How secure is Secure Erase (EACAS)?
This week has brought worrying reports that securely erased devices have seemingly ‘recovered’ old images stored on them before their erasure, a bug addressed by the iOS/iPadOS 17.5.1 update. Although this doesn’t appear to affect Macs, it has led some to claim that securely erasing your Mac or device may not remove all old data from it. This article explains why that’s incorrect, and how those reports are false.
Since macOS Catalina, Macs have started up not from a single system volume, but from a group of volumes. This is simpler on the internal storage of an Intel Mac, which now has five volumes, of which the relevant ones are the System and Data volumes.
The internal SSD in an Apple silicon Mac consists of three APFS containers, and lacks the legacy EFI partition. Only the Apple_APFS container is normally mounted, and that has a similar structure to the boot container of an Intel Mac.
Since Big Sur, the System volume remains unmounted, and the boot system is a read-only snapshot stored on that volume. Outside macOS installation and updating, nothing can write to either of those, so the only volume capable of storing user data is the Data volume. If old images were to be stored anywhere, they could only be on the Data volume.
