How to achieve purge level erasure on Lenovo devices with NVMe drives

There is an on-going issue with multiple Lenovo machines equipped with NVMe drives where the erasure fails due to failing firmware erasure commands. The root cause of this issue is a security feature enabled within Lenovo's firmware which prevents executing required erasure commands successfully. This being the case, the issue occurs in all versions of Blancco Drive Eraser and any erasure tools using the Purge Level Erasure Standard.

This issue has been identified for the following machines (with NVMe drives):

• Lenovo Thinkpad E14, E590, L480, L580, P51, P52, T14, T460s, T470, T470s, T480, T570, T580, X270, X280, X390
• Lenovo Yoga 370, L380, X380, X390
• Lenovo ThinkCentre M715q, M910
• Lenovo X1 Carbon
• Lenovo X1 Carbon Yoga

There are 4 workarounds available for reaching Purge-level erasure.

• Workaround 1: Boot BDE with the booting parameter “flr=forced”. And adding “loglevel=7” in order to collect additional logs if requested by support..
  
  
• Workaround 2: Within the same session, if the first purge fails, try to re-erase the drive (same erasure standard). Reason: sometimes the first erasure unlocks the drive in some manner, and the second purge may succeed.
  
  
• Workaround 3: If the machine supports the Physical Presence Interface (PPI) and TCG commands, it may also support disabling a security (Block SID Authentication) that can block the purge commands (mostly TCG commands). Reconfigure the Blancco Drive Eraser image via Configuration tool and turn on the “Disable block SID authentication” setting. This setting may reboot the machine and show a screen where the user needs to accept turning off this security, after which Drive Eraser should boot and the erasure can be attempted again.
  
• Workaround 4: If the erasure is still failing, there are not a lot of options left and  left are workarounds that require manual work:
  
  • 4a) If the drive supports a TCG command called “PSID Revert”, this command can also purge the drive. But to action this command, user might need to open the machine and locate the PSID, then user need to input the PSID through the Drive Eraser user interface before starting the erasure.
    
    • Precondition: The drive should support the “PSID Revert” command (this can be checked from the Drive Eraser user interface).
    • Con: Manual work to open the machine, locate the PSID on the drive, copy it, reboot the machine, and input the PSID through the Drive Eraser user interface.
      
      
  • 4b) Open the machine, remove the drive and connect it to another machine that does not put locks in it and re-erase it.
    • Precondition: User need to identify a machine that does not put locks for retrying the erasure
    • Con: Manual work to open the machine, remove the drive, connect it to the other machine, reboot the other machine with Drive Eraser and re-erase the drive.
      
      
  • 4c) Try to upgrade the drive firmware (a new drive firmware may add support for TCG commands, in which case the Workaround 3 may work).
    
    • Precondition: Need to have access to the drive firmware and check the release notes to see if they provide anything that would justify this procedure.
    • Con: Manual work to upgrade the drive firmware, may require using a dedicated tool provided by the manufacturer.
      
      
  • 4d) Try to upgrade (or downgrade) the machine BIOS. Newer BIOS version might block the purge commands while an older BIOS allows to use them.
    • Precondition: Identify an identical machine where the purge is successful, then take note of the BIOS and download it. This is usually discovered when erasing identical machines and finding out that some are successfully purged while others are not, then finding a discrepancy in the BIOS versions installed on both machines. User might need to be in touch with the BIOS manufacturer to obtain any specific BIOS (usually the case if the wished BIOS is older than 1-2 years and cannot be downloaded from the manufacturer’s webpage anymore).
    • Con: Manual work to upgrade or downgrade the BIOS, may require using a dedicated tool provided by the manufacturer.

As Blancco continues to work with Lenovo support, it is also recommended that our customers engage Lenovo directly to report such an issue if impacting production environments. If you are experiencing this issue, please submit a new support ticket with the details of the affected machines and issue reports from the machines, and we will continue to collect all customer reports.