⚠️ WARNING — DATA DESTRUCTION TOOL⚠️ wipeboot permanently and irreversibly erases storage devices. There is no undo, no recovery, and no second chance. Back up everything you want to keep before running this tool. The authors disclaim all liability for data loss.
A reproducible builder that produces a small (~150 MB) bootable USB image for securely erasing internal SSDs and HDDs of laptops you cannot easily disassemble. It uses firmware-level sanitization commands — not naive overwrites — so SSD wear-leveling and over-provisioned cells are handled correctly.
| Approach | HDD | SATA SSD | NVMe SSD |
|---|---|---|---|
dd/shred overwrite |
✅ | ||
| NVMe Sanitize / Format | — | — | ✅ controller-level wipe |
| ATA Secure Erase | ✅ | ✅ | — |
| Crypto Erase (SED) | — | ✅ instant | ✅ instant |
wipeboot picks the right command for the drive automatically.
# 1. Build the ISO (Linux or WSL2; Windows-native limited to write/verify)
pip install -e .
wipeboot build --output dist/wipeboot.iso
# 2. Write to a USB stick (>= 256 MB)
wipeboot list-usb
wipeboot write /dev/sdX # Linux
wipeboot write \\.\PhysicalDriveN # Windows (admin)
# 3. Boot the target laptop from the USB
# - Disable Secure Boot in BIOS/UEFI first
# - Use the boot menu key (F12 / F9 / Esc / depends on vendor)
# - Follow the on-screen TUI| Drive type | Method | Tool used | Typical time |
|---|---|---|---|
| NVMe SSD | nvme sanitize (block or crypto) |
nvme-cli | seconds–minutes |
| SATA SSD | ATA --security-erase |
hdparm | seconds–minutes |
| Self-encrypting (SED, OPAL) | PSID Revert / crypto erase | sedutil-cli | < 1 minute |
| HDD | Single-pass overwrite | shred / hdparm | hours |
- ❌ The USB writer refuses to write to non-removable / non-USB devices
- ❌ The wipe menu excludes mounted disks and the USB itself
- ❌ Every destructive action requires typing
ERASEto confirm - ❌ Drive model, serial, and size are shown before confirmation
- ✅ All commands are logged to
/var/log/wipe.log
Requires (Linux / WSL2):
- Python 3.10+
xorriso,mtools,squashfs-tools,e2fsprogs- root or unprivileged user namespaces (for chroot)
sudo apt install xorriso mtools squashfs-tools e2fsprogs # Debian/Ubuntu
pip install -e ".[dev]"
wipeboot build
pytest- ✅ UEFI (Secure Boot off)
- ✅ Legacy BIOS / CSM
- ❌ Secure Boot enabled — the live kernel is unsigned
See docs/boot-instructions.md for vendor-specific boot menu keys and Secure Boot disable steps.
We track tested laptop / drive combinations in docs/compatibility.md. Reports welcome via issue template.
wipeboot/ Python builder (pip-installable CLI)
overlay/ Files baked into the boot ISO (TUI menu, wipe scripts)
docs/ Usage, safety, boot, compatibility docs
tests/ Unit tests
MIT — see LICENSE.
The bootable image bundles upstream packages (Alpine Linux, nvme-cli, hdparm,
sedutil) under their respective licenses (MIT, GPL-2.0, GPL-3.0). Their
copyrights and licenses are preserved in /usr/share/licenses/ of the built
image.
This tool is intended for the lawful secure disposal of storage media you own or are authorized to erase. The authors and contributors accept no responsibility for data loss, hardware damage, or any other consequence arising from the use of this software.