Erasing User Data from Devices (Windows Embedded CE 6.0)
1/6/2010
You can use an I/O control to erase all user data from a device, whether a hard disk or a storage card. In this topic, the term erase refers to the active removal of data, by overwriting it with zeros on magnetic media, or by removal of flash blocks so that no data remains. In this topic, erase is not merely deallocating the memory location. This applies to user data that is stored in a FAT or a TFAT volume.
To erase and format, the file system first calls the block driver to determine whether it implements IOCTL_DISK_SET_SECURE_WIPE_FLAG. If the block driver implements this I/O control, MSFLASH implements erase and format. If not, FAT reformats the volume by passing the FATUTIL_SECURE_WIPE flag in the FORMAT_OPTIONS structure.
When an erase-and-format operation is initiated, it continues until it is finished. This occurs even if it is repeatedly interrupted because of a reset or loss of power. When the erasure and formatting is finished, no data remains on a flash storage device. All unmapped physical blocks and all logical blocks are erased. For a hard-disk device, data is overwritten once with zeros, but is not completely removed.
To determine whether a format request should perform an erase-and-format operation or a traditional format operation, Storage Manager looks for a SecureWipe value in the profile-specific key for the storage media to be formatted.
For example, the following registry entry example enables the erasure and formatting of the MyProfileName mounted volume:
[HKEY_LOCAL_MACHINE\System\StorageManager\Profiles\<MyProfileName>\FATFS]
"SecureWipe"=dword:1
A privileged application can also initiate an erase-and-format operation by calling the LoadLibrary function in Fatutil.dll.
The erase-and-format operation does not offer guaranteed protection against the physical removal of a storage device before it finishes. The operation also cannot be performed if the storage device is write-protected. The erase-and-format of a hard disk does not perform multiple writes to blocks using repeat cycles or patterns. Instead, the function performs a low-level format, erasing data that is read from the device by using a block driver.
An erase-and-format of multiple volumes occurs synchronously, not at the same time. You cannot designate multiple storage volumes for an erase-and-format at the same time. You must erase and format each volume individually.
Cautions
There is currently no way to remotely erase and format a device unless a Microsoft Exchange server manages it.
If an inserted storage card is write-protected, it cannot be erased.
See Also
Concepts
File System Operations
FAT File System