Sending NVMe Admin Commands

App & System Services Core OS
StorageRnD OP
Created 1w
Replies 3
Boosts 0
Views 126
Participants 3

Hi,

I’m currently working on a project to sanitize data (Remove customer data) on MacBook storage devices (Refurbish). The NVMe SSD is embedded on the motherboard. I’ve created a simple proof-of-concept code (Running in terminal) with the following steps:

Check and Match the NVMe Device: Verify that the physical drive (disk0) exists on the system. Open the Connection: Establish a connection to the device (disk0). Send NVMe Admin Commands: For testing, I sent the IDENTIFY (0x06) command to confirm that the connection to the device works. Close the Service and Connection: Terminate the connection after the test. However, during runtime, I encountered an error when sending the command: Error: Failed to send NVMe Admin Command with error: -536870206 ((iokit/common) invalid argument)

I’m unsure why this results in an "Invalid argument" error. Is the method I’m using to send the Admin Command incorrect? If so, what is the proper function call to use in the IOKit framework? Alternatively, are there any other recommended methods to achieve this?

In the future, I also need to send commands like ‘Sanitize (84h)’ and ‘Format NVM (80h).’ Since I’m new to macOS development, I’d greatly appreciate any advice or guidance from experts in this area.

I have attached the source code and related ioreg file for 'IOMedia' and 'IONVMeController' for you guy reference.

IOMedia

IONVMeController

sendAdminCommands.cpp

Thank you so much for your help!

Regards, Winson

Replies  3
Boosts  0
Views  126
Participants  3
ssmith_c OP
6d

where do you get the documentation that tells you that the method selector should be 1, or that the parameters should be packed the way you have packed them?

In general, objects with class names beginning with"Apple" are private to Apple. You can probably do what you're trying to do if you replace the Apple driver, but not through the Apple driver.

However, it may not be necessary at all. If I understand this document correctly, all Macs with a T2 chip or M series processor encrypt the built-in storage, all the time. https://support.apple.com/guide/security/volume-encryption-with-filevault-sec4c6dc1b6e/web.

1
StorageRnD OP
5d

Hi ssmith_c / Apple Engineer,

Thank you for your reply.

I am entirely new to Apple development and currently uncertain about where to start coding. I’ve successfully completed a Data Wipe application for Linux and Windows platforms, and I wanted to expand to macOS, as I find Apple products more secure and challenging to learn the library. My goal is not to modify Apple drivers but simply to perform a full data wipe to ensure no customer data remains. This requires sending specific commands such as Write, Format NVM, or Sanitize to the storage device.

Could you guide me on where to find the method selectors or provide any pointers to start?

The purpose of this project is to wipe onboard storage (specifically NVMe SSDs) on MacBooks before sending them for recycling. While I understand that Apple provides an Erase utility to delete media, we need to ensure compliance with specific standards for data sanitization.

Questions:

  1. Apple Erase Utility Standards:

Which data-wiping standard does the default Apple Erase utility follow? Is it NIST, IEEE, or DoD?

  1. Sending Commands to Apple NVMe SSDs:

Is it possible to send NVMe Admin Commands or NVM Commands (e.g., Sanitize, Format NVM) to onboard Apple NVMe SSDs? If this is not possible, what is the best recommend to wipe the data? However, utilities like BitRaser seem to perform this wipe in recovery mode. Not sure how they achieve this?

  1. Development Environment:

I am using Xcode to develop a command-line application. Are there any official guides or resources you recommend for this?

  1. IOKit and Low-Level Commands:

Can we use IOKit to send low-level commands directly to the NVMe device? If not, what alternative APIs or frameworks should I explore?

  1. Running Scripts in Recovery Mode:

How can I run a data erase script on the physical drive (e.g., disk0)? It need to be in recovery mode, right?

We’ve tested with BitRaser, and it successfully performs a data wipe even with encryption in place, as you mentioned. So, i think drive not encrypt and accept erase/sanitize command.

We aim to develop our own application, similar to what we’ve achieved on Linux and Windows platforms, to meet our customers' requirements for NIST (Purge or Clear) and IEEE (Purge or Clear) data sanitization standards.

I hope someone with expertise in this area can guide me in the right direction. We already have an enterprise developer account under our company, and we pay $299 annually for it. I would greatly appreciate your support to help me complete this project.

Thank you so much for your time and assistance.

Best regards, Winson

0
DTS Engineer OP
Apple
5d

Is it possible to send NVMe Admin Commands or NVM Commands (e.g., Sanitize, Format NVM) to onboard Apple NVMe SSDs?

We do not currently have a public API for this. If you'd like such an API, please file an enhancement request asking for us to add one.

I'll also note that attempting to interact with undocumented UserClient is both dangerous and unsupported.

One clarification here:

However, during runtime, I encountered an error when sending the command: Error: Failed to send NVMe Admin Command with error: -536870206 ((iokit/common) invalid argument)

I’m unsure why this results in an "Invalid argument" error.

For future reference, IOKit (and the broader kernel) use a structure error code format that makes FAR more sense in hexadecimal. In this case:

-536870206 -> 0xE00002C2

//From IOReturn.h:
#define kIOReturnBadArgument     iokit_common_err(0x2c2) // invalid argument

__
Kevin Elliott
DTS Engineer, CoreOS/Hardware

0
Sending NVMe Admin Commands
First post date Last post date
 
 
Q