Feature Set: Block SID Authentication
Specification (“Block SID Feature Set”) to provide a means to block attempts to authenticate the SID
authority. This mechanism enhances security policy configurability, by providing a way to block potentially
malicious entities from taking ownership of a SID credential that is still set to its default value of MSID.
Disabling the Block SID Authentication allows running firmware-based erasure commands on the machine
drives, this is required to achieve a purge-level erasure.
If the drive has SID block enabled then "SID Blocked" yellow drive mark will be shown in the list view.
If the machine supports PPI (Physical Presence Interface), then the marking will have a hint: "Drive has
"Block SID Authentication" feature enabled. Can be disabled by clicking on the icon". Clicking on the icon
will show SID block disabling dialog in case there are no running erasures.
If PPI is not supported, then the marking will have a hint "Drive has "Block SID Authentication" feature
enabled. Cannot be disabled" and it is not clickable.

7.28.1 Turning off the Block SID Authentication

If there is a SID blocked drive in the system, PPI is supported and there are no running erasures, then the
operator can also trigger SID block disabling dialog by using "Ctrl+Alt+S" hotkey while on the "Erase" view.
This dialog can also be triggered via CT (shown right after BDE boots):

The button selected by default and the timeout value is configurable through CT. The dialog is not shown if
erasure is managed through BMPOP. In Workflow, Auto, and Semiauto processes, workflow / erasure is
not started until the dialog is closed through "No, skip".
If the dialog is closed through "Yes, proceed" button then the machine is rebooted and PPI confirmation
screen may appear where the operator must accept the change to disable Block SID Authentication feature.

99
 7.28.2 Re-enabling the Block SID Authentication feature.
If Block SID authentication is successfully disabled, a dialog box suggesting to re-enable this feature will
appear whenever the operator attempts to shut down or restart the machine using the BDE user interface
(either by clicking the ‘Shutdown’ button in the bottom right corner or pressing the F10 hotkey):

7.28.3 XML report

For TCG Storage compliant drives 2 new entries of string type were added to XML report:

l blancco_data.blancco_hardware_report.disks.disk.tcg_block_sid_authentication_supported
the value is "true" if the drive supports Block SID Authentication feature, "false" otherwise
l blancco_data.blancco_hardware_report.disks.disk.tcg_block_sid_authentication_enabled
the value is "true" if the drive supports Block SID Authentication feature and the feature is currently
active i.e. SID Authentication is blocked.

7.29 Drive self-tests

BDE is able to assess the condition of modern drives by running self-tests on them (a.k.a. "S.M.A.R.T.
tests"). These tests do not touch the drive data (non-destructive action) and can be run on demand.
This feature currently supports ATA and SCSI drives.
You can run self-tests in two different ways: from the Erasure settings in the DE user interface (Pre-
processing options), or via IBR Workflows ("Self-test" action).

l When run from the user interface, the Self-test is integrated into the erasure as an additional step:
o Execute self-tests on drives – If this option is turned on, the drive’s S.M.A.R.T self-tests are
run during the erasure process. Note that the exact test parameters on these tests may vary
between manufacturers and models. The options are:
1. Short - The electrical and mechanical performance as well as the read performance of
the drives are tested. Usually takes under two minutes.

100
 2. Conveyance - Intended as a quick test to identify damage incurred during transporting
of the device from the drive manufacturer to the computer manufacturer. Only available
on ATA drives. Usually takes several minutes.
3. Extended - A longer and more thorough version of the short self-test, scanning the
entire drive surface with no time limit. This test can take from dozens of minutes to
several hours (this depends on the read/write speed of the drive and its size).
4. Fail Erasure if Unsuccessful – If Self-test fails, then the erasure is marked as
unsuccessful. This option is only available if “Execute Self-tests On Drives” is enabled.

Note: the self-tests will automatically fail if the duration is much longer than estimated.

l When run from via the IBR Workflows, it is possible to configure a workflow carrying out self-tests
without any erasure. The same tests (Short, Conveyance, Extended) are available on the "Self-test"
action.

7.30 Drive Life Estimation

This feature allows BDE to diagnose a hard drive's health and remaining life based on the SMART data
attributes on the drive. These attributes are data points found in the hard drive's firmware, which help the
user to keep track of the current state of the drive. The attribute values help predict the current state of the
device and if everything is functioning properly. There are a few SMART attributes that can be identified as
correlating with hard drive failure. A few of these failure predicting attributes include Power On Hours,
Power Cycle Count, Reallocated Sector Count and Pending Reallocated Sectors.
The drive life remaining estimate begins with the average expected life expectancy of a hard drive, and from
there, deductions to the life total are made based on these SMART attributes. Estimation is done by
considering, evaluating and comparing each attribute value to various thresholds to determine the
likelihood for drive failure and how soon it could happen. After that it is recorded in the hardware report.
Note: This is just an estimation, a general idea on how long the device can remain in a working condition.
The device may outlast the given estimation or prematurely fail before it was estimated to.
You can enable this feature in CT's Security settings. The feature works for NVMe, ATA and SCSI drives.
The estimated life remaining on the drive will appear on the hardware report like in the example:

The drive requires SMART support in order to use this feature. If it is not supported, the report will show
"Drive life remaining estimate could not be calculated due to SMART info not available for the drive."
A warning will be given if the drive health status is bad or if the estimated remaining life is less than 90 days.
Seagate FARM parameters are also included if the disk supports them. If both SMART and FARM
parameters are available, the one with worse value is included in the evaluation. Additionally,
DRIVEATTRIBUTES REMAPPED_SECTOR_COUNT may return FARM attribute if it's supported and its
value is worse than SMART.

101
 8. Hardware Which Requires Special Handling
8.1 Unsupported processors
Blancco Drive Eraser supports x86 processor-based machines, especially Intel and AMD processors.
Support for x86 processors that are neither Intel nor AMD should be checked case by case, because the
hardware detection on machines running such processors may not be fully accurate.
Some machines use different processor architectures (RISC, ARM…) that Blancco Drive Eraser does not
support and cannot directly erase. Sun SPARC based servers can be erased using our Blancco SPARC
product.
Fortunately, data storage devices are always the same regardless of the hardware (whether x86 or RISC
architecture) and Blancco can be used to erase the drives from these machines by connecting them to an
x86 processor-based computer. A typical solution consists of removing those drives from their non-
supported server and connecting them to a supported x86 processor-based “erasure station” for erasure.
Blancco Drive Eraser can boot on (and erase) majority of x86-based tablets, this includes tablets based on
the Intel Atom processor. However, the majority of devices based on the Intel Atom processor platform
"Clover Trail" are not supported.

8.2 SSDs
Although Blancco Drive Eraser can identify and erase all kind of Hard Disk Drives (where data is stored
magnetically on rotating disks), there are some caveats involved regarding the erasure of Solid State Drives
(SSD). SSDs differ from HDDs in that data is stored electronically on transistor arrays. Please refer to the
chapter Guidelines for Using SSD Erasure Method for more information.
If the documentation does not help you, please engage with your local Blancco representative regarding the
erasure of these drives.

8.2.1 eMMCs
embedded Multi Media Card (eMMC) is a storage device that contains some NAND flash memory and an
embedded controller in an industry-standard BGA package. Operations such as wear leveling, bad block
management, and device mapping are all managed internally. In addition, error handling is also
implemented internally, which reduces the load on processor and as a result, improves the system
performance. eMMC has been developed for universal low-cost data storage and communication media
and is currently prevalent in most smartphones and tablets, although they may also appear in x86-based
hybrid tablet devices. When an eMMC drive is detected by Blancco Drive Eraser, the UI will display the
drive as an “eMMC” device.
There exist a few recommendations on how to erase eMMC drives. The Jedec standards on eMMC drives1
, describe the command Sanitize “used to remove data from the device according to Secure Removal Type
(see 7.4.120)… [and] requires the device to physically remove data from the unmapped user address
space” i.e. this command removes the data from both the user addressable area and area that the user
cannot access. Another command is the Secure Erase “included for backwards compatibility... requires the
device to execute the erase operation... requires the device and host to wait until the operation is
complete... [and] requires the device to do a secure purge operation, according to Secure Removal Type...

1&lt;a href="https://www.jedec.org/standards-documents/technology-focus-areas/flash-memory-ssds-ufs-emmc/e-
mmc"&gt;https://www.jedec.org/standards-documents/technology-focus-areas/flash-memory-ssds-ufs-emmc/e-mmc&lt;/a&gt;

102
 outlined in 7.4.120”. The chapter 7.4.120 indicates “how information is removed from the physical memory
during a Purge operation [based on] the capability of the eMMC device”.
The Jedec standards also inform about the handling of retired sectors. “Portions of the memory array can
become defective with use” and marked as “retired”; the information from such sectors is recovered before
the sectors are removed from use. Some eMMC devices can “erase the contents of the defective region
before it is retired”; nevertheless, this feature has to be enabled beforehand and –according to the
standard– it only applies to sectors retired after the feature is enabled (sectors retired before are out of
scope). If the eMMC does not support this feature, if the feature is disabled, or if the drive has sectors that
were retired before the feature was enabled, there is a risk that these retired sectors will not be erased,
even after using the Sanitize or the Secure Erase commands.
The NIST guidelines1 are not very clear regarding the erasure of eMMC devices embedded on Intel-based
tablets (which are the eMMC devices that Blancco Drive Eraser can erase).

l Regarding the clear-level operation, Blancco Drive Eraser handles an eMMC the same way it
handles any flash-based data storage device (such as SSD or NVMe). The device is detected,
overwritten (from the first detected sector to the last detected sector) and verified. This procedure
addresses the whole user addressable area and protects the device against any keyboard attack.
l Regarding the purge-level operation, NIST mentions using commands such as “Secure Erase or
Secure Trim command, or some other equivalent method… [or] Cryptographic Erase [if supported]”.
Nevertheless, these recommendations apply to eMMCs embedded in devices running the Google
Android OS or the Windows Phone OS or the iOS (for the latter, only Cryptographic Erase is
mentioned). NIST also mentions that purging “all other mobile devices including cell phones, smart
phones, PDAs, tablets… [depends on the device capabilities] and should be applied with caution…
the device manufacturer should be referred to in order to identify whether the device has a Purge
capability… to ensure that data recovery is infeasible”.

Based on these recommendations, in order to clear eMMC devices you can use any Blancco Drive Eraser
overwriting standard. Blancco Drive Eraser also implements firmware-based erasure commands (Sanitize
and Secure Erase) as part of the "NIST 800-88 Purge" and "Blancco SSD Erasure" standards, which can
erase the eMMC beyond the clear-level. However, as explained above, even after a successful erasure
using the "NIST 800-88 Purge" or "Blancco SSD Erasure" standards, there are no guarantees that the
purge-level will be achieved in all situations: it is not possible to be certain that no data will be recoverable if
the eMMC undergoes an attack using state of the art laboratory techniques. Also, some eMMCs may
display an extra recovery partition even after they have been purged. In some cases, these partitions may
still contain data.

8.2.2 Hybrid Drives

A hybrid drive or SSHD (for Solid State Hybrid Drive) is a composite non-volatile storage device. It has two
separate areas of storage: some flash memory (the SSD portion, a fraction of the total capacity) and
spinning magnetic platters (just like a regular HDD).
Hybrid drives can be detected, reported and displayed in the UI as “SSHD”. Blancco Drive Eraser will first
attempt a programmatic detection of the drive. If a drive is not detected as a hybrid through programmatic
means, then Blancco Drive Eraser will compare its model with an internal (embedded) list of allowed and
known hybrid drives: if there is a match, then the drive in question will by marked as an SSHD. Note that the
user can update the list of allowed devices (add/remove models) via the CT.

1&lt;a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-
88r1.pdf"&gt;http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-88r1.pdf&lt;/a&gt;

103
 If a hybrid drive has undertaken a successful erasure and verification process, this means that only the part
that has been presented to the software (usually the magnetic HDD) will be processed. Since it is not
currently possible to verify the erasure of the hidden (usually the flash) part of the hybrid, no guarantees can
be provided against recovery of data using laboratory techniques. The erasure of a hybrid drive will protect
against non-invasive attacks at a software level only since the memory management of data is performed
internally by the drive. After erasing a hybrid drive, there will be an exception in the report warning about its
presence.
Additionally, there is not enough research available to suggest that firmware erasure methods (such as ATA
Secure Erase) will address both parts of the storage and it is not possible to verify this without the
appropriate tools. Therefore, the same applies as above for this process: assurances can be given about
the accessible part of the storage only.

8.3 NVMe Drives

Non-Volatile Memory Express, or NVMe, is a logical device interface specification for accessing non-
volatile storage media attached via a PCI Express (PCIe) bus. NVM Express, as a logical device interface,
has been designed to capitalize on the low latency and internal parallelism of flash-based storage devices.
NVMes can be detected, reported and displayed in the UI as “NVMe”.
TCG Opal, Enterprise, Opalite,Pyrite and Ruby SSC compliant drives are detected and their information is
added to the report.
Since Blancco Drive Eraser fully erases all data on the drive, it causes a lot of activity on the device. If the
device does not have an adequate cooling solution when being processed, it can lead to a buildup of heat
which causes the device to throttle its performance to reduce heat. NVMe devices that cannot dissipate
heat quickly enough will start thermal throttling (slowing down their read- and write-speeds) and may even
overheat (device stops functioning).
To help detect whether poor performance of the device is caused by heat or by other issues, Blancco Drive
Eraser displays the temperature of the device on the UI (Erasure-step). This can be used to monitor the
device and pause the erasure if the temperature rises too high. Also, the screensaver starts flashing if the
temperature of an NVMe device gets close to its Critical Composite Temperature Threshold.
To alleviate the problem, the drive can be paused until the temperature of the device has fallen and once
the temperature is at an acceptable level, the erasure can be resumed. Applying an external heat
dissipation can also be considered.
As of version 6.17, the Sanitize feature set is supported on NVMe drives. Sanitize commands are used in
the following erasure standards: "Sanitize Cryptographic Erasure" , "IEEE 2883-2002 Purge" and "NIST
800-88 Purge".
Blancco recommends erasing NVMe drives with the “Blancco SSD Erasure” erasure standard.

8.3.1 Multiple Namespaces and Unallocated Space

Normally, drives with namespaces are shown separately as their own device cards in the BDE UI. The
same goes for unallocated space on a drive. However, detached namespaces or unallocated space can be
merged into a singular device card either manually by clicking the "DET" or "UNL" icon on the device card,
or automatically by enabling "Automatically merge multiple namespaces into one" from CT Security
settings.
Drives that have namespaces (regardless whether they are merged or not) will consume 1 license per drive.

104
 When pressing the DET (detached namespace) icon, the following message shows up asking for
confirmation:

If the namespaces were attached successfully, they will show up in the UI as follows:

If attaching NVMe namespace failed, the following message will appear:

User can see separate namespaces belonging to a drive in different color by enabling the "Show NVMe
namespaces" switch (or by pressing CTRL+ N).

105
 During an erasure, it is not possible to select NVMe namespaces that belong to the drive that is being
erased.

If namespaces are erased while detached namespaces or unallocated space are not selected, a disclaimer
is added to the report (in this case, the whole drive was not erased):

8.3.2 FC-NVMe / NVMe-oF

BDE is able to erase remote NVMe drives, which are called "NVMe-oF" in BDE. This means that a machine
with BDE is able to erase servers with NVMe drives, such as Alletra 2240 enclosure or similar.
The device with BDE (with or without its own drives) is connected to the server enclosure with 100GB
Ethernet links and either NVMe-oF RDMA (RoCEv2) or standard TCP protocol will be used to erase them.

106
 User must also configure DHCP server settings and add maximum MTU value in BDE (e.g., for Alletra, it
would be 9000).
Note: Supports only overwriting erasure standards and NIST Purge.
For more information, see the Header Area chapter.

8.3.3 Port Mapping

BDE detects the total number of bays even when the controller does not have any drives. For example, with
USB PCIe controllers, removing a drive will leave an empty slot in the UI, which can then be used for
another drive connected to the same USB port.
In the beginning, BDE does not know all the physical slots reliably, so as long as no drive is connected to
the machine, BDE won't make assumptions and the GUI won't show any empty slot.
Then, as drives are connected to the machine, BDE starts knowing the presence of the physical slots, it
even starts knowing their bus number: the port mapping is learned gradually. Once all physical slots have
been occupied, BDE knows them and can order the drives by bus number. At this point, the complete port
mapping is finished, and it is remembered for the whole session.
The easiest way to have a port mapping that is good from the beginning, is to first fill all physical slots with
drives, then boot the machine. In this case, BDE will learn right away the presence of all the physical ports
and will order them in the UI reliably and consistently for future operations.
The drive order is determined by the type. NVMe controllers and drives come first, then SAS/SATA/FC
controllers and drives in PCI bus order. Next are USB/eMMC controllers and drivers, and lastly, NVMe-oF
controller and drives. Possible new or unknown controllers and drivers will be added to the end of the UI
(e.g. when hot plugging).
The ports are shown with a slot number (in order) and a combination of numbers, such as (1-3). The reason
each port shows a different controller (1-1, 2-1, 3-1, ...) is that each drive integrates its own controller. So,
each drive is a controller paired with a data storage device.

8.3.3.1 Port Mapping Example

On the example below, a situation of how this works when there are 4 physical NVMe slots are available
and used.
Now two NVMes are connected (A and B), one in the second physical slot and one in the fourth physical
slot. The UI will show:

l 1 (1-1) NVMeA
l 2 (2-1) NVMeB

Now one NVMe (C) is connected to the first physical slot. The UI will show:

l 1 (1-1) NVMeC
l 2 (2-1) NVMeA
l 3 (3-1) NVMeB

After this, one NVMe (D) is connected to the last empty physical slot (the third). The UI will show:

107
 l 1 (1-1) NVMeC
l 2 (2-1) NVMeA
l 3 (3-1) NVMeD
l 4 (4-1) NVMeB

Finally, they are removed and a new NVMe (E) is connected to the second physical slot. The UI will show:

l 1 (empty)
l 2 (2-1) NVMeE
l 3 (empty)
l 4 (empty)

8.3.3.2 Port Alias

Instead of having a port numbered, such as (3-1), you may assign an alias to it (that port is shown with a
custom name). Simply click the port number you wish to give an alias to and click OK to finish or press
CTRL + ALT + A on the highlighted tile. Alias character length is up to 255 characters.

Note: Reports will use original port numbers. Aliases won't be included but the order defined by the user is
visible.

108
 8.3.3.3 Custom Drive Order
Normally, the order that drives are shown in the UI is determined, but it can be customized. When adding
aliases or changing slot order, the current layout will be saved when using an installed version of BDE or the
machine has a connected Blancco USB stick. If the storage controller and size are the same, the port
mapping, drive order and aliases should be restored to the modified layout after rebooting.
You can modify the port order either by dragging slots with the mouse or by holding CTRL+arrow keys
that moves the highlighted slot. If you want to reset the layout after changing slot order, click the Reset
button and select "Yes".

Note: Ports with an orange color are not part of the port mapping. Therefore, that port's number or location
won't be saved.

8.3.3.4 Hybrid Appliances

With hybrid appliances (with both NVMes and traditional SAS/SATA drives), the port mapping is learned on
the fly with NVMes while the SAS/SATA port mapping is consistent and based on the internal cabling of the
appliance. In the example below, the device has 4 NVMe slots and 8 SAS/SATA slots. Now, only 4
SAS/SATA slots are in use (cables installed to front panel bays). Therefore. a maximum of 8 physical drives
will be connectable and visible in the appliance (4 NVMes, 4 SAS/SATA):

l After boot, you can see 8 empty slots (all SAS/SATA).

l You connect 1 NVME and hit refresh => 1 NVME + 8 empty slots are visible in the GUI.
l You connect second NVME and hit refresh => 2 NVMEs + 8 empty slots are visible in the GUI.
l Continue similarly for the rest of the NVMe drives, until all 4 are connected.
l In the end, the GUI will have 4 slots for NVME (after the software has learned them - they can be
occupied or empty) and 8 slots for SAS/SATA => Total slots: 12

l And extra note: Nothing currently prevents the customer from connecting a second cable to that
SAS/SATA controller and taking those "ghost" slots into use in the software side as well. This would
make the maximum simultaneous erasures running: 4xNVME + 8xSAS/SATA

Other notes:

109
 l If system boots with all bays occupied, overall picture is ready.
l If system boots with empty bays, overall picture gets more ready when a new bay is occupied and UI
refreshed.
l When an NVMe drive is removed, the controller entity is not removed, it is marked as dummy, which
is not reported. Dummy controller will be presented as an empty slot. When another NVMe is
inserted into same slot, the old controller entity is reused and all of its information is updated.
l For an NVMe controller, the number of bays is always 1.

8.4 RAID-controllers connected to SAS/SATA drives

Blancco Drive Eraser can detect and erase SAS and SATA drives connected to RAID controllers. Erasing
these drives in this kind of environment can be challenging for several reasons, two important ones being
communication issues and RAID firmware customizations.
Erasure of SATA drives is more challenging than erasure of SAS drives, because when connecting SATA
drives to a SAS enclosure, different setups can add extra layers to the communication between the
software and the drive.
The MegaRAID controllers in particular can be purchased by different original equipment manufacturers
(OEM) or brands which can resell them with their own customized firmware: the support of the MegaRAID
depends heavily on the firmware that has been embedded into the controller.
Currently Blancco Drive Eraser supports dismantling of MegaRAID controllers branded by LSI (SAS and
SATA drives can be erased) and Dell (SAS and SATA drives can be erased, although SATA drives only
support plain overwriting standards). Support of other brands (mainly HP and Intel) should be checked case
by case.

8.5 NVDIMM
BDE can recognize NVDIMM devices, but there are some differences in what kind of erasure is supported
and what mode should be used. Currently, BDE supports NVDIMM raw and sector modes. These can be
set with NDCTL tool.
Below is a short description of the supported NVDIMMs and which erasure is possible for them:

l NVDIMM-N: Only clear-level erasure is supported

l NVDIMM-Optane: Supports clear-level erasure, but purge level can be achieved depending on the
host machine and if the NVDIMM-Optane is set to raw mode

Additonally, in order to erase NVDIMMs, regions and namespaces must be created. If they are missing,
devices are detected but shown with 0 byte capacity, which means that erasure cannot be done. Regions
can be created in BIOS and namespaces with the NDCTL or Intel's ipmctl tool.
In some cases, erasure may fail and for that there are a few possible exception messages that are added to
the report.

l NVDIMM data backup is not armed, check backup battery

l NVDIMM has invalid or missing configuration

110
 Note: When BDE recognizes the device as NVDIMM, it is written in the report as well.

8.6 Password locked drives

Drives protected with password can be erased, but the user must enter the correct password upon booting
the machine. Password protected drives can only be overwritten, because the password protection
prevents executing firmware commands onto the drives. If purging these drives is required, the password
protection must be removed from the BIOS/UEFI settings.

8.7 Removable flash devices

If removable flash devices are connected to the machine during the startup (SD card, USB stick), there will
be a popup warning about their presence: these devices can contain user data and may present a security
risk. These devices can also be erased in BDE, but this feature must be enabled (they are hidden by
default, displaying them in the user interface must be enabled in CT). Removable flash devices offer no
support for purging mechanisms and can only be cleared. Any removable flash device which label contains
“BLANCCO” will always be excluded from the user interface (in order to prevent erasing e.g. a “BLANCCO”
USB stick that is used to boot BDE).

8.8 Chromebooks
Chromebooks are laptops or tablets running the Linux-based Chrome OS (designed by Google) as its
operating system. The devices are primarily used to perform a variety of tasks using the Google Chrome
browser, with most applications and data residing in the cloud rather than on the machine itself.
Chromebooks can be processed in two different ways:

l The traditional way requires booting a generic BDE image into the Chromebook. After BDE has
booted, the Chromebook can be processed as any other machine (erasure of the internal drive,
hardware diagnostics, report, etc.). Bear in mind that only Intel-based Chromebooks can be
processed this way (ARM-based Chromebooks are not supported). Another thing to take into
account: most Chromebooks have a locked bootloader that will prevent them from booting any
external operating system. More information and tips to boot BDE on Intel-based Chromebooks are
available in https://support.blancco.com/

111
 l While it's technically possible to boot BDE on a x86 based Chromebook, we recommend
using the modern process described below.
l The modern way does not require booting BDE into the Chromebook. The Chromebook needs to be
connected to the same network where BDE is running, then BDE can process the Chromebook via
factory resetting it and reporting the erasure result. This process is secure, fast, supports all
Chromebooks (Intel and ARM alike) and does not require reimaging the device after the erasure.
More information on this in the chapter "Processing Chromebooks with Drive Eraser".

8.9 Apple T2 Machines

Newer Apple machines (starting from 2018) come with a security chip called the T2 chip. This chip handles
many things, including the access to the internal data storage device (SSD or NVMe), so detecting the
internal drive requires supporting the T2 chip.
Starting from Drive Eraser 6.12.0 there is a support to boot and erase Apple T2 devices. More information
and tips on how to boot BDE on Apple T2 machines are available in https://support.blancco.com/

8.10 Microsoft Surface Pro 4

Make sure that the "Secure Boot" setting in the UEFI settings menu is set to "Microsoft & 3rd party CA" and
not "Microsoft only", otherwise Drive Eraser won't be able to boot.

112
 9. Hardware Tests
The Blancco Drive Eraser contains tests designed to test the hardware of the machine. The tests are
divided into two categories: Automatic tests and Manual tests. The hardware tests have three possible end
results: Successful, Failed, Not Performedand Not Available. Manual tests are run by selecting them
from the Hardware test page and then running them. With all manual test, the user input and interaction are
required, while automatic tests require no user interaction.
If a test is not required, the box before the test can be unchecked. This way that test won’t be included in the
report.
To enable and configure which tests are run or available, use Blancco Drive Eraser Configuration Tool
(CT). Tests can also be set as mandatory (they cannot be unselected from the “Hardware tests”-step) or
optional (they can be unselected). The selected tests will now be available on BDE.

9.1 Battery Capacity

The battery capacity test checks the charge capacity and charge cycles of all the batteries connected to the
machine (manual and automatic). The current charge capacity is compared to the maximum charge
capacity stated by the manufacturer. The test is executed automatically when booting, but it can also be run
through the workflow feature or rerun via BDE UI.
A brand-new battery would have a charge capacity which is very close to 100%. Really old battery, which
can’t hold a charge anymore, would have a really low charge capacity (close to 0%).
The current charge state of the battery does not affect the charge capacity percentage. The same battery
will get the same result whether it is charged full or empty.
The default value for the battery capacity test threshold is 60%. This value can be changed in the CT.

113
 If the battery charge capacity equals or exceeds the defined threshold the test is deemed Successful,
otherwise the test is deemed Failed. Note that the battery test will fail, regardless of the charge capacity, if
the current voltage is below the discharge cutoff voltage, which corresponds to ~75% of the minimum
design voltage (a low voltage indicates that the battery is damaged). If the battery test fails, an error
message is shown, which displays the current voltage and the minimum designed voltage.

Note. If the battery to check is not listed in the tests, it means that Blancco Drive Eraser has not been
capable of retrieving the battery’s current charge or the maximum charge capacity. This information is set
by the battery manufacturer and some manufacturers to not necessarily follow the industry standards,
which ends up in improper detection. There is unfortunately nothing that Blancco Drive Eraser can do about
it

9.2 Battery Discharge

The Battery discharge test tests the device’s battery discharge rate (automatic). This test requires that the
device should be unplugged. The battery charge should be 50% or more to execute the test, This
recommendation is to minimize the risks of hanging the machine during the test.
Note that:

l The test cannot be started if the battery charge is below 50%. The minimum charge for
Chromebooks is 20%.
l The test will be automatically terminated if the battery charge level drops as defined by the pass
threshold or if it goes below 10% (minimum security charge, internal limit).

These two features are there to prevent a machine’s uncontrolled shutdown, which would mean losing both
the license(s) and the report.
The test will fail if the battery discharges more than the pass threshold within the time limit. Both the pass
threshold value (50 percentage points by default) and the time limit (10 minutes by default) can be modified
in the CT.
Example: A laptop with a battery is booted and the Battery discharge test is executed.

l Case 1: If at the time when the test is run, the battery charge is 40%, it won't start (the minimum
battery charge before the test is 50%).
l Case 2: If at the time when the test is run, the battery charge is 60%, it will start. If the pass threshold
is set by the user to 40 p.p., the test will succeed if the charge at the end of the test is higher than 60-
40=20%.
l Case 3: If at the time when the test is run, the battery charge is 75%, it will start. If the pass threshold
is set by the user to 70 p.p., the test should succeed if the charge at the end of the test is higher than

114
 75-70=5%. Nevertheless, the minimum-security charge will fail the test if the charge reaches 10% or
less during the test (i.e. the charge should be at all times above 10%).

The test result in the report will look like "10 m 1 s, 100% -> 91% (9/50)" (the test duration, the charge drop
during the test, the charge drop versus the preconfigured threshold).
Note that the battery discharge test puts the CPU under heavy load which drains the battery. Running it on a
poor battery can fail the erasure, which might corrupt the drive. Consider applying an external heat
dissipation in case of CPU overheating.

Note that laptops with more than one battery are identified as having one battery. Depending on the
motherboards battery manager, these batteries can be consumed serially or parallel. Hot-swapping
batteries is not supported by the software's battery testing.

9.3 BIOS logo

BIOS logo test is used to check if the BIOS logo of the computer matches the manufacturer's logo, or if it
has been customized (manual). The BIOS logo is only shown for UEFI machines. Apple devices, such as
MacBooks, will not show any images for the "BIOS logo".
Once run, the BIOS logo test will display the current BIOS logo for the machine, if one is available.

115
 Once the current BIOS logo has been confirmed, press ESC to end the test. Alternatively, you can either
use the shortcut keys or buttons to skip, fail or pass the test.

116
 9.4 CPU Basic
The CPU test checks the functionality of the processor by checking its calculation capabilities (automatic).
The result of the CPU test is either Successful or Failed.

9.5 CPU Stress

This test measures the CPU temperature and compares it to the set threshold. The test result is failed if the
temperature is higher than the threshold or successful if the temperature stays under the threshold value.
You can select between the Celsius and Fahrenheit by either toggling the switch or pressing CTRL+ M.
It is also possible to set a duration to the test, with 3 minutes being the default value.

9.6 Display
The Display Test has been designed to test the color reproduction and the condition of the display attached
to the machine (manual). The choice of the colors allows the user to easily identify any defective pixels (as
displays are based on the RGB color model).
The test itself consists of red, green, blue, black and white screens with the color currently being displayed
written in slowly flashing letters. After the colors, a grid of straight horizontal- and vertical-lines is shown.

117
 Press Space to continue to the next screen. Press Backspace to go to the previous screen. To exit the test
before the test’s end, press the Escape key.
All the test screens are shown below:

l Red-Green-Blue colors:

l Black-White colors:

l Horizontal-vertical lines grid:

118
 The test has ended; the user can add extra info on the text field and pass the test (Successful status) or fail
it (Failed status) by pressing "Pass" or "Fail" from the dialog window:

Pressing the "Skip" button will skip this test and leave the test's current status unchanged.

9.7 Keyboard
The keyboard test is used to test the functionality of the keyboard (manual).
The keyboard layout selected in the Settings is used on the keyboard displayed on the screen. There are
several layouts currently supported and you can change it from the test dropdown menu:

l US – United States (standard layout)

l FI – Finnish

119
 l DE – German
l BE – Belgian
l FR – French
l JP – Japanese

When pressing a key, the color of the corresponding key in the screen changes from red (default, key is not
pressed yet) to yellow (key is pressed) to green (key is released):

l If the color stays yellow, then the key is probably stuck.

l If the color stays red and there is no indication in the screen that a key is being pressed, then the key
may not be working.

You can change the keyboard layouts between "Full Size" and "Compact". Compact is a keyboard without
the numpad.
Testing non-standard extra keys:

l Some keys such as the Windows/Command keys, the Alt Gr key as well as some keys available in
Japanese keyboards are not properly mapped to their corresponding key in the screen. Due to this,
these non-standard keys remain red, although it does not mean that they are not working.
l On the other hand, when any key of the keyboard is pressed, the background of the keyboard image
displayed in the screen flashes from white to grey during the key press. This is presently the best
way to verify whether the non-standard extra keys are working or not.

Testing the Lock keys and the Function key:

l The Lock keys Scroll Lock, Caps Lock and Num Lock are enabled/disabled when pressed during
the test. Pressing these keys also tests the keyboard LEDs assigned to these buttons. Please make
sure that they are in a convenient position once the test has finished.
l The Function key Fn is also enabled/disabled when pressed during the test. This key does not
usually trigger the keyboard’s background flashing but its use may be needed to activate e.g. the
Num Lock button or to emulate a full-sized keyboard with numpad. Please make sure that it is in a
convenient position once the test has finished.

To exit and end the test, the Escape-key must be pressed twice.
Example of the Full size keyboard after buttons have been pressed:

120
 Here is another example with the Compact keyboard after buttons are being pressed:

121
 The test has ended; the user can add extra info on the text field and pass the test (Successful status) or fail
it (Failed status) by pressing "Pass" or "Fail" from the dialog window:

122
 Pressing the "Skip" button will skip this test and leave the test's current status unchanged.

9.8 Memory
The memory test checks the low and the extended memory of a computer (automatic). The tests are
operated with certain data patterns, each data pattern is first written to the memory and then read and
verified. The test time depends on the size of the memory and the speed of the processor. The result of the
test can be either Successful or Failed. The amount of passes the test makes, can be modified via CT 2.12
or newer.
Note. Blancco’s memory test is a fast test of the machine’s memory. If a long and thorough check of the
memory is required please use a specialized software, such as Memtest86+, memtester (ChromeBooks) or
configure the Memory Test to run a large number of passes (the maximum being 99).

9.9 Microphone
User can test the microphone function by recording and playing a 5-second sample by using the mic and
speakers (automatic). Audio level will be displayed as an amplitude meter for both input and output.
System Master Volume is set to 70% by default, but it can be adjusted by using the slider. Currently
microphone sensitivity cannot be adjusted.

123
 9.10 Motherboard
The motherboard test will automatically check the following (if available):

l The CMOS checksum.

l CMOS battery
l RTC.
l UEFI.
l DMI.

If any of the tests are successful, then the result will be Successful. Otherwise the result will be Failed.

The Motherboard test includes CMOS battery test. If a machine's BIOS clock is behind the compared time,
and the time difference is more than the threshold of 365 days, the test is marked as failed with an error
message "Internal clock is off, check CMOS battery". When the test fails, no other parts of the tests are
reported. Once the machine is synchronized to BMPOP/BMP time, it is required to perform a cold
reboot/shutdown in order to redo the CMOS battery test.

124
 9.11 Network
This test automatically detects network connection and provides with a Successful or Failed result
(automatic). You can configure in CT additional IP addresses for pinging. Different addresses are separated
by a space. The test will be successful if the target IP addresses are configured and they reply to a ping
command.
A new test will be created for each detected Ethernet interface (e.g. two Ethernet interfaces means two
independent tests).
The test is automatically successful if the interface has an IP address. There are some scenarios where the
test will be automatically skipped:

l If the interface looping is ongoing

l If the interface is turned off
l If the interface has no cable connected

If no IP address is found in interface or none of the configured ones are pingable (even when the interface is
turned on and a cable is connected), test will fail automatically.
You can see the progress and whether the test failed or passed in the process screen:

9.12 Optical devices

The optical device test is used to test the functionality of the optical drives (manual). The possible tests that
are implemented are reading test, writing test and blanking test. User can also predefine the default
tests to be run via the CT (only write, write+read, only read, write+read+blank, etc.).
All the optical devices connected to the computer are displayed as well as their capabilities. Assuming that
all optical device tests are selected (write+read+blank), the tests available will be based on the capabilities
of the tested optical drive.
Inserted optical disk:

125
 The user can insert a CD-RW, DVD-RW disc or a previously burnt disc containing the Blancco pattern. The
Blancco pattern disc is required to test optical devices without write-capabilities.

l If the inserted disc is –RW, then the software can perform the writing and reading tests as well as
blanking the –RW disc at the end of the test.
l If the inserted disc is –R only, it has to be burnt previously to contain the Blancco pattern. Only the
reading test can be selected, the other tests are not possible and will generate error popups.
l If the optical drive doesn’t have write-capability, then only the reading test can be performed with a
disc containing the Blancco pattern.

The CD or DVD images for Blancco pattern can be downloaded from the following locations:
https://blancco.hosted-by-files.com/products/drive_eraser/download/Test_media/Test_CD_for_HW_
Test.zip
https://blancco.hosted-by-files.com/products/drive_eraser/download/Test_media/Test_DVD_for_HW_
Test.zip
When starting the test, the initializing of the test may take, depending on the hardware, up to few minutes:

If the tests attempted on an optical drive are complete and OK, the test status will be Successful. If the
attempted tests are complete but errors have been found, the test status will be Failed.
Skipping completely the optical drive test or in case the test cannot be run (e.g. the optical drive tray is open,
the inserted disk is –R when attempting the writing test) will leave the test result as Not performed.

9.13 PC speaker
This test checks the integrated speaker. The system produces beeping sounds from the PC speaker after
the "Play sound" button or the space bar is pressed. Afterwards, the user is asked to confirm whether the
sounds were heard or not. User can end the test before it finishes by pressing the Escape key.

126
 Note: PC speaker should not be confused with speakers. PC speaker allows software and firmware to
provide feedback to user(s), mainly in the form of beeps. Unlike "normal" speakers, not every modern
device has an integrated PC speaker.
Below is an image of the test being run and the beeps being played:

Once the test is complete, the user can add extra info on the text field and pass the test (Successful status)
or fail it (Failed status) by pressing "Pass" or "Fail" from the dialog window.

9.14 Pointing devices / Touchpad

The Pointing Devices Test is used to test the pointing device connected to the machine (mouse, trackball,
touchpad or other device). This test is manual.
In this test, the user must click on the right, left and middle mouse buttons and click on the circled areas on
the right and left side of the screen. When pressing a button, the color of the corresponding button in the
screen is changed from red (default, button is not pressed yet) to yellow (button is pressed) to green (button
is released). To exit the test before the test’s end the Escape key must be pressed.
Note. On many laptops, the touchpad only has 2 buttons; in order to activate the middle button, both
buttons must be pressed at the same time.
Example of the test at the start, then after the left and middle mouse button have been activated and the
right circled area has been clicked:

127
 The test has ended; the user can add extra info on the text field and pass the test (Successful status) or fail
it (Failed status) by pressing "Pass" or "Fail" from the dialog window:

128
 Pressing the "Skip" button will skip this test and leave the test's current status unchanged.

9.15 SIM card presence

SIM card presence test checks if the machine has a SIM card connected to it (manual). This tests detect the
cellular modem connected to the device and if there is a SIM card connected to that modem. The modem is
listed in the report under the "cellular_modems" entry. The modem is detected either as a PCIe devices or
as a USB device depending on how it is connected to the machine.
BDE only supports SIM card presence check on modems which have Linux drivers. Modems with only
Windows drivers are not supported by this test.
Many laptops do not have any cellular modem. However, some of these laptops have a chassis that has a
standard physical slot for SIM cards, such slot is useless. BDE cannot detect if a SIM card is connected to
such useless slots.
When test button is pressed, the SIM card presence is checked. During the test, the SIM card's MCC and
MNC are displayed on the test screen.

129
 The test has ended; the user can add extra info on the text field and pass the test (Successful status) or fail
it (Failed status) by pressing "Pass" or "Fail" from the dialog window.
Pressing the "Skip" button will skip this test and leave the test's current status unchanged.
If a SIM card was detected on the machine, the MCC and MNC codes will be displayed on the test icon.

9.16 Speaker
The system produces sound samples from the speaker after "Play sound" button or Space is pressed. After
this the user is asked to confirm whether the sounds were heard or not. A headset connected with a 3.5mm
audio jack can also be tested with this test.
The audio will first play on the left channel, then on the right and lastly on both channels. An amplitude
meter displays the audio output level and the volume can be adjusted using the slider.
Note: speaker test is not the same as the PC speaker test.
User can end the test before it finishes by pressing the Escape key.
Example of the test being run:

130
 The test has ended; the user can add extra info on the text field and pass the test (Successful status) or fail
it (Failed status) by pressing "Pass" or "Fail" from the dialog window. Pressing the "Skip" button will skip this
test and leave the test's current status unchanged.

9.17 Touchscreen
This test checks the functionality of the device's touchscreen (manual). The screen will show red grids,
which will turn green when touched.
By touching the areas of the screen or painting with your finger, the user can decide whether the test is
passed or failed manually.

131
 If component is not detected or it is missing, a message is shown in the popup:

9.18 USB ports

The USB ports test is used to check the condition of these ports (manual). A USB storage device, preferably
a USB memory stick, must be inserted to the USB port to test it. The software provides three possible tests:
detection (mandatory test, the plugged USB stick is shown in the UI), read (optional test, the USB stick is
read and the read speed is shown in the UI), write (optional test, the USB stick is written and the write speed
is shown in the UI).

132
 Note that the USB port type is detected based on USB interface connection speed with the USB device
plugged in to the port (e.g. connecting a USB 2.0 stick to a USB 3.0 port will detect the device as USB 2.0).
The user should use an USB memory stick which supports the newest USB protocol. This way, the test will
correctly detect the port type in all test cases.
Once the test is started, all ports with appropriate USB memory stick connected to them are tested:

133
 Once all ports have been tested, press ESC to end the test. Once the test is over, the following dialog
window is opened:

The test has ended; the user can add extra info on the text field and pass the test (Successful status) or fail
it (Failed status) by pressing "Pass" or "Fail" from the dialog window:
Pressing the "Skip" button will skip this test and leave the test's current status unchanged.
Note: Continuous use of the same USB stick for USB port testing with write test enabled, may wear-out the
stick and result in failed tests. This is especially true for old models of USB flash devices, which lack wear
leveling technology.

9.19 Webcam
This test checks the detected webcam (manual).

134
 When the test starts, the webcam is used to take a snapshot and display it on the screen. Taking a few
snapshots (via pressing the Space bar) is sufficient to verify that the camera is functional. The test can be
exited by pressing the Escape-key.

The test has ended; the user can add extra info on the text field and pass the test by pressing "Pass" or
"Fail" from the dialog window:

135
 Pressing the "Skip" button will skip this test and leave the test's current status unchanged.

9.20 Wi-Fi adapters

The Wi-Fi test tests all detected Wi-Fi adapters (manual).

When test button is pressed, the Wi-Fi-testing is performed in background and no user actions are needed.
Wi-Fi doesn't have to be enabled in configuration beforehand. Test can also be performed on active
interface which is connected to BMPOP. An animated progress bar is displayed during testing.
If you want the test to automatically pass/fail the test, you will need to configure the Wi-Fi connection.

First the test will check if there is Wi-Fi software lock enabled and unlocks it. If Wi-Fi is locked with a
hardware lock, then test fails with error message. This is normally a physical slider on laptops, which cannot
be bypassed with software and requires user action. This also applies to external USB connected devices.
Note: some manufacturers require some extra firmware or special handling for them to work on network
level. In this case test will fail, even though there is nothing faulty in hardware. Drive Eraser cannot detect
this situation from software point of view and this is why some hardware fails.
The test tries to scan available Wi-Fi networks in listening mode, so it doesn't need any credentials to work.
Networks are not connected and there is no traffic going on to them. Basic test setup requires just single

136
 dummy Wi-Fi access point which broadcasts any SSID and is within range. Note that the test cannot make
separation to 2.4 GHz or 5 GHz networks. Those must match the hardware to be tested. All hardware
should support at least 2.4 GHz frequency (according to standard).

If no Wi-Fi configuration was made, the test will list all available networks and then passed or failed by the
user. HW tests page shows number of detected Wi-Fi networks by each adapter.
If SSID was configured, the test is passed automatically if the network is reachable and IP address was
obtained and it fails, if either of those conditions is not met.
Report shows test results for each Wi-Fi adapter in the "Wi-Fi Adapter" section. In case of failure, it shows
the reason in the comment field.

137
 10. Report Per Connected Device
The “Report per Connected Device” (RPD) functionality must be activated via CT. This functionality
provides a separate report for each connected device.
The RPD mode is meant for a situation where:

l There are loose drives to be erased e.g. drives that have been removed from their original computers
or drives removed from machines such as printers. Often such drives originate from different
environments or different owners and they require individual reports. Such drives can be connected
to an erasure station where the erasure process takes place.
l There are Chromebooks to process. Chromebooks can be connected to BDE via network cables and
a switch to be processed quickly and securely. The process includes erasure, hardware diagnostics,
custom fields and report per device. There is a chapter dedicated to Chromebook
processing: Processing Chromebooks with Drive Eraser.

The "loose drive erasure process" is somewhat different to the generic "laptop erasure step-based
process", as the focus is not anymore the host machine but the connected device being processed.
The RPD mode can be enabled if:

l Blancco Drive Eraser is used locally.

l Blancco Drive Eraser is used in the “Manual” process mode.

When the RPD mode is enabled:

l Only the Erasure- and Custom fields - steps are available.

l Hardware tests are disabled.
l The host hardware information is not included in the drive report.
l Only the drive information (model, serial, sectors, interface, average read/write speed, etc…)
is available under the "Hardware details" on the report.
l Logical drives are removed and physical drives become visible.
l Those drives can be erased/reported separately.
l The RPD mode is compatible with the Bootable Asset Report setting as well as with the Fingerprint
setting.
l There are 2 types of custom fields (CF):
l Common CF for all drives (updating them would update all drive reports) e.g. "Erasure
technician".
l CF available for each individual drive (updating one would only update the corresponding
drive report) e.g. "Drive ID".
l Note that default values for custom fields are purged when “Per Drive” option is used.
l Hot plugging drives is supported for SATA, SCSI, SAS, USB, NVMe and FC drives.
l Note that this option needs to be turned on in the CT.

138
 10.1 Erasure-step
The erasure step is otherwise similar to normal erasure, except there are two new actions with designated
buttons and keyboard shortcuts: Report and Edit Custom fields.

10.1.1 Report (Ctrl + Alt + R)

This action opens the reports for all selected drives. The action can be used by pressing Ctrl+ Alt + R or by
clicking the Report-icon.

Once activated, the reports for all selected drives are opened and they can be Saved (Ctrl+S) or Sent (Ctrl+
N).

Pressing Close (Esc) closes the window.

10.1.2 Custom fields - Per Drive (Ctrl + Alt + E)

This action opens the Per Drive custom fields for modification for all selected drives. The action can be used
by pressing Ctrl+ Alt + E or by clicking the Custom fields-icon.

Once activated, the Per Drive custom fields for all selected drives are opened and they can be Updated (Ctrl
+D). The amount of drives being updated and their IDs is shown in the dialog.

139
 In Workflow mode, the activation of a Per Drive custom field also highlights the corresponding drive being
updated:

Pressing Close (Esc) closes the window.

Note that this only modifies the Per Drive - Custom fields. To modify the generic custom fields, go to the
Custom fields step.

10.2 Report & Per Drive Custom fields Status-icons

There are also two icons for each drive: Report sending saving status and Custom fields not updated /
updated.

Report not sent/saved:

140
 Report successfully sent/saved:

Problem saving or sending the report:

Per drive custom fields not updated :

Per drive custom fields updated :

Per drive custom fields update failed:

10.3 Custom fields-step

In this step the generic (not Per Drive) custom fields are modified. For more information about this step, see
the Custom fields-step chapter.

10.4 Report Viewer

This feature allows user to select one or multiple report files, send them to BMPOP or export to a USB stick.
You can also view the reports by clicking in either HTML or PDF-format.
Note: This requires you to have BDE / BDV installed directly on your device.
The "Report viewer" tab is located next to the Custom fields tab (if not installed, it shows "Report").

141
 You can select multiple files by clicking the checkbox. The files are shown in chronological order with the
latest being first one. Next you can choose the following actions to the chosen files:
Export: Saves the selected reports to a USB stick. You can choose the location and format (PDF, XML,
CSV) before exporting.

Delete: Permanently deletes selected reports, a confirmation is required before deletion.

142
 Send: Sends the selected reports to BMPOP (only if BMPOP is configured). Sending will show a progress
bar and a success/failure notifications during the operation.

143
 11. Permanent Installation
Normally the Blancco Drive Eraser is a live installation, which is run directly from the machine's RAM loaded
from the boot device. Any changes made to this image won't be available on the next boot.
When a permanent installation is used, Blancco Drive Eraser is permanently installed on the drive of the
machine. This image can save the changes made and have them available on the next boot. Also, no
external boot media is no longer required.
If the "Installer" is selected from the boot menu, this will launch the installer for a permanent installation of
the Blancco Drive Eraser to one the disks of the current device. Once the booting has finished, the
Welcome screen of the installer is shown.

11.1 Prerequisites
l The installer can only be run from an USB stick created with the Blancco USB Creator.
l CT 3.5.1 or newer to configure the image file
l It is recommended to modify the image to "Report Per Connected Device" - mode and activate the
Hotplug-functionality.
l Blancco Drive Eraser 7.5.1 or newer.
l 10 GB or more of free disk space on the drive where installation is made on.
l Installation on external drives is not supported.
l Computer is on UEFI boot mode.

11.2 Installation Process

At any time during the installation, the language, keyboard layout and Exit buttons are visible on the bottom
of the screen.

Those can be used to:

l Language - Change current language.

l Keyboard layout - Change the current keyboard layout.
l Exit - Shutdown or restart the machine.

The installation process follows these steps:

1. When the installation starts the Welcome Screen is shown. Press "Next" to continue.
2. Choose a drive to where Blancco Drive Eraser is installed to. Once selected click on "Start a new
installation". This installation formats the drive.

144
 l Note that this drive won't be available nor visible for erasure on this specific installation.
l Drives with existing Blancco installations are marked with a symbol. An installation can be
added to those drives by clicking "Add to current installation".

3. A confirmation dialog appears before the installation is started. Click "Yes, install" to continue the
installation. Clicking "No, shutdown" cancels the installation process and shuts down the computer.
l The installation can take several minutes. Do not turn off the device while installation process
is ongoing.
4. Once the installation is done, the "Port mapping configuration" window is displayed. If you use a
Blancco Hardware Solution, select it from the list. If another hardware is used (desktop, laptop, etc.),
choose "Other".
5. Installation process is now finished. Click on "Shutdown" to shut down the machine or "Reboot" to
reboot it. The new installation will appear on the boot menu with name of the ISO's filename.

Notes:

l Once BDE is installed on a machine, it can be configured to send reports to a BMPOP or Blancco
Cloud account. All reports are consistently stored on the installation drive.

l When configuring the image, any image configuration can be made into an installable image.
l Before installing an image on a machine, Blancco recommends configuring it to the "Report
Per Connected Device" mode. This mode is suitable to produce individual reports for connected
drives and Chromebooks.
l When there are multiple installations on different drives, it is possible that those installations can in
some cases erase disks with installations in them.
l In most use cases, it is recommended to keep all the installations in one disk.

145
 12. Processing Chromebooks with Drive Eraser
12.1 Supported Chromebooks
Any Chromebook manufactured from 2015 onwards is supported, whether it is ARM-based or Intel-based.
Chromebooks manufactured before 2015 are not officially supported.
Note: Rooted Chromebooks are currently detected as normal Chromebooks.

12.2 Minimum requirements

The following environment is needed for processing Chromebooks:

l The latest BDECT binary to configure the Chromebook settings.

l The latest BDE image providing the latest Chromebook support.
l A normal Chromebook (manufactured from 2015 onwards, neither locked, nor enrolled)..
l A network (preferably with internet connection for possible Chromebook updates), including a
DHCP server for IP addresses and a network switch to connect several Chromebooks at once.
l A laptop or desktop running the BDE image (preferably without any internal drive)
l A BMPOP or a Blancco Cloud account for licenses and reports.
l Blancco Drive Eraser licenses (erasure).
l Optional: USB-to-Ethernet adapters to connect the Chromebooks to the network.

The Chromebook processing will happen partly in the BDE end, partly in the Chromebook end. The
operator will have to prepare the Chromebook and connect it to BDE. Processing one machine takes
approximately 10 minutes. The Chromebook must be connected to the network; the easiest way is via an
Ethernet cable, but a wireless connection can also be considered.

12.3 Prepare Blancco Drive Eraser

Before booting BDE on its dedicated laptop or desktop, the image must be configured. Once BDE is booted,
it can be kept running as an erasure station.
Configure the BDE image with BDECT:

1. Turn on the "Report per connected devices" mode.

2. You will need to configure both HTTP and HTTPS ports:
l HTTP: turn on the "Chromebook support".Take note of the port configured to connect to
Chromebooks (CB_Port). This can be found in the Configuration Tools under Process >
Connected Devices > Chromebook Support > HTTP Port (default is 80).
l HTTPS: this port has to be configured too.
3. Turn on the Chromebook diagnostics or hardware tests you want to run and set up the BMPOP
connection.
4. Boot the configured BDE on the laptop.

146
 5. Connect the laptop to the network and check the BDE IP address (a.k.a BDE_IP_address) visible at
the bottom left corner of the screen.

Typically, the Blancco Drive Eraser process goes as follows:

1. There is a new dropdown list that can be used to filter connected drives only, connected
Chromebooks only or a combination of both.
2. Any Chromebook that is connected to the Blancco Drive Eraser will be shown automatically on a
grey background. Select the device and press the "Erase" button:
o The background will turn white, the Chromebook serial numbers will be displayed in the user
interface and the progress of the factory reset will be shown (status can be either Successful
or Failed).
o Any custom field that is defined on the Blancco Drive Eraser image can be used on a
processed Chromebook, for example, to fill in the Asset ID of the device.
o Each processed Chromebook will generate an individual report that can be reviewed, saved
on a USB-stick or sent to the Blancco Management Portal On-Premise.
3. Once a Chromebook is processed, you can select it and remove it from the user interface by
pressing the “X” button (bottom right). This action will also shut down the Chromebook.

12.4 Preparing a Chromebook

Before processing a Chromebook, the device must be switched to Developer Mode. To save time, this
procedure can be done before the actual processing takes place (the Chromebook can be switched to
Developer Mode, then shut down, then rebooted right before it is processed). The official instructions to
achieve this are found in https://chromium.googlesource.com/chromiumos/docs/+/master/developer_
mode.md
Note: the transition to the Developer mode usually takes a few minutes, just wait.

12.4.1 Enable the Recovery and Developer Mode

12.4.1.1 Regular Chromebooks
For most Chromebooks (laptops), the recovery mode can be activated with:

1. Press Esc + Refresh + Power to enter the Recovery mode (Refresh is usually F3 in a standard
laptop), this will take you to a screen where you can enable the Developer mode.
2. Press Ctrl + D on your keyboard when asked to insert recovery media.
3. Press Enter when prompted.

147
 4. When the device reboots, a message is displayed on the screen stating the OS verification is off.
5. Press Ctrl + D to continue booting, or wait and the device will boot on its own.

Note: some Chromebooks may require a different key combination, for example: Esc + Maximize + Power.

12.4.1.2 Keyboardless Chromebooks

With keyboardless Chromebooks (tablets), an external keyboard is required to open the terminal and use it.

1. Press Power + Volume-Up + Volume-Down and hold for 10 seconds to enter the Recovery mode.
2. The next menus can be navigated with the Volume-Up and Volume-Down keys, menu items can be
selected with the Power button.
3. Press Volume-Up + Volume-Down simultaneously to enter the Developer mode, confirm your
choice.

12.5 Process a Chromebook

The process will happen mostly on the [Chromebook] end with some interaction in the [BDE] end:

1. [Chromebook] Once in the Developer mode, you will see a Chromebook Welcome Screen. Click on
"Get Started".
2. [Chromebook] The next screen will inform if you are connected to the network. Please connect to the
network if you have not yet. Then click "Next".
a. If you want to connect the Chromebook to the network via wireless connection, you can
configure it now.
3. [Chromebook] If there is internet connectivity, accept the "Google terms of service". Otherwise go to
step 5.
4. [Chromebook] If there is internet connectivity, the Chromebook will try to download the latest
updates: wait until the updates have completed.
5. [Chromebook] There should be at this point a button saying "Browse as Guest". Click it to open a
browser.
6. After the browser opens, enter the BDE_IP_address in the address bar (e.g. 192.168.50.110)
a. If your CB_port is NOT 80, enter it as well (e.g. 192.168.50.110:81).
7. [Chromebook] Finally, you will see a Blancco Welcome Screen (“Welcome to Blancco Chromebook
Diagnostics”):

148
 Follow the instructions on the screen:
i. Switch to a virtual terminal by pressing one of the combinations: Ctrl + Alt + F2 / Ctrl + Alt +
Right Arrow / Ctrl + Alt + Refresh
ii. Log in as "root" at "localhost login:"
iii. Type the following command: "curl 192.168.56.102/s/519 | bash” and press Enter.
iv. Return to the web view by pressing one of these combinations: Ctrl + Alt + F1 or Ctrl + Alt +
Left Arrow
The screen should now show a message “Connection established”: this means that BDE and the
Chromebook are paired and can communicate.
l The Chromebook shows its ID in the top right of the screen (e.g., CB-3).
l The Chromebook should also be visible in the BDE user interface.
8. [BDE] Select the Chromebook and erase it in BDE. The Chromebook ID is also visible in the BDE
interface (e.g., CB-3). Doing this will enable the diagnostics on the Chromebook browser. If no
Chromebook diagnostic has been configured in BDECT, you can jump to step 10.
9. [Chromebook] The Chromebook diagnostics are now available and runnable from the browser (more
details on the Chromebook diagnostics in the next chapter).
10. [Chromebook] Once the diagnostics are completed, you can review them before uploading the report
to BDE (press the button “Upload to Blancco Drive Eraser”).
11. [BDE] You can review the report and fill in any custom field at this point, then send the report to
BMPOP.
a. The Chromebook box visible in the interface also shows icons providing information on the
status of the diagnostics, the custom fields update and the report sending.
12. [Chromebook or BDE] The Chromebook is processed at this point and must be rebooted. The
Developer Mode will be turned off during the reboot. You can do this via the Chromebook interface
(press the button “Reboot now”) or via the BDE interface (press the “X” / “Dismiss” button).

149
 12.6 Chromebook Hardware tests
If the software has been configured to run hardware tests, then Chromebooks can run hardware tests on
memory, CPU, battery capacity and battery discharge.
The test icon shows the state of the hardware tests.

The icon's color describes it current state and mouse hovering over the icon will display a string with
information on the test state. The icon colors can be:
Color Hint Explanation
Hardware tests have not been started, run-
Gray Hardware tests not executed
ning or finished.
Hardware tests are currently running.
Yellow Hardware tests running Note that the icon is blinking when it is on
this state.
One or more of the hardware tests has
Red One or more hardware tests failed
failed.
Green Hardware tests successful All hardware tests were successful.

When erasing Chromebooks, you can choose from the following list of tests:
Test name Description
Checks the charge capacity and charge cycles of all the
batteries connected to the machine. The current charge
capacity is compared to the maximum charge capacity stated
Battery Capacity by the manufacturer.
Default threshold is 60% , anything below the threshold will fail
the test. Threshold value can be adjusted in CT.
The Battery discharge test tests the device’s battery discharge
rate. This test requires the power cord of the device to be
unplugged. The battery charge should be 50% or more to
Battery Discharge execute the test, This recommendation is to minimize the risks
of hanging the machine during the test.
The test cannot be started if the Chromebook battery charge is
under 20%
The CPU Basic test checks the functionality of the processor
CPU Basic by checking its calculation capabilities. The result of the CPU
test is either Successful or Failed.
The Display Test has been designed to test the color
reproduction and the condition of the display attached to the
Display machine. The choice of the colors allows the user to easily
identify any defective pixels (as displays are based on the RGB
color model).
The keyboard test is used to test the functionality of the
keyboard. The keys that are pressed are shown in the
dedicated text area. Note that some keys are not captured
(e.g., function keys). When pressing a key, it will turn:
Keyboard
green - the key is working
yellow - key might be stuck
red - key might not be working

150
 Test name Description
The memory test checks the low and the extended memory of
a computer. The tests are operated with certain data patterns,
each data pattern is first written to the memory and the read
Memory and verified. This test needs more time.
Duration depends on the size of the memory and the speed of
the processor. The test is either successful or failed.
The Touchpad is used to test the pointing device connected to
the machine.
In this test, the user must click on the mouse buttons and click
Touchpad on the circled areas on the right and left side of the screen.
When pressing a button, the color of the corresponding button
in the screen is changed from red (default, button is not
pressed yet) to yellow (button is pressed) to green (button is
released).
The webcam tests the detected webcam.
When the test starts, the webcam streams a video on the
Webcam screen.
Note: before the test starts a browser popup is shown, click
"Allow" to turn on the webcam.

12.7 Process outcome

A successfully processed Chromebook will have:

l All their user data erased (factory reset).

l A Blancco report proving that the erasure has taken place, including hardware and diagnostic
information from the Chromebook.
l Upon rebooting the Chromebook back to user mode (not in the developer mode), the original
operating system (ChromeOS) will be reusable (no need to re-image the Chromebook).

12.8 Troubleshooting
12.8.1 Required files not found
If the following messages are displayed:
Some of the required files were not found
Please reboot and wait longer for the ChromeOS welcome screen to appear before
switching to the terminal
If the problem persists, please create an issue report from Blancco Drive
Eraser and contact Blancco Support

Then the device did not have enough time to initialize all components and drivers in the welcome screen,
before the terminal was opened.
Reboot the device and wait until the Welcome Screen (after the Google-logo) is fully displayed. After the
Welcome Screen is done loading, the terminal be safely opened. If the issue still persists, wait in the
Welcome Screen for a longer time. On some machines (e.g. Lenovo ThinkPad 13 Chromebook), the
problem is on the installed Chrome OS (e.g. Chrome OS 94) and the fix consists in updating the OS version
via the OTA update.

151
 If the last line of the message above is not displayed, then there are issues in the communication between
Blancco Drive Eraser and the device.

12.8.2 Device stays in Developer-mode after erasure

There are some report exceptions ("Some internal attributes (GBB flags) have abnormal values.",
"Firmware write protection via hardware is disabled.", "Firmware write protection via software is disabled or
its range is zero.") that might indicate that the Chromebook is stuck in Developer Mode and it cannot be
turned off. The device may have some sort of protection (software or hardware e.g. write protection, write
protect screw, etc.) which prevents disabling that mode. Please refer to the Chromebook user
documentation.

12.8.3 Limitations of HPE SR932i-p Gen 11 Tri-Mode controller

Compared to a direct PCI-e connection, the HPE SR932i-p controller has some limitations:

l Bay numbering is not supported. Appears in yellow color in the BDE UI.
l Multiple namespaces are not detected for NVMe drives. Only the first namespace is visible in the UI.
l Self-tests for NVMe drives are not supported .

152
 13. Workflow Process
When the software is configured to run the Workflow-process, it will follow the actions set in the workflow
created in the Workflow Editor (available in Blancco Cloud and BMPOP 6.0.0 or newer).
This feature has a separate licensing from normal Drive Eraser software licensing. Contact your Blancco
representative for more information.
Starting from 7.1 and BMPOP 5.11, the workflows can also be triggered to start from theBMPOP. To trigger
a workflow from the BMPOP, use the Process Management - "Start Workflow" action.

13.1 Requirements
l Network connection and an BMPOP-installation (or a Blancco Cloud account and an internet
connection) for managing and storing workflows.
l The image must be configured with CT with the following settings:
l Security / Erasure Process – Workflow
l Default workflow – Workflow set as default by the user will be used. Active by default.
l Workflow name - If “Default workflow” is disabled, then the workflow’s name
must be typed here.
l If BMPOP settings are not set in the “Communication” tab, then those settings must be
manually entered when the client software has booted.
l When BMPOP-connection is successful, workflow fetching is retried in 30 second
intervals.
l See CT documentation for more information about the CT-settings.

13.2 Create/Edit Workflow

To create a new workflow:

1. Access Blancco Management Portal On-Premise (BMPOP) /Blancco Management Portal (BMP).
2. Go to Process Management – Dynamic Workflows – Drive Eraser workflows
1. This button will be visible if the Workflow Editor has been enabled in your BMPOP or Cloud
account.
3. Click on “Create” to open the Workflow Editor. Note that workflow requires a name before it can be
saved. Note that this name cannot be edited later.
1. To edit an existing workflow:
1. Choose a workflow.
2. Click “Manage workflow”.
3. Click “Edit”. This will open the selected workflow in the Workflow Editor.
4. If you want to set a workflow as the default workflow, click on “Manage Workflow” and select “Set as
default”. Note that only the owner of the workflow can do this action.

153
 13.3 Workflow Editor
In general, the workflow editors have the major elements for editing and creating workflows:

l List of actions on the left side of the editor.

l The middle contains the work area.
l The right contains Properties-panel for the workflow or the selected action.

The work area can be zoomed (50% - 150%) with:

l Ctrl + mouse scroll

Work area can be panned with:

l Dragging the work area with the left mouse button.

l Pan up/down with mouse scrolling.
l Pan left/right with Shift + mouse scrolling.

To change the size of the work area:

l
- Click to reduce/increase the size of the properties area.

Also, the top right contains the Workflow Editor version selector. It displays all Workflow Editor versions.
The workflow version selection requires an access to internet. If there is no access, only the bundled
workflow editor will be available.
To change to a different Workflow Editor version, select it from the list:

Note that the version selected should match the client image version used to run the workflow. The
workflow editor version, which was used to edit the workflow, is stored to the workflow file itself. Next time
the workflow is edited BMPOP attempts to use that editor version. If not it will fall back to the most suitable
editor.
Actions are added to the workflow by dragging and dropping them to the work area by using mouse. These
actions can be removed from the work area, by selecting them and pressing “Delete/Del”. To connect
actions, click on the output of the action and connect it to another action’s input.
Some of the actions have two outputs: positive (upper right corner and green) and negative (lower right
corner and red). On the action “Erasure”, the positive output (green) would be selected if erasure were
successful. The negative output (red) would be chosen if the erasure failed.

In the Workflow level there is a check box named "Report in the XML". When it is turned on, BDE will add all
workflow's actions information to the XML report."Report in the XML" is enabled by default, but if "Report in
the XML" is turned off in a main workflow, BDE will set this setting off for all the sub-workflows.

154
 To change the action’s name, select it and click on the edit-symbol next to the action’s name on the upper
right corner (this has no effect on the action’s symbol):
On the bottom of the window, Save saves all changes and exits the editor. Cancel undoes all changes and
exits the editor.

13.4 List of Available Activities

The following actions are available (note that all actions can be renamed through their properties):
Note:Some workflow activities are available in the new workflow editor only, which is accessible from the
Blancco Management Portal (BMP).
Activity Explanation
The workflow execution starts from this action. It starts when an erasable device is
Connected detected.
Only available in Drive-level mode.
The workflow execution starts from this action. It starts when the system is booted.
Booted
Only available in Computer-level mode.
Start erasure of the drive. Erasure is started with the default erasure settings. There are
two dropdown menus:
Erasure standard dropdown menu is for the type of erasure you want to use. Options
are
l Full standard name (Any erasure standard from the list)

l Default – Pre-configured in the BDE image

l Use variable– With this option, it is possible to pass a standard via a variable,
for example <VARIABLE standard>, or type the full name of the standard to use
in the input field.
Overwriting pattern type Select in what way the erasure overwrites data (zeroes or
aperiodic random patterns). Works only when "NIST 800-88 Clear" is selected.
l Selecting "Static pattern" allows you to also change the Byte value

l This feature can also be changed in the CT.

l NIST 800-88 Clear allows 1-4 bytes instead of just 1 (e.g. 0xAABBCCDD). Also
available on CT.
Erase
Verification percentage Configure verification percentage either by a ready-made
value or use a variable. You can set a fixed value in the input edit box (e.g. if you want to
use minimal verification 0%)
Write pattern after erasure With this option, it is possible to select a different kind of
overwriting round that happens after the main erasure, so that the drive is easier to
verify. Changeable options are "Overwriting pattern type" and "Pattern".
Use WRITE SAME commandThis option allows faster erasure speed for steps with
periodic patterns (only applies to SCSI and SAS drives). Enabled by default.
Configure firmware-based commandsWith this option, it is possible to configure
which firmware commands are allowed. By default, all of them are enabled. Click the
arrow next to the setting name to show all options.
Note:
o “Enforce Blancco SSD method on SSDs” and “Enable fallback from NIST Purge
to NIST Clear” options are not applicable for Erase workflow action. Erasure
standard fallback and enforcement logic must be implemented by means of
workflow itself.
o If the standard or verification percentage is incorrect, the default (pre-

155
 Activity Explanation
configured in ISO) standard/ percentage value will be used instead.
If there were problems with the erasure, such as not having enough licenses or erasure
standard is invalid, the reason of failure will be stored in a variable <LAST_
OPERATION_START_ERROR>. This variable is also available in some other actions
(Set value, Message, Question, ServerMessage).
Only available in DriveEraser.
Used for retrieving status of whether a machine is enrolled to Microsoft Autopilot /
Intune. Requires WAD client to be run on the machine. A timestamp is added to the
report.
Autopilot status can be rechecked after a set number of days by enabling "Recheck
Autopilot Check status if older than" option. An immediate recheck can be applied by putting 0 as the
number of days (has a 2h moratorium).
l Success path: Not enrolled

l Failure path: Machine is either enrolled or there was an error during the
detection.
Start verification of the drive. Verification is started with the default verification settings.
User can select the verification standard from the "Verification standard" dropdown
menu. Enter a byte value between 0x00 and 0xFF, this will also depend on the chosen
standard.
Verify The whole workflow is interrupted if:
l Not enough licenses

l Verification cannot be started (other reason)

Only available in DriveVerifier.

This action pauses the workflow until the device battery has reached a specified charge
level, and then continues the workflow. The workflow continues as follows:

Charge Battery l Success path: Battery reached the set charge or if no battery was found

l Failure path: Charging is too slow or no progress has been made in the
specified amount of minutes
Run self-tests on drive. These tests assess the drive's state.
l Short – Tests for performance, takes under two minutes

l Extended – Longer and more thorough test. It can take hours, depending on
Self-test drive capacity and speed
l Conveyance – Quick test to identify damage incurred during transporting of the
device, takes several minutes
l Variable – Set the type using a variable or by typing it in the input field
Run diagnostic hardware tests. Tests, which require user interaction, can be selected in
the action’s settings. See the ”Hardware tests” chapter for more information.
After a single test has finished, the result dialogue is shown for the operator to confirm if
the test was successful or not. Options are YES, NO and SKIP. “YES” will mark the test
as "Successful", whereas “NO” will mark it as "Failed". "SKIP" will mark the test as "Not
available", and if hardware is not available otherwise, it is marked as "Not performed".
Diagnose
Only available if the workflow is in “Computer-level” mode and the hardware tests have
been enabled in CT.
l Default action if component is missing or not detected = If a component is not
detected or it is missing while testing, select which action should be performed.
Selecting skip will report the status as "Not available". Options are:
o Skip

156
 Activity Explanation
o Pass

o Fail

All tests can be selected by ticking the "Select all" box above the test names.
This is used to collect results of subworkflows started by "Subworkflow" action, which
has the "Continue to the next action before completion" option turned on.
Collect-action waits for all subworkflows with the given subworkflow name to finish. It
then proceeds through success-exit (green) if all subworkflows have finished
successfully. If at least one subworkflow has failed, the failure-exit (red) is chosen.
Collect
If one of the subworkflows was interrupted, then the main workflow is also interrupted in
Collect action with "Interrupted by subworkflow" reason.
If no subworkflows with the given name were started before the Collect action, then it
completes immediately and workflow proceeds to the next action via the succes-exit
(green).
Create or update a custom field for the processed device and ask the operator to set its
value.
If a custom field is predefined in the BDE image, this custom field is kept unchanged in
the report if there is no user interaction with it. But if the "Create Custom Field" action
creates one with an identical title, then the Workflow custom field overrides the
predefined one.
The following fields are available:
l Custom field name – Name of the action. This will show up in the popup, and it
is customizable via WFE.
l Title – Title of the custom field. This is used to identify the custom field in the
report. Custom field title cannot be empty. If it is, then the workflow will fail and
"The custom field has an empty title" error will be shown to the operator.
l Custom field type – The type of the custom field. The following types are
available in the dropdown menu:
l Text field

l Dropdown list

Create Custom l Multidropdown list.

Field
l Default value – Default value of the field. Only available if “Text field” is selected
as Custom Field Type.
l Options – A comma separated list of choice options for the dropdown list. Only
available if “Dropdown list” or “Multidropdown list” is selected as the Custom
Field Type.
l Regular expression – Regular expression used in the field. Only available if
“Text field” is selected as Custom Field Type.
l Regular expression hint – Hint for the user in the regular expression above.

l Required – If selected, empty answers are not accepted.

l Show in custom field editor – Shows the custom field in the Custom Field Editor
window. This editor can be used to view or update several custom fields at once
before continuing the workflow.
l Use the default value – If selected, the value from “default value” will be
assigned to the custom field and the workflow will continue without asking
operator for the new value.
For more information about the custom fields, see the chapter “Custom fields” and the
Drive Eraser Configuration Tool manual.

157
 Activity Explanation
This action prompts a Custom Fields Editor dialog in the client interface. A Custom
Fields Editor can be used to view or update several custom fields at once before
continuing the workflow.
Options for columns:
Custom Field
Editor l Fill in the remaining horizontal space – Shows as many columns as there is
space available horizontally.
l Set fixed number of columns – Choose how many columns should be shown.

"Fill the remaining horizontal space" is selected by default.

Creates a new erasure option with customized overwriting pattern and erasure type that
can be used in the Erase action. This activity has only one path.
Options:
l Name – Name of the activity, default is Create Custom Erasure

l Erasure Name – Name for this particular erasure, which will be shown in the UI
selection as well. Giving some name is required.
Create Custom l Add step – Here you select the type, byte value and the overwriting pattern
Erasure type. More steps can be added with the (+) symbol.
l Set custom erasure name to – Assign a name of the created standard to the
variable. This will be used in the "Use variable" section in the Erase activity.
Note: Custom erasure is available only through workflow, but is re-usable from the UI's
"In-process" settings during the session. Custom workflows are presented on the bottom
of the list under "Custom defined standards".
Only available in DriveEraser.
Fetches a workflow with the name given in the “Subworkflow name” field and runs it.
l If "Continue to the next action before completion" option is enabled, then the
current workflow proceeds through success-exit as soon as the subworkflow
starts execution. This means that after the Subworkflow action starts, both
parent and subworkflow will run simultaneously. To get the result of the
subworkflow execution, Collect action must be used after a Subworkflow action.
l If "Continue to the next action before completion" option is turned off, then the
current workflow continues only after the subworkflow has finished execution.
Subworkflow Note that:
l If subworkflow doesn't exist or cannot be fetched, the parent workflow validation
fails.
l Starting the same workflow as a subworkflow is not permitted.

l If drive-level subworkflow is started from a computer-level workflow and drive-

level subworkflow fails for any of the drives, then the overall result of the
subworkflow action is “failure”.
l If subworkflow is interrupted, then the parent workflow is also interrupted.
Displays a dialog window to fill in a PSID to unlock TCG locked drives (Opal and
Enterprise), the dialog is the same one as when a PSID is entered manually via the user
interface.
Note that:

Enter PSID l This action must be followed by an "Erase" action that executes the PSID
Revert command.
Action is valid only for drive-level workflows. Computer-level workflow passes
through green immediately.
l Supports secure variable values . These can be assigned with "Set Value"

158
 Activity Explanation
workflow action.
l If a drive is not TCG Storage compliant, it will pass through green immediately.

l If "Reset drive to factory defaults if non-default TCG password is set" or "Reset

drive to factory defaults if drive is in TCG locked state" is checked, it will pass
through green immediately.
l If "Get PSID value from the variable" input box is filled then PSID value is
fetched from the provided variable and "Enter PSID" dialog is not shown on UI.
l When clicking "Cancel", variable does not contain PSID or if the PSID is invalid,
action will pass through the red.
Send a new report or update the existing one.
If Erase-action was executed before this action, then an erasure report is sent.
If Erase-action was not executed before this action, then an asset report is sent.
Send Report When “Send report:” is selected, the report is sent to the BMPOP/ BMP. This option is
forced on and cannot be modified.
The whole workflow is interrupted on the following cases:
l Missing license.
Save Report This action creates a new report and saves it to a selected destination.
Send an issue report, which contains additional system information and logs used to
understand and reproduce the problem. The report is sent to the BMPOP/ BMP.
If "Problem description" field is left empty or "Customized comment" is not turned on,
Send Issue BDE will insert an automatically generated comment.
Report
When turned on, the "Customized comment" action automatically sends an issue report
to the BMPOP. By default, the issue report comment is auto-generated, but it can be
replaced by a customized comment: turn on the "Customized comment" option and add
a comment in the "Problem description" field.
Issue report will be saved to all available USB sticks.
l When "per drive" mode is enabled, an issue report will be created for each
drive.
l Screenshots are added to issue reports if available.
Save Issue
Report The options you can edit inside the activity:
l Destination: USB (more available in later releases)

l Problem description: When "Customized comment" is enabled, user can add

customized comments. This field supports variables, e.g. <VARIABLE
SomeVar>
Assign a new value to a variable. Currently the following variables are supported:
l <ENTITYINFO FieldName> – Used to create or update a value attached to an
entity (computer or drive). The Entityinfo value is displayed in UI and in the
report. In the UI, an Entityinfo defined in a Computer-level workflow is located
between the "Process: workflow" label and the Process tabs, while an Entityinfo
defined in a Drive-level workflow is located under each drive. Replace X with a
proper name.
Set Variable (Set
Value) l <DEVICECUSTOMFIELD FieldTitle> – Used to create or update a custom field.
If field with the given title doesn't exist, then a new custom field is created with
“Text field” type.
l <VARIABLE VarName> – Change the value of variable VarName. Note that
variables starting with "G_" are accessible from any workflow, others from
current one only.
l <ERASURE_PROGRESS> – Progress status shown between 0 and 100%.

159
 Activity Explanation
Value is "invalid" when erasure has not yet been started.
l <ERASURE_TIMELEFT> – Value between 0 and <int64_max> (seconds).
Value is "invalid" when erasure has not yet been started.
l <SECUREVARIABLE VarName> Value of variable VarName will be encrypted
after saving the workflow.
o When value is saved in workflow editor, the values are encrypted so
when they are opened again, the secure variable value is replaced with
"<encrypted data"> text.
o Can be used with "Server message" and "Enter PSID" actions. If
used elsewhere, it will give an invalid value (such as an empty
message box in Message action).
l <LAST_OPERATION_START_ERROR> – Provides with a reason why an
operation could not be started, e.g., "NOT_ENOUGH_LICENSES".
The whole workflow is interrupted on the following cases:
l "Action is called on an invalid target" - Drive with the given ID is unavailable.

l “Failed evaluating expression" – The action’s statement contains syntax errors.

This action can be used to create a sound from the device once the erasure progress
has been completed.
l Sound sample: Information, warning and error options

Play Sound l Duration: Time in seconds, default is 5 seconds.

The sound sample will play repeated until the time duration is met.
Note: If the device does not have sound drivers or the sound device is not configured
properly, no sound will come out.
This workflow action helps identify a particular drive, especially when it's deployed in a
dense environment with other equipment. By selecting "Turn on", the drive will be able to
blink a visible light for locating purposes.
There are some differences between a per-drive and asset level workflows:
Locate l Per -drive workflow: When enabled, triggers drive blinking

l Asset level workflow: When enabled, turns on/off UID LED through IPMI

Drive blinking can also be disabled from the Locate button in the BDE UI, but the main
usage is done via IBR workflows.
IPMI data can be cleared with this action. It removes all customer created accounts,
network configurations, IPMI event log records etc. This action is mainly used in cases
when user credentials are not required to perform "BMPOP factory reset".
It is applied only to computer-level workflows, and it has two paths "Successful" and
IPMI factory reset
"Failed". If the machine does not have a management controller, it proceeds with "If
success" path.
Following vendors are supported: Dell (iDRAC), HPE (iLO), Supermicro BMPOP and
Quanta BMPOP.
A conditional statement (IF) can be created using this action. The supplied expression is
evaluated, and the result is converted to Boolean. If the result is true, the action result is
successful, if not then the result is a fail.
For a list of operators that can be used, see chapter “Supported Condition Expressions”.
Condition
“The currently available variables are:
l <DRIVEATTRIBUTES REMAPPED_SECTOR_COUNT> – Number of
remapped sectors on the drive. Valid only in drive-level workflows. If used in
computer-level workflow or the attribute is not supported by the drive, then the

160
 Activity Explanation
result type is Invalid.
l <DEVICECUSTOMFIELD FIELD_TITLE> – Name of the custom field value

l <DRIVEATTRIBUTES UNCORRECTABLE_SECTOR_COUNT> – Number of

uncorrectable/bad sectors on the drive. Valid only in drive-level workflows. If
used in computer-level workflow or the attribute is not supported by the drive,
then the result type is Invalid.
l <DRIVEATTRIBUTES IS_SSD> – checks if current drive is an SSD. Valid only
in drive-level workflow.
l <DRIVEATTRIBUTES IS_NVME> – checks if current drive is an NVMe. Valid
only in drive-level workflow.
l <REPORTPATH XMLPATH> – Use a node in the report for comparisons or
other actions.
l This would check if the battery capacity is less than 80:
lessThan(<REPORTPATH blancco_data.blancco_hardware_
report.hardware_tests.battery_capacity.capacity>, 80)
l For information, see the chapter “Examples of Using
“REPORTPATH” Attribute”.
l <DEVICECUSTOMFIELD Field Title> – Get value of custom field with the given
title. For custom fields of “Mutlidropdown list” type the value is represented as a
comma separated list of selected options.
l <ENTITYINFO Name> – Get value of ENTITYINFO with the given name.

l <MODEL> – Get current drive's model in Drive-level workflow and Computer

model in Computer-level workflow.
l <MANUFACTURER> – Get current drive's vendor in Drive-level workflow and
Computer vendor in Computer-level workflow.
l <LAST_OPERATION_START_ERROR> – In case the operation could not be
started, provides with an error notification why it failed, e.g.,"NOT_ENOUGH_
LICENSES".
l <ERASURE_PROGRESS> – The current progress percentage of the erasure.
Has value range 0 - 100 (%). Value is 100 when erasure is completed.
l <ERASURE_TIME_LEFT> – The current estimation of the erasure time left.
Has value range 0 - <int64_max> (secs). Value is 0 when erasure is completed.
The whole workflow is interrupted on the following cases:
l If an expression cannot be evaluated.
l An incorrect XML path will exit the action through Fail-exit.

l "Action is called on an invalid target" - Drive with the given ID is unavailable.

l "Failed evaluating expression" - The conditional statement contains errors in

the REPORTPATH filters.
l For example, incorrect expression inside brackets [] or incorrect use of
the brackets (bracket pair missing).
When “Condition” action is used in computer-level workflows:
The drive-level variables the (DRIVEATTRIBUTES) always return 'failure' and action
goes to the 'Fail' exit from the workflow:
l DRIVEATTRIBUTES REMAPPED_SECTOR_COUNT

l REPORTPATH with drive-level path fetches a value for the first found drive,
and Condition item returns its status.

161
 Activity Explanation
Finalize the process. If this has not been set and the workflow is run, the whole workflow
is interrupted.
If “Show fail” is selected the device will display that the process has failed.
If “Restart” is selected, the system is restarted after the workflow has been completed.
Finalize Only available in Computer-level mode.
If “shutdown” is selected, the system is shut down after the workflow has been
completed. Only available in Computer-level mode.
The "Shutdown" option in a Finalize activity takes a precedence over the "Restart"
option. If both options are set, then a computer will be shutdown.
Ask the operator to answer a pre-defined question with Yes/No. A popup with the
question is shown to the operator. Workflow execution continues by either Success or
Failure path depending on the answer: Yes - Success, No - Fail
The question message is customizable. This action supports customizing title, bold and
Question italics and a possibility to change background color. To change the background color,
enable "Customize background color" checkbox and select the desired color.
Note that the question string can also include variables that can be added from the text
editor's (x) icon. These variables would display their value on the question.
String length cannot exceed 1024 characters.
Displays an informative dialog for BDE graphical user interface. The message has an
OK-button to close the message box dialog. After clicking OK in message box, or waiting
timeout seconds, and after the message box closes, workflow continues.
The message shown is customizable. This action supports customizing title, bold and
italics and a possibility to change background color. To change the background color,
Message enable "Customize background color" checkbox and select the desired color.
Note that the Message string can also include variables. These variables would display
their value on the message.

String length cannot exceed 1024 characters.

While the "Sleep" action is active, worflow will be in sleep state.
Sleep "sleepDuration" is the amount of milliseconds. "sleepDuration" allowed range is 0 -
2000000000 ms.
Sends HTTP GET, POST , PUT, PATCH or DELETE requests to the specified URL,
parses JSON reply and stores values from reply to the specified variables.
l GET: Retrieves / requests data (they don't include data)

l POST: Sends data to the server

l PUT: Replaces all current representations of the target resource with the
request payload
l PATCH: Apply partial modifications to a resource

Server Message l DELETE: Deletes a specified resource

"URL"
l Maximum length is 2048 characters.

l Can contain variables enclosed in <>, which are substituted to actual values
before sending the request.
l Allowed protocols: HTTP and HTTPS. If HTTPS is used then server certificate
validation is not performed.
"Extra HTTP headers" - extra headers to include to the request.

162
 Activity Explanation
l Several HTTP headers are separated with new lines. Maximum length is 2048

characters.
l Can contain tags enclosed in <>, which are substituted to actual values before
sending the request.
l "Content-type" and "Content-length" header values are always replaced with
actual values for POST method.
l Supports secure variables (see "Set Value").

"Content type"
l Ability to change content type between application/json and application/x-
www-form-urlencoded
l Certain expressions are not allowed, such as "field=value&".

"Store HTTP return code to"

l Must be either empty or contain one of assignable variable tags (<VARIABLE
VariableName>, <ENTITYINFO InfoName>, <DEVICECUSTOMFIELD
FieldName>). If contains a tag and HTTP response code is received from the
server, then the code is stored to the variable.
l "JSON to send as POST payload"

l Not used when GET method is chosen.

l "JSON to send as POST payload" also supports secure variables.

l Can contain tags in JSON element values (not keys) enclosed in <> that will be
replaced with actual values, e.g.
{"event":"connected","interface":"<REPORTPATH blancco_data.blancco_
hardware_report.disks.disk.interface_type>"}
"JSON reply from server"
l JSON values must be either empty or must contain assignable tags:
<VARIABLE VariableName>, <ENTITYINFO InfoName>,
<DEVICECUSTOMFIELD FieldName>
l If server reply has valid JSON payload and JSON structure in reply match with
the structure in this field, then variables get values assigned from reply.
Item result:
l If HTTP response code was received from the server then Action exits through
OK(green) point. The code can be any, e.g 404 or 500 is fine too. It is up to the
user to check the status code value and do further actions based on it.
l If HTTP status code was not received for any reason, e.g. connection refused,
timeout or whatever, then Action exits through Failure(red) point.
Workflow is interrupted in the following cases:
l If URL is not valid after variable value substitution

l Extra headers value is incorrect after variable value substitution

l Variable cannot be assigned

163
 13.4.1 Server Message Examples

Valid reply template example:

{
"erasureStandard": "<VARIABLE standardId>",
"machineGrade": "<DEVICECUSTOMFIELD machineGrade>",
"someSubObject": {
"someArray": ["", "<ENTITYINFO someArrayElemTwo>", ""] <= we are
interested in value of the second element of the array
}
}

Corresponding reply:

{
"erasureStandard": "nist-purge",
"machineGrade": 5,
"someSubObject": {
"someIgnoredValue": true,
"someArray": [12.34, 34.56, 56.78]
}
}

Invalid reply template example:

{
"<MANUFACTURER>": "<VARIABLE someVariable>", <= Keys must be con-
stant
"manufacturer": "<REPORTPATH some.report.path>", <= REPORTPATH cannot
be assigned
"assetTag": "<VARIABLE someVariable> <DEVICECUSTOMFIELD assetTag>", <=
Only one variable can be specified
"serialNumber": 10203040 <= "10203040" does not specify an
assignable variable. If a value needs to be checked, first assign it to a variable
and then check in Condition action
"someSubObject": {
"someArray": ["One", "<ENTITYINFO someArrayElemTwo>", "Three"] <=
"One" and "Three" do not specify an assignable variable.
}
}

13.4.2 Variables
A variable, in format <VARIABLE name> , is used to store intermediate values, which do not go to report.
Variables with "G_" prefix have global storage, which are accessible from any workflow during a BDE
session. Variables are currently supported in SetValue, Condition, Message and Question actions.
Variables can be highlighted in the Message or Question dialogs in bold font (if enclosed in double
asterisks like **this**) and/or in italic (if enclosed in single asterisks like *this*) .
Following value types can be stored:

164
 l String
l Integer
l Boolean
l JSON

Floating point values are not supported at the moment, and are stored as Strings, i.e. no arithmetic
operations on floats.
Variables are coupled with the target device the workflow is running on. For drive-level workflows it is the
target drive. For computer-level workflows, it is the Host entity. Subsequently, all drive-level workflows
running on the same drive use the same variables context, e.g. main drive-level workflow and drive-level
subworkflow. Same for computer-level workflows: all computer-level workflows can access other computer-
level workflows' variables.

This returns different value for every disk_

<VARIABLE Capacity> = <REPORTPATH blancco_data.blancco_hardware_report.disks.disk.-

capacity> + 100

If drive-level workflow needs access to a computer-level (global) variable, then the variable name must be
prefixed with the "G_" prefix. For computer-level workflows"G_" prefix is ignored.
Accessing computer-level variables from drive-level workflow is not possible.
Other notes:

l The Message- and Question-actions support the Markdown syntax

(https://www.markdownguide.org/basic-syntax/).
l This applies to e.g. bold syntax (**like this**), italic syntax (*like this*).
l A syntax like "8. Continue" will be understood as being an ordered list and rendered as "1.
Continue". A workaround for this is to use the syntax "8\. Continue" (escape the dot) to render
it as "8. Continue".
l It's possible use variables on both sides of expressions.
l For Integer variables arithmetic operations: +,-,*,/ works fine.
l Operations can not be used in questions.
l For String variables functions like concat(X, Y) can be used.
l Variables are case-sensitive.
l Global variables work correctly for the case when main workflow is computer-level and subworkflow
is drive-level.
l It's not mandatory to use G_ prefix in a main computer-level workflow, but it needs to use in
subworkflows to have access to computer-level variables.

<VARIABLE Capacity> = <REPORTPATH blancco_data.blancco_hardware_report.disks.disk.capacity> +

100

165
 13.4.3 Supported Condition Expressions
Action Example Explanation
Boolean operator. Non-boolean
AND true AND false operands are converted to
Boolean.
Boolean operator. Non-boolean
OR true OR false operands are converted to
Boolean.
Equality. If operands are of
different type, then conversion to
10 == 10
String type is done. String
== ‘False’ == false comparison is case insensitive for
Latin characters. If one of
‘10’ == 10
operands is invalid, then the
result is always false
true != false Not equals. Same rules apply as
!=
‘’ != 10 for equality operator.
Comparison function. If operand
(s) is not an integer, then attempt
lessThan(10, 20) = true is made to convert both operands
lessThan('441', 445) = true to Integer type. If conversion fails,
Boolean lessThan(Int, Int) then both operands are
lessThan(false, 200) = true converted to Strings and string
lessThan('AB', 'AA') = false comparison is done. If operand(s)
is invalid, then the result is always
false.
moreThan(20, 10) = true
Comparison function Same rules
Boolean moreThan(Int, Int) moreThan(0, 0) = false
apply as for lessThan function.
moreThan('A', 'AA') = false
Returns the smallest value of two
operands. Accepts only integer
Int min(Int, Int) min(10, 20) = 10
arguments, no conversion from
other types!
Returns the biggest value of two
operands. Accepts only integer
Int max(Int, Int) max(10, 20) = 20
arguments, no conversion from
other types!
Returns the length of the input
string. Accepts only string
Int length(String) length("VBOX") = 4
argument, no conversion from
other types!
Returns Boolean true if the String
1 starts with String 2, false
startsWith("Hello World", "Hello") =
Boolean startsWith(String 1, String 2) otherwise. Comparison is case
true
sensitive. Accepts only string
arguments.
Returns Boolean true if the String
1 ends with String 2, false
endsWith("Hello World", "World") =
Boolean endsWith(String 1, String 2) otherwise. Comparison is case
true
sensitive. Accepts only string
arguments.
Returns Boolean true if the String
1 contains String 2, false
contains("Blancco Drive Eraser", otherwise. String comparison is
Boolean contains(String 1, String 2)
"drive") = true case insensitive for Latin
characters. Accepts only string
arguments.

166
 Action Example Explanation
Returns a substring of input
String, starting from position Int.
String mid(String, Int) mid("Hello World", 6) = "World"
No automatic type conversion of
input arguments.
Returns a substring of input
String, starting from position Int 1
String mid(String, Int 1, Int 2) mid("Hello World", 7, 2) = "or" and having length Int 2. No
automatic type conversion of
input arguments.
Returns first Int characters of the
String left(String , Int) left("Hello World", 3) = "Hel" input String. No automatic type
conversion of input arguments.
Returns last Int characters of the
String right(String , Int) right("Hello World", 4) = "orld" input String. No automatic type
conversion of input arguments.
concat("This is ", true) = "This is Concatenates two input strings. If
true"concat ("Number of apples is ", argument(s) is not a string, the
String concat(String, String) 50) = "Number of apples is 50" value is converted to string. Can
be used to convert an arbitrary
concat(50, ‘’) = “50” argument to string.
This function returns true if the
isValid(<REPORTPATH a/b/c>) = operand contains some value
Boolean isValid(Operand)
true (if the paths exist in report XML) (String, Integer, Boolean) or false
otherwise.
If the first argument is a JSON
object, which contains a key-
value pair with the given key, then
jsonValue(json(' {"name": "John", the corresponding value is
"weight": 74.8, "id": 234, "married": returned. The returned type
String/Integer/Boolean/Json jsonValue(Json false}'), 'id') == 234 jsonValue(json(' depends on the JSON value type
object, String key) {"name": "John", "weight": 74.8, "id": and it can be Boolean, Integer,
234, "married": false} '), 'married') == String or JSON. If the first argu-
false ment has a different type, or such
key does not exist in the JSON
object, then an Invalid value is
returned.
The function checks if the given
path exists in JSON and if it does,
it returns its value. Returned type
fromPath(json('{"id": 127, "x": {"y":
depends on the type of JSON
{"z": "result"}}, "somekey": "string"}'),
value, which is pointed by the
String/Integer/Boolean/Json fromPath(Json 'x.y.z') == "result" fromPath(json('
path. It can be Boolean, Integer,
json, String path) {"id": 127, "x": [{"index": 0},{"index":
String or JSON. If the path
1}, {"index": 2}], "somekey":
doesn't exist, the function returns
"string"}'), 'x.2.index') == 2
an Invalid value. The path is a
sequence of keys or array
indexes delimited by '.' symbol.
Searches in the JSON array of
objects for an object, which con-
where(json('[{"key": 1},{"key": 2}, tains the given key-value pair,
JSON where (Json array, String key, String/In-
{"key": 3}]'), 'key', 2) result: json(' and returns the found JSON
teger/Boolean value)
{"key":2}') object. If such JSON object is not
found then Invalid value is
returned.

Other notes:
An operand in an expression can be one of 4 types: String, Boolean, Integer or Invalid

167
 l String operand examples: “Hello”, ‘Bye’
l Boolean operand examples: true, false (must be lower case!)
l Integer operand examples: 10, 0, -500
l Invalid type is returned by functions or tags if the expression cannot be evaluated, for example if
argument types of a function are not correct, the path inside <REPORTPATH> tag doesn’t exist, or
certain DRIVEATTRIBUTE is not supported by the drive.
l An operand in an expression can be one of four types: String, Boolean, Integer, JSON or Invalid.
o JSON operand examples: {"a": "yes", "b": 20, "c": true, "d": [50, 70]} ["a", "b"] {"a" : "b"}

Some functions perform type conversions, which are done according to the following rules:

l String to Boolean: if the String has a least one character the result is true, false otherwise
l Integer to Boolean: If the Integer is more than 0 the result is true, if it is equal or less than 0 the result
is false
l Boolean to String: true is converted to “true”, false to “false”
l Integer to String: Integer is converted to its String representation, e.g. 500 => “500”
l Boolean to Integer: true is converted to 1, false to 0
l String to Integer: the String must contain numeric characters only, otherwise the conversion fails
l Invalid type can only be converted to Boolean and result is always false
l JSON to Boolean: If the JSON contains {true} or {false} boolean value then it is used as is, otherwise
always evaluates to false
l JSON to String: String representation of JSON is used
l JSON to Integer: If the JSON contains an integer value, e.g. {10} then it is used as is, otherwise the
conversion fails

String literals outside of tags (<TAG>) must be in quotes (apostrophes or double quotes). If the string
contains apostrophes enclose it to double quotes and vice-versa.

Accepted:

<MODEL> == "VBOX"
<MODEL> == 'VBOX' <- same as line above
<MODEL> == '"VBOX"' <- resulting string is "VBOX"
<MODEL> == "'"

Not accepted:

<MODEL> == VBOX
<MODEL> == """

168
 In tag parameters quotes are optional. For example, DEVICECUSTOMFIELD is a tag with single string
parameter and so all the characters after tag name up to the closing ">" are considered a string parameter.
If the parameter is in quotes, then the quotes are ignored:

<DEVICECUSTOMFIELD Asset ID> <- OK

<DEVICECUSTOMFIELD "Asset ID"> <- same as above
<DEVICECUSTOMFIELD 'Asset ID'> <- same as above
<ENTITYINFO Device color> <- OK

Function can have non-const arguments, for example tags or results of other functions.

Example:

lessThan(<DRIVEATTRIBUTES REMAPPED_SECTOR_COUNT>, max(10, <DRIVEATTRIBUTES

UNCORRECTABLE_SECTOR_COUNT>))

Set Value uses the same logic, it is possible to use expressions on the right side of Set Value.

Example:

<ENTITYINFO Remapped> = concat("Remapped sector count: ", <DRIVEATTRIBUTES

REMAPPED_SECTOR_COUNT>)

13.5 Drive-level & Computer-level Workflow-mode

The workflow can be run in two modes: Drive-level or Computer-level. The selected mode can be identified
in the report by checking the where the workflow report is located:

l If it is located under “System version”, then it is a Computer-level workflow.

l If it is located under “Drive”, then it is a Drive-level workflow.

In drive-level mode, the workflow is started when a new device is connected to the detected by the system
(newly attached drives can be detected by clicking “Refresh”. The start action is named as “Connected” in
this mode. This mode support hot-plugging drives.
In computer-level mode, the workflow is started when the system is booted. The start action is named as
“Booted” in this mode. This mode does not support hot-plugging drives.
The mode can be switched in the workflow’s settings, by selecting the “Start item” as “Booted” for
Computer-level or “Connected” for Drive-level mode:

169
 Major differences for the actions in each mode:
Action Computer-level Drive-level
“Start action” Booted Connected
Erase Erases all drives present in the system at boot time. Erases single (currently detected) drive.
Sends drive-level report for single (current)
Send report Sends full report with Hardware details.
drive.
<ENTITYINFO> creates an entry that goes
<ENTITYINFO> creates an entry that goes under
under "blancco_hardware_
"blancco_hardware_report.system"
Set value report.disks.disk"
<DEVICECUSTOMFIELD> creates a global
<DEVICECUSTOMFIELD> creates a
custom field if it doesn’t exist
drive-level custom field if it doesn’t exist
Per-drive variables are evaluated for the
Per-drive variables are not evaluated. current drive.
Condition Per-drive paths in REPORTPATH will fetch a value Automatic filter is applied to drive-level
for the first found drive. REPORTPATHs to fetch the value for
current drive.
Finalizes the workflow for the machine. Can restart
Finalize Finalizes the workflow for a drive.
or shutdown the machine.
Starts chosen tests. Not supported – the action is skipped if
Diagnose
Note: hardware tests should be enabled in CT. encountered in drive-level workflow
Can start a drive-level workflow only, NOT
Subworkflow Can start a computer-level or drive-level workflow.
a computer-level workflow.
Create Custom Field Creates a global custom field Creates a drive-level custom field

13.6 Running a Workflow

To run a workflow, boot the modified image and enter any communications and/or other settings if
necessary. The process will follow the steps specified in the workflow. Whether or not user interaction is
required, depends entirely on the workflow and the steps it takes.
User interface when workflow is being fetched from BMPOP:

User interface when workflow named “Remapped” is being run with two devices detected in the Drive-level
mode:

170
 13.7 Example Workflow
In the workflow below, the following actions are taken:

1. Connected - Device/hardware is connected and detected.

2. Condition - Device condition is checked.
1. If the condition is not acceptable, the workflow continues directly to the lower “Finalize” step
with the “Show fail” option selected.
3. Set Value - If the condition was acceptable, then workflow continues to “Set Value” step. Here a
value is entered to the device’s custom field in the report.
4. Send Report - Report with the device’s info is sent to BMPOP / BMP. If a report containing
information about this device already exists in BMPOP / BMP, then the report is updated with the
new information.
1. If report sending fails, the workflow continues directly to the lower “Finalize” step with the
“Show fail” option selected.
5. Process is finalized

13.8 Using “REPORTPATH” Attribute and Examples

Notes:

l REPORTPATH attribute can be used only in Condition action at this version.

l XmlPath is a sequence of XML nodes delimited with '.'.

171
 l If syntax error is found in XmlPath, the workflow execution stops with INTERRUPTED status.
l If target node pointed by the path is a leaf node of uint or string type,then the node's text value is
used in expression evaluation.
l If target node is an array node (a node with "entries" name) then the number of children of the target
node is used in expression evaluation.
l If target node does not exist in report, then empty string "" is used in expression evaluation.

13.8.1 XmlPath Examples

Hardware report part:

blancco_data.blancco_hardware_report.disks.disk.interface_type
blancco_data.blancco_hardware_report.disks.disk.capacity

Erasure report:

blancco_data.blancco_erasure_report.erasures.erasure.state
blancco_data.blancco_erasure_report.erasures.erasure.firmware_rounds

Custom fields:

user_data.fields.My custom field

13.8.2 Filters in XmlPath:

Optional filters can be used to choose certain nodes in array node, e.g:
blancco_data.blancco_erasure_report.erasures.erasure[target.target_id=100].failed_sectors
Erasure nodes having child node "target.target_id=100" are selected.
Several filter can be combined to form AND filter condition:
blancco_data.blancco_erasure_report.erasures.erasure[target.target_id=100]
[target.type=disk].failed_sectors
both "target.target_id=100" and "target.type=disk" child nodes must exist for the node to be selected.
Note that only "elementPath=value" conditions are supported in filters at this version.

13.8.3 Using Index to address XML report array elements in REPORTPATH

"Search by index" syntax is now supported, for example, to fetch a log_page element with an index = 2:

<REPORTPATH blancco_data.blancco_hardware_report.disks.disk.log_pages.log_page[2]>

172
 The index is zero based and if the index value is bigger or equal to the number of elements in the array, the
expression value will be Invalid.
This syntax can be used to implement a "for" loop in a workflow that loops through all array elements, for
example:

13.8.4 Drive specific paths

Drive specific paths are automatically filtered by current drive ID:
blancco_data.blancco_hardware_report.disks.disk
disk node with disk ID of the disk currently processed by the workflow is selected.
blancco_data.blancco_erasure_report.erasures.erasure
erasure node, which has current drive as its target is selected.

13.8.5 Usage examples

Checking available memory:

moreThan(<REPORTPATH blancco_data.blancco_hardware_report.memory.total_memory>,
4194967295)

Number of processor cores:

moreThan(<REPORTPATH blancco_data.blancco_hardware_report.processors.total_cores>,
3)

Checking battery capacity:

lessThan(<REPORTPATH blancco_data.blancco_hardware_report.hardware_tests.battery_
capacity.capacity>, 80)

Note: only one battery will be checked in case the machine has several!

173
 Checking drive features:
<REPORTPATH blancco_data.blancco_hardware_report.disks.disk.features.feature
[.=crypto erase]> == "crypto erase"

Checking drive’s last self test result:

<REPORTPATH blancco_data.blancco_hardware_report.disks.disk.self_tests.self_test
[id=1].Value> == "[0x00] completed without error"

Checking SMART attribute:

lessThan(<REPORTPATH blancco_data.blancco_hardware_report.disks.disk.smart_attrib-
utes.smart_attribute[name=Power On Hours].raw_value>, 1000)

Check if the erasure was not cancelled

<REPORTPATH blancco_data.blancco_erasure_report.erasures.erasure.state> != "can-

celled"

13.8.6 Limitations
‘.’, ‘[‘, ‘]’ are used as special delimiters and cannot be used in XML node names (e.g. custom field names).
The same goes for ‘<‘, ‘>’, ‘(‘, ‘)’symbols in the Condition activity's expressions.
Some XML report values are can be difficult to use, because of the way they are reported, e.g. timestamps,
resolutions, etc.

blancco_data.blancco_hardware_report.display.resolution = "1920x1080"

13.9 Error Messages

If the workflow is unable to run, the software will display an error message. The list of possible error
messages and their explanations are listed below:
Error Message Explanation Possible Solution(s)
The error is unknown to the software.
Error is not recognized by the If this error happens, collect an issue
Unknown error
software. report and send it to Blancco for
investigation.
Check that BDE version matches the
workflow editor version.
Invalid start item The first action is invalid.
Most probable cause is workflow
editor/BDE version mismatch.
Listed expression could not be Check “Condition” or “Set Value” item’s
Failed to parse expression [expression]
parsed. expression syntax.
Erasure standard was not Check that BDE version match the
Unknown erasure standard
recognized. workflow editor version.

174
 Error Message Explanation Possible Solution(s)
Most probable cause is workflow
editor/BDE version mismatch.
Check that BDE version matches the
Incorrect workflow data Workflow has incorrect data. workflow editor version. Try to create a
workflow from scratch.
Check the listed operand’s value for
Invalid operand value [value] Listed operand has invalid value. syntax errors. Check the entire
expression for syntax errors.
Check that BDE version matches the
workflow editor version. Most probably
Unknown hardware test [test name] Listed hardware test is unknown. the test is not supported in the old BDE
version. If it is not the case, then dev team
should be contacted.
Parsing failed on the listed Check that BDE version matches the
Hardware test [test name] parsing failed
hardware test. workflow editor version
Invalid parentheses placement in Check that parentheses are placed
Invalid placement of parentheses in
listed expression (“()”) in correctly and that each parenthesis is
[expression]
“Condition” item. closed with its pair.
Listed parameter given as Check the parameter spelling. Check that
Unsupported DRIVEATTRIBUTES
DRIVEATTRIBUTE is BDE version matches the workflow editor
parameter [parameter name]
unsupported. version
Check the listed variable spelling. Check
Unsupported variable [variable name] Listed variable is unsupported. that BDE version matches the workflow
editor version.
Check that “Subworkflow” item contains a
Invalid subworkflow name [name of Subworkflow item contains invalid
valid subworkflow name. Name cannot be
subworkflow] subworkflow name.
empty or longer than 255 symbols.
Check that “Subworkflow” item doesn’t
Workflow cannot call itself
Workflow cannot call itself contain current workflow name in its
recursively.
“subworkflow” name.
Could not fetch subworkflow [name of the Listed subworkflow could not be Check the called subworkflow’s name is
subworkflow] fetched. correct and that it exists in the system.
Check the drive level subworkflow calls.
Drive-level workflow cannot call Drive-level workflow tries to call Computer-level workflows can call drive-
computer-level workflow computer-level workflow. level subworkflows, not the other way
around.
BDE iso file already contains a locked cus-
tom field and the workflow tries to set a
Locked custom field cannot be
Pre-configured custom field is locked custom field item with the same title with
edited by the workflow.
either the "Custom field" or the "Set
Value" action.
"Diagnose" item has "Optical drive"
Either deselect "Optical drive" test in
None of the optical test options were test chosen but none of "Read",
"Diagnose" item or select at least one
chosen. "Write" or "Blank" subtests are
subtest.
selected.
"Regular Expression" field in
Invalid regular expression "Create Custom Field" workflow
Check the listed regular expression.
"EXPRESSION". item does not represent a valid
regular expression.
"Question to ask" field in
Empty question. Please fill in the "Question to ask" field.
"Question" item cannot be empty.
"Message" field in "Message" item
Empty message. Please fill in the "Message" field.
cannot be empty.
"Title" field in "Create Custom
The custom field has an empty title. Please fill in the "Title" field.
Field" item cannot be empty.
The custom field's
"Create Custom Field" item has Please fill in the "Options" field.
dropdown/multidropdown list does not

175
 Error Message Explanation Possible Solution(s)
either "Dropdown" or
"Multidropdown" type but
have any option.
mandatory "Options" field is empty.

Check that "Duration (ms)" field has valid

"Duration (ms)" field in "Sleep" item
Invalid sleep time. value. Allowed range is from 0 to
has invalid value.
2000000000 ms.
"URL" field in "Server Message" Check that the "URL" starts with "http://"
Unsupported URL "URL".
item has unsupported protocol. or "https://".
"Request timeout (seconds)" field Check that "Request timeout (seconds)"
Invalid timeout value "TIMEOUT". in "Server Message" item has field has valid value. Allowed range is
invalid value. from 1 to 2000000 seconds.
Check that JSON_PATH contains
"JSON reply format from server" assignable variable tag: <VARIABLE
Invalid element in JSON reply: JSON_
field in "Server Message" item has VariableName>, <ENTITYINFO
PATH.
invalid value. InfoName> or <DEVICECUSTOMFIELD
FieldName>.
"Extra HTTP headers" field in
Check that "Extra HTTP headers" field
Invalid extra HTTP headers. "Server Message" item has invalid
has valid value.
value.
"Default Value" field value doesn't
Change either "Default Value" or "Regular
Default value doesn't match the regular match the given "Regular
Expression" so that "Default Value" will
expression. Expression" value in "Create
match "Regular Expression".
Custom Field" workflow item.
Workflow contains items, which
involve interaction with the Either remove interactive items from the
operator through UI ("Create workflow or change the "Erasure control"
Interactive workflow items cannot be
Custom Field", "Diagnose", value in Blancco Configuration Tool from "
used with remote erasure control.
"Question", "Message"), but UI is Blancco Management Portal On-Premise
locked due to remote erasure remote" to a different option.
control.

Note that only one error message is displayed in at a time. If there are more errors in a workflow, the second
error will be displayed after fixing the first error.

176
 14. Troubleshooting
Please consult the Blancco Support Knowledge Base for extensive information on Blancco Drive Eraser
troubleshooting:
https://support.blancco.com/display/KB/Drive+Eraser
You can also request assistance from Blancco Support:
Please collect beforehand information about the machine where the problem occurs.
In Blancco Drive Eraser, generate an issue report:

1. After the issue is reproduced, click on "Report issue" (or press F3).
2. Fill in a short description of the problem.
3. Save the issue report on a USB stick or send it to the Blancco Management Portal On-Premise.
4. Submit a ticket at http://support.blancco.com:
a. Press "Submit a Ticket".
b. Press "Next".
c. Dill in your details, the description of the problem, attach the issue report you have previously
generated.
d. Press "Submit".

14.1 Information on data recovery tools

Recovery software attempt to find patterns on the disk which might indicate that there is some data left on
the device, such as images. Since Blancco's tools are designed to write patterns on the whole disk, it might
lead recovery tools to give a false positive as a result, thinking that an image was found when in reality the
erasure was successful.
More information can be found here:
https://support.blancco.com/space/KB/11633108/Data+is+found+on+the+drive+after+a+successful+eras
ure

177
 15. Appendix 1: SSD Supplement
15.1 Guidelines for Using SSD Erasure Method
The following guidelines should be carefully followed when erasing an SSD:

l Currently the SSD Erasure Method is only designed to erase SSDs that use the ATA and SCSI
interface and support the firmware based erasure commands.
l For these drives, the recommended and most thorough erasure standard available in the
software is Blancco's SSD Erasure Standard. However, if your erasure policy mandates that a
different process should be applied for these drives, other options can be selected but a
message will appear on the report highlighting that an SSD was erased.
l If the SSD you are trying to erase does not support the firmware command, it is not possible to
erase the SSD with Blancco’s SSD erasure method. This information will be displayed on the
UI.
l If it is not possible to remove an applied freeze lock on the SSD you are trying to erase, the
erasure using Blancco’s SSD erasure method will fail. This information will be displayed on
the report.
l If the SSD-drives are really old models (usually 64GB or smaller), it is recommended that only one
SSD should be erased per machine at a time. The success of erasure can be affected if two drives
are attempted to be erased simultaneously.
l The whole drive should be erased, do not erase individual partitions. The use of firmware based
erasure commands will not work on partitions on an SSD. The whole drive must be erased when
using Blancco’s SSD method.
l The SSD should not be connected to the machine through additional pieces of hardware such as
USB/FireWire docking stations or PATA/SATA/SCSI bridges. These could prevent the software’s
ability to issue the firmware erasure command, resulting in a failed process.
l There should also be no instance of a RAID configuration for SSDs being erased. If two SSDs are
attached to the host machine, erase a single drive at a time.
l For ATA SSDs, if the drive is not shown on the drive selection screen, or the erasure process cannot
be run due to non-access to firmware based erasure command, one possible solution is to change
the SSD's mode from IDE/ATA-mode to AHCI/Sata Native-mode (via the appropriate
BIOS/UEFI/EFI settings).
l Blancco Drive Eraser can detect and erase eMMCs to meet the requirements of Clear and Purge, as
specified by NIST.
l Note that if the eMMC has retired sectors, there is a risk that those sectors won’t be erased,
even after Purge-level erasure. Please refer to the chapter dedicated to eMMC drives.

15.2 Erasure Result

15.2.1 Status
The end result of an erased SSD (using Blancco’s SSD method) can be one of only two states: erased
(success) and not erased (failed or canceled by the user). An erased drive constitutes one that has had the

178
 whole erasure and verification processes completed, without any identified errors. The drive is also
checked for responsiveness once erased and must present itself in an operational condition.

15.2.2 Failure Logic

Blancco’s SSD erasure solution follows a multistep erasure and verification process – if any of the steps fail,
the whole process results in a fail. This will result in an erasure report stating that the erasure process has
not been successful. The logic for erasure failure includes the following:

l An SSD being erased must allow the firmware level erasure process to execute. The software will
reject those that do not support these commands, as it is an essential part of the SSD erasure
method. If the software cannot access the firmware command, for any reason, the drive’s erasure
will result in a fail.
l If an ATA SSD has a Master Password set, it is not possible to access the firmware erasure
command or write data to it. This password must be removed before erasure can be
considered. If it is not possible to retrieve the password or somehow bypass it to unlock the
drive, it cannot be erased.
l ATA drives that have a freeze lock placed on them by the host machine’s BIOS will not allow
access to the firmware erasure command. The latest versions of Blancco’s software will
attempt to automatically remove the lock. Please see the appropriate part of the manual for
further guidelines on removal.
l The verification stage of SSD erasure must be completed successfully. If it cannot complete, the
erasure is considered a fail.
l The verification of an SSD must show that no data has remained on the device (at the logical
level). If anomalies are found, the erasure will fail.
l There is a possibility that some encrypting SSD models will appear to consistently fail erasure
because verification will fail. See the Failed Erasures section below for further information on
handling.
l Variations in drive implementations may mean that some drives require a slightly different
process – see Failed Erasures section below for further details.

15.3 Handling Information

15.3.1 Erasure Method
The Blancco erasure software will recognize that an SSD has been detected and will recommend the use of
Blancco’s proprietary method for SSDs. Blancco’s SSD erasure method combines different techniques to
provide the best security available and may exceed the requirements of other erasure standards. However,
the sanitization process is ultimately mandated by the user of the software and based on their internal
policy. For example, the policy may be to strictly adhere to NIST 800-88 and apply those processes.

15.3.2 Inoperable Drives

It is possible that SSDs containing firmware that is flawed or have some other operational deficiency
(possibly due to being near to the end of their life) will be subject to malfunction as a result of the erasure
process. This highlights drives that are faulty, regarding their internal erasure or operational methods.
When an event arises whereby an organization decides that an SSD is considered to be either
unserviceable or have security concerns about a drive, possibly due to a failed erasure process or some

179
 other reason, further disposition considerations are required: The organization handling the SSDs should
consider if a destructive process is required on drives that enter an unresponsive state.
It is also possible that the drive’s OEM (or a data recovery lab) can return the SSD to an operational
condition. Guidance should be sought from the relevant vendor in this case. It should be noted that (during
Blancco’s testing operations) this situation has occurred in only a few cases.
When proceeding with the erasure of drives, it is advised to monitor the results to identify any particular
models that become unresponsive post erasure.

15.3.3 Failed Erasures

Blancco’s SSD erasure method applies strict verification requirements in order to provide a holistic
approach to SSD erasure and mitigate the issues highlighted by previous research. If a drive does not
support the firmware erasure commands (not because of a BIOS issued freeze lock), then there are some
alternative reasons:

15.3.3.1 Verification Issues

In the case of drives that consistently fail verification (the report will indicate when this occurs), it is possible
that the drive will require some additional process or analysis. If this situation arises, please contact your
local Blancco representative. Blancco is seeking to identify these models and attain details of drive
operations from OEMs in order to offer assurances of security and/or specific methods for handling these
drives.

15.3.3.2 Firmware Upgrading

SSD vendors often develop and issue firmware updates over the lifetime of a drive. The firmware updates
may be developed to address some technical issue or bug found after the SSDs are released to consumers.
Updated SSD firmware usually implies performance improvements, security updates or improved drive
reliability.
SSD models that consistently fail erasure could benefit from a firmware update to improve the robustness of
their internal operations1.

1Blancco is not in a position to guarantee the success or otherwise of firmware updates. There is also no certainty that this will improve
the result of erasure.

180
 16. Appendix 2: Compliance with Updated NIST Guidelines
At the end of 2014, the US-based National Institute of Standards and Technology (NIST) updated their
guidelines for sanitizing media to include requirements for SSDs. When it comes to sanitization, NIST
describe two processes to achieve different levels of security:

l Clear (an erasure process that protects against non-invasive data recovery methods)
l Purge (for higher security, to protect against laboratory data recovery)

Some of the commands referenced by the NIST guidelines only feature in very new hardware.
The following tables outline where NIST requirements are supported by Blancco products.

16.1 Solid State Drives (SSDs)

Drive Type Erasure Requirements Supported?
Clear – Normal overwrite or Secure Erase Yes*
ATA
Purge – Block Erase or Cryptographic Erase Yes**
Clear – Normal overwrite Yes
SCSI / SAS
Purge – Block Erase or Cryptographic Erase Yes***
Clear - Normal overwrite Yes
NVMe
Purge - Format Unit or Cryptographic Erase Yes****
Clear - Normal overwrite Yes
eMMC
Purge - Sanitize or Secure Erase Yes*****

* Secure Erase is attempted by default, normal overwrite is used if Secure Erase is not supported.
** According to the NIST guidelines, this is only possible on SSDs that support the ATA SANITIZE Block
Erase, the ATA SANITIZE Crypto Erase and/or the TCG Crypto Erase commands, all supported in the
standard “NIST 800-88 Purge”.
*** According to the NIST guidelines, this is only possible on SSDs that support the SCSI SANITIZE Block
Erase, the SCSI SANITIZE Crypto Erase and/or the TCG Crypto Erase commands, all supported in the
standard “NIST 800-88 Purge”.
**** According to NIST guidelines, this is possible on NVMe SSDs that support the NVMe Format - User
Data Erase, NVMe Format - Crypto Erase, NVMe SANITIZE Block Erase, NVMe SANITIZE Crypto Erase,
NVMe SANITIZE Overwrite and/or the TCG Crypto Erase commands, all supported in the standard “NIST
800-88 Purge”.
***** According to NIST guidelines, this is possible on eMMC drives that support the Secure Erase
command or some other equivalent method. However, this also depends on the hardware where the eMMC
is embedded as well as on the eMMC manufacturer. Blancco Drive Eraser supports the Sanitize and
Secure Erase commands, via the standard “NIST 800-88 Purge”.

16.2 HDDs
Drive Type Erasure Requirements Supported?
Clear – Normal overwrite Yes
ATA
Purge – Firmware-based Overwrite or Cryptographic Erase or Secure Erase Yes*
Clear – Normal overwrite Yes
SCSI/SAS
Purge – Firmware-based Overwrite or Cryptographic Erase Yes**

181
 * According to the NIST guidelines, this is only possible on HDDs that support the ATA SANITIZE
Overwrite, the ATA SANITIZE Crypto Erase, the ATA (Enhanced) Secure Erase and/or the TCG Crypto
Erase commands, all supported in the standard “NIST 800-88 Purge”.
** According to the NIST guidelines, this is only possible on HDDs that support the SCSI SANITIZE
Overwrite, the SCSI SANITIZE Crypto Erase and/or the TCG Crypto Erase commands, all supported in the
standard, via the standard “NIST 800-88 Purge”.

16.3 NIST verification

NIST have specified distinct sampling methods for verifying erasure1:

l NIST normal verification: the drive is split into subsections, two pseudo random locations within each
subsection are selected, then these locations are verified. This NIST verification is available in
Blancco software and the percentage of the verified area is configurable by the user, it is used at the
end of the “NIST 800-88 Clear” and “NIST 800-88 Purge” standards (where 10% of the drive is
verified as a minimum) as well as in all the other supported erasure standards. This means that
selecting any Blancco erasure standard and setting a verification percentage equal or higher than
10% will ensure at least a clear-level erasure as defined by NIST.
l NIST Crypto Erase verification: pseudo random locations are selected throughout the drive and
written with a known pattern before the Crypto Erase is triggered. After the Crypto Erase execution,
these pseudo random locations are read to verify the absence of the known pattern. This NIST
verification is available in Blancco software and the percentage of the verified area is configurable by
the user (the minimum being 10% of the drive). It is used at the end of the “NIST 800-88 Purge”
standard.

16.4 Blancco SSD Erasure compliance with NIST

Depending on the firmware commands supported by the drive, the “Blancco SSD Erasure” standard is
compliant with NIST Purge or NIST Clear:

l On newer SSDs supporting the Sanitize commands (required to meet the NIST Purge-level erasure),
“Blancco SSD Erasure” is fully compliant with the Purge-level erasure as defined by NIST. In fact,
“Blancco SSD Erasure” exceeds the NIST Purge recommendations.
l On older SSDs not supporting the Sanitize commands (but supporting older commands such as
Secure Erase), “Blancco SSD Erasure” is fully compliant with the clear-level erasure as defined by
NIST. In fact, “Blancco SSD Erasure” exceeds the NIST Clear recommendations.
l On other data storage devices storing their data on flash memories (e.g. eMMC, NVMe), “Blancco
SSD Erasure” is fully compliant with the Purge-level erasure as defined by NIST.
l “Blancco SSD Erasure” can also be used to erase other drives (e.g. HDD) and compliance with NIST
Purge can be achieved, although this depends on the commands supported by the target drive.
Nevertheless, the “Blancco SSD Erasure” targets essentially drives that store their data on flash
memories (SSD, eMMC, NVMe) and other standards should be preferred when erasing magnetic
drives.
l Whenever a purge-level erasure is achieved on an SSD/eMMC/NVMe, through using "NIST Purge"
or "Blancco SSD Erasure", there is no specific exception in the report. If a successful erasure is

1http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-88r1.pdf pages 20-21

182
 reached via any standard achieving clear-level erasure, there is an exception in the report: “Device is
SSD/eMMC/NVMe, see manual for more information”.
l There are some corner cases, like for an example if the "TCG Crypto Erasure" is successfully
used with 10+% verification on an SSD: this achieves purge-level erasure according to NIST,
but the report exception above is kept.
l If "Blancco SSD Erasure" is successful on an ATA/SCSI SSD via using Sanitize or TCG commands,
the following message is added to the report: "Exceeds NIST-Purge".
l In any other case, if "Blancco SSD Erasure" is successful, it will be through using legacy
commands that are not compliant with "NIST Purge", in which case the following message is
added to the report: "Exceeds NIST-Clear".
l If "Blancco SSD Erasure" is successful on an NVMe, the following message is added to the report:
"Exceeds NIST-Purge".
l If "Blancco SSD Erasure" is successful on an eMMC via using the MMC Sanitize command, the
following message is added to the report: "Exceeds NIST-Purge".
l If "Blancco SSD Erasure" is successful on an HDD, no additional message is added to the report.

183
 17. Appendix 3: Execution steps of the erasure standards
All verification algorithms that the Drive Eraser uses, are NIST-based. See chapter NIST verification for
more information.
* = depends on the value user has given. See chapter on “Verification”, for more info.
CE = Crypto Erase
ESE = Enhanced Secure Erase
SA = Sanitize
SE = Secure Erase
FU = Format Unit
BE = Block Erase
OW = Overwrite (firmware-based erasure command)
NF = NVMe Format
RWP = Reset Write Pointers
→ = fallback procedure

17.1 Magnetic standards

HMG Infosec Standard 5, Lower Standard Step #
Overwrite with 0x00 1.
Verify data* 2.

HMG Infosec Standard 5, Higher Standard Step #

Overwrite with 0xAA 1.
Overwrite with 0x55 2.
Overwrite with random byte 3.
Verify data* 4.

CESG CPA - Higher Level Step #

Overwrite with 0xAA 1.
Verify data* 2.
Overwrite with 0x55 3.
Verify data* 4.
Overwrite with random byte 5.
Verify data* 6.

DoD 5220.22-M Step #

Overwrite with 0x55 1.
Overwrite with 0xAA 2.
Overwrite with random byte 3.
Verify data* 4.

DoD 5220.22-M ECE Step #

Overwrite with 0x55 1.
Overwrite with 0xAA 2.
Overwrite with random byte 3.
Overwrite with aperiodic random data 4.

184
 DoD 5220.22-M ECE Step #
Overwrite with 0x55 5.
Overwrite with 0xAA 6.
Overwrite with random byte 7.
Verify data* 8.

Bruce Schneier's Algorithm Step #

Overwrite with 0xFF 1.
Overwrite with 0x00 2.
Overwrite with aperiodic random data 3.
Overwrite with aperiodic random data 4.
Overwrite with aperiodic random data 5.
Overwrite with aperiodic random data 6.
Overwrite with aperiodic random data 7.
Verify data* 8.

Navy Staff Office Publication (NAVSO P-5239-26) Step #

Overwrite with 0xFFFFFFFF 1.
Overwrite with 0xFFFFFFE4 2.
Overwrite with aperiodic random data 3.
Verify data* 4.

National Computer Security Center (NCSC-TG-025) Step #

Overwrite with 0x35 1.
Overwrite with 0xCA 2.
Overwrite with 0x97 3.
Overwrite with aperiodic random data 4.
Verify data* 5.

Air Force System Security Instruction 5020 Step #

Overwrite with 0x00 1.
Overwrite with 0xFF 2.
Overwrite with 0x00 3.
Overwrite with 0xAA 4.
Verify data* 5.

U.S. Army AR380-19 Step #

Overwrite with random byte 1.
Overwrite with 0xAA 2.
Overwrite with 0x55 3.
Verify data* 4.

OPNAVINST 5239.1A Step #

Overwrite with 0xFF 1.
Overwrite with 0x00 2.
Overwrite with random byte 3.
Verify data* 4.

NSA 130-1 Step #

Overwrite with aperiodic random data 1.
Overwrite with aperiodic random data 2.
Overwrite with 0x00 3.
Verify data* 4.

Peter Gutmann's Algorithm Step #

Overwrite with aperiodic random data 1.

185
 Peter Gutmann's Algorithm Step #
Overwrite with aperiodic random data 2.
Overwrite with aperiodic random data 3.
Overwrite with aperiodic random data 4.
Overwrite with 0x555555 5.
Overwrite with 0xAAAAAA 6.
Overwrite with 0x924924 7.
Overwrite with 0x492492 8.
Overwrite with 0x249249 9.
Overwrite with 0x00 10.
Overwrite with 0x11 11.
Overwrite with 0x22 12.
Overwrite with 0x33 13.
Overwrite with 0x44 14.
Overwrite with 0x55 15.
Overwrite with 0x66 16.
Overwrite with 0x77 17.
Overwrite with 0x88 18.
Overwrite with 0x99 19.
Overwrite with 0xAA 20.
Overwrite with 0xBB 21.
Overwrite with 0xCC 22.
Overwrite with 0xDD 23.
Overwrite with 0xEE 24.
Overwrite with 0xFF 25.
Overwrite with 0x924924 26.
Overwrite with 0x492492 27.
Overwrite with 0x249249 28.
Overwrite with 0x6DB6DB 29.
Overwrite with 0xB6DB6D 30.
Overwrite with 0xDB6DB6 31.
Overwrite with aperiodic random data 32.
Overwrite with aperiodic random data 33.
Overwrite with aperiodic random data 34.
Overwrite with aperiodic random data 35.
Verify data* 36.

Aperiodic random overwrite Step #

Overwrite with aperiodic random data 1.
Verify data* 2.

RCMP TSSIT OPS-II Step #

Overwrite with the 0x00 byte 1.
Overwrite with 0xFF 2.
Overwrite with the 0x00 byte 3.
Overwrite with 0xFF 4.
Overwrite with the 0x00 byte 5.
Overwrite with 0xFF 6.
Overwrite with random byte 7.
Verify data* 8.

Random byte overwrite (3x) Step #

Overwrite with random byte 1.
Overwrite with random byte 2.

186
 Random byte overwrite (3x) Step #
Overwrite with random byte 3.
Verify data* 4.

17.2 Firmware and forced standards

Sanitize Cryptographic Erasure Step #
Sanitize CE 1.
Verify data* 2.

Firmware Based Erasure Step #

-For ATA drive: ESE →SE 1.
-For SCSI drive: FU 1.
Verify data* (pattern verification) 2.

Extended Firmware Based Erasure Step #

Overwrite with 0xCB 1.
-For ATA drive: ESE →SE 2.
-For SCSI drive: FU 2.
Verify data* (pattern verification) 3.

IEEE 2883-2022 Clear Step #

Remove HPA/DCO/AMA (if exists) 1.
Restore depopulated storage elements (if exist) 2.
Write random data samples for verification step* 3.
TCG Unmap → TCG RWP → TCG BE → TCG OW → Overwrite with 0x00 →
4. Step for ATA
SE
TCG Unmap → TCG RWP → TCG BE → TCG OW → FU → Overwrite with
4. Step for SCSI
0x00
TCG Unmap → TCG RWP → TCG BE → TCG OW → NF (user data erase) ->
4. Step for NVMe
Overwrite with 0x00
Verify data* 5.
NVMe: Disable and overwrite HMB (if supported and enabled) 6.
NVMe: Overwrite CMB (if supported) 7.
IEEE 2883-2022 Purge Step #
Remove HPA/DCO/AMA (if exists) 1.
Restore depopulated storage elements (if exist) 2.
Write random data samples for verification step* 3.
TCG CE → Sanitize CE → Sanitize BE → Sanitize OW → ESE 4. Step for ATA
TCG CE → Sanitize CE → Sanitize BE → Sanitize OW 4. Step for SCSI
Sanitize CE → Sanitize BE → Sanitize OW → TCG CE 4. Step for NVMe
Verify data* 5.
NVMe: Disable and overwrite HMB (if supported and enabled) 6.
NVMe: Overwrite CMB (if supported) 7.

NIST 800-88 Clear Step #

Remove HPA/DCO (if existing) 1.
-For ATA SSD: SE → Overwrite with 0x00 / configured pattern 2.
-For other type of drive: Overwrite with 0x00 / configured pattern 2.
-For removable flash-devices: Overwrite with 0x00 and Overwrite with 0xFF 2.
Verify data* (pattern verification) 3.

NIST 800-88 Purge Step #

Remove HPA/DCO (if existing) 1.
-For ATA SSD: Sanitize BE -> TCG CE -> Sanitize CE 2.
-For ATA HDD: TCG CE -> Sanitize CE -> Sanitize OW -> ESE -> SE 2.
-For SCSI SSD: Sanitize BE -> TCG CE -> Sanitize CE 2.

187
 NIST 800-88 Purge Step #
-For SCSI HDD: TCG CE -> Sanitize CE -> Sanitize OW 2.
-For NVMe: NF (user data erase) -> Sanitize BE -> TCG CE -> NF (CE) ->
2.
Sanitize CE -> Sanitize OW
-For eMMC: SA → SE 2.
Verify data* 3.

NIST 800-88 Step #

Remove HPA/DCO (if existing) 1.
-For ATA SSD: Sanitize BE → TCG CE → Sanitize CE → Full overwrite 2.
-For ATA HDD: TCG CE -> Sanitize CE → Sanitize OW → ESE → SE→ Full
2.
overwrite
-For SCSI SSD: Sanitize BE → TCG CE → Sanitize CE → Full overwrite 2.
-For SCSI HDD: TCG CE → Sanitize CE → Sanitize OW → Full overwrite 2.
-For NVMe: NF (user data erase) → Sanitize BE → TCG CE → NF (CE) → San-
2.
itize CE→ Sanitize OW → Full overwrite
-For eMMC: SA → SE → Full overwrite 2.
Verify data* 3.

BSI-2011-VS Step #
BSI algorithm random pattern erasure 1.
100% Verification for presence of BSI random pattern 2.
ESE → SE → Overwrite with 0x00 3.
Verify data 5% (or more) 4.
Reset Master Boot Record 5.

BSI-GS Step #
Remove HPA/DCO (if existing) 1.
Overwrite with aperiodic random data 2.
-For ATA drive: ESE → SE → Overwrite with 0x00 3.
-For SCSI drive: FU → Overwrite with 0x00 3.
Verify data* (pattern verification) 4.

BSI-GSE Step #
Remove HPA/DCO (if existing) 1.
Overwrite with aperiodic random data 2.
Overwrite with aperiodic random data 3.
-For ATA drive: ESE → SE → Overwrite with 0x00 4.
-For SCSI drive: FU → Overwrite with 0x00 4.
Verify data* (pattern verification) 5.

BSI-GSK Step #
Overwrite with aperiodic random data 1.
Verify data* 2.

TCG Cryptographic Erasure Step #

TCG CE 1.
Verify data* 2.

17.3 SSD Standards

Blancco SSD Erasure Step #
Proprietary process1 ...

1Contact Blancco for more information

188
 18. Contact Information
Visit the technical knowledgebase (FAQ) and contact Blancco Technical Support by submitting a technical
support ticket at:
https://support.blancco.com/
See the instructional videos for Blancco products at:
https://www.blancco.com/resources/videos/
For contact information and the latest information about secure data erasure solutions, visit the Blancco
website at:
https://www.blancco.com
We are always looking for ways to improve our products. Please let us know if you have any suggestions!

189