Description:

The Freeze Lock Removal (FLR) is a procedure that Blancco Drive Eraser attempts in order to remove special locks that have become popular on HDD and SSD drives (a.k.a. "freeze locks"). These locks prevent some low level commands (firmware-based erasure commands) from being executed successfully and can cause the erasure to fail. Such firmware commands are used in some erasure standards (e.g. "Blancco SSD Erasure", "NIST 800-88 Purge", "Cryptographic Erasure", "BSI-GS/E" or "BSI-2011-VS" to name a few), they are also required with some erasure options (e.g. selecting the option "Erase Remapped Sectors" on a drive that has remapped sectors): if your process mandates using one of these erasure standards or erasure options or has to achieve a ‘Purge’ level erasure as defined by NIST *, the success of your erasure process will depend on the outcome of the FLR procedure.

The FLR procedure will attempt removing the freeze locks by power cycling the machine: the screen turns black for few seconds before returning. Depending on booting option used to boot Blancco Drive Eraser (see the "Booting Options" chapter from the Blancco Drive Eraser user manual) or the configured erasure process ("Manual", "Semi-automatic" or "Automatic", see the "Processes" chapter from the Blancco Drive Eraser user manual), the Freeze lock removal may occur at boot time (before the GUI is displayed) or right after pressing the "Erase" button. Unfortunately, in some hardware configurations the screen might not turn back on leaving the machine in a seemingly inoperable state (a.k.a. "black screen" issues), meaning that the FLR procedure is not properly supported by the machine. You will find below some ways to remediate such issues.


How to handle problematic hardware? 

The user will usually face three (3) situations with problematic hardware:

  1. The screen stays black and an erasure process starts in the background: the drive’s light starts blinking as the drive is being actively erased. In this situation, only the screen is missing, if the user wants to monitor the erasure a workaround consists in monitoring it via the Blancco Management Console. After the erasure, the report can also be fetched. Please refer to the Drive Eraser Configuration Tool and the Blancco Management Console user manuals for more information about this feature.

  2. The screen stays black and nothing starts in the background, however the machine is on (lights are on, fans are working). Only the screen is missing but the drives are most likely detected and ready for erasure, if the user wants to start and monitor the erasure a workaround consists in controlling it via the Blancco Management Console. After the erasure, the report can also be fetched from the Blancco Management Console. Please refer to the Drive Eraser Configuration Tool and the Blancco Management Console user manuals for more information about this feature.

  3. The screen stays black and the machine is unresponsive (lights are off, fans are not working). In this situation, the Freeze lock removal is most likely paused or has failed. There are a few ways to proceed:

    1. With some old machines, the Freeze lock removal process may be paused because the machine has not had enough time to restart. Try to press any keyboard key (e.g. Enter) or push the machine’s power button for 1 second or so to wake up the machine and restart the software's user interface / begin the erasure (after this, you may end up with a working screen or in the case 1 or 2).

    2. Some laptops and tablets require to be connected to (or disconnected from) their docking station to allow the power cycling to succeed. Other manipulations may involve connecting/disconnecting the power cable during the power cycling process.

    3. On other machines, power cycling is a functionality that needs to be turned on. Check from the BIOS/UEFI settings that the machine can be suspended and restarted, the setting may correspond to:
      1. Enabling the "Suspend-to-RAM" or "S3 mode" functionality.
      2. Moving the "ACPI Standby State" to "S3".
      3. Unblocking the "Sleep" or "S3 State" functionality.

    4. The BIOS on some machines may not support the S3 sleep state. In that case, try upgrading/downgrading the BIOS version to enable S3 support. A few examples below:
      1. In case of the Microsoft Surface 3 Tablet older BIOS versions (e.g. 1.50410.218) does not allow the erasure to proceed, nevertheless newer BIOS versions (e.g. 1.51116.78) allow the FLR procedure to work and the drive to be securely erased without a glitch.
      2. In case of the Lenovo X1 Tablet (model 20GHS0S100) the BIOS versions 1.55 or lower do support the S3 sleep state, nevertheless the BIOS versions 1.57 and higher no longer support the S3 sleep state. If you need to remove the freeze locks on such machines, try to downgrade to the BIOS 1.55 or lower.

    5. If the previous does not work, the Freeze lock removal process has likely failed. Next, try to remove the drive from the machine and connect it to a motherboard that doesn’t enforce any Freeze lock (as the Freeze lock itself is an entirely BIOS dependent feature) or that can be suspended and restarted properly.

    6. Otherwise, unplug either the signal or power cable of the drive. This requires that the following steps are performed:
      1. Shut down the computer system.
      2. Unplug the signal cable or four-wire power cable of the drive while leaving the signal cable plugged in. To eliminate the danger of Electro Static Discharge, always ground yourself when removing the power cord. The signal cable is the preferred option and should be attempted first. If the freeze lock remains after attempting the boot with signal cable removed, attempt the boot with the power cord removed. This method is not recommended by Blancco, as the drive may result damaged in the process.
      3. Power on the system and boot the Blancco software.
      4. When the software is loading i.e. you see the progress bar, plug the signal/power cord of the drive back in.


Other problematic hardware:

Some machines may not show any "black screen", they will seemingly restart and the user will be able to access the UI. Nevertheless, some erasure standards requiring firmware-based erasure commands (e.g. "Blancco SSD Erasure", "NIST 800-88 Purge", "Cryptographic Erasure", "BSI-GS/E" or "BSI-2011-VS" to name a few) will consistently fail with error messages similar to "SECURE ERASE command failed", "BLOCK ERASE EXT command failed", etc. These machines do not support the FLR procedure. A good example of them is the Microsoft Surface Pro 3 machine. In order to handle them, please refer to the previous chapter, especially the alternatives described in 3c, 3d, 3e and 3f.


Some cases when the Freeze Lock Removal is not mandatory:

A machine and drive are usually deployed within a company or organization where policies for data sanitization are defined. The erasure process used must usually follow such policies. However, depending on the case, executing successfully firmware-based erasure commands (and therefore removing the freeze locks from the drives) can be seen as a good addition and not as a mandatory requirement (i.e. the FLR procedure can be skipped). Some of these cases are listed below:

  1. The data sanitization policy of the organization does not require ‘Purge’ level erasure as defined by NIST. Instead, ‘Clear’ level erasure as defined by NIST (e.g. normal overwriting) is considered enough *.
  2. The machine and drive remain within the organization (redeployed internally) and the 'Clear' level erasure as defined by NIST is considered sufficient *.
  3. The machine displays a consistent “black screen” after attempting the FLR and the drive has a freeze lock that cannot be removed. In addition, the drive cannot be extracted from the machine (e.g. to be erased elsewhere).
  4. The drive is and HDD, it is in a good condition (no remapped sectors) and/or does not have any hidden area that needs to be removed.
  5. The drive does not contain data considered as sensitive:
    • Secret data often requires purging or sanitizing procedures that may involve the use of firmware based erasure commands that are available only if the drive is not freeze locked.
    • The user essentially requires erasing the user addressable area of the drive.


In all the cases above a 'Clear' level erasure as defined by NIST may be considered sufficient. ‘Clear’ level erasure does not require the FLR to be attempted *.

Although Blancco Drive Eraser attempts to remove automatically the drives' freeze locks whenever detected, the user is given the possibility to prevent this mechanism from being triggered, as described in this article.


* For more information about NIST 800-88 Clear/Purge levels, read the chapter “Compliance with Updated NIST Guidelines” from the Blancco Drive Eraser user manual.