Firmware-Enforced, 50-Cycle NVMe Sanitization with Per-Cycle Hardware Verification
AAD-50 is an open-source NVMe sanitization framework that solves a problem most operators do not know exists.
When you run nvme sanitize on Linux, the command returns immediately. The drive acknowledges receipt. You move on. But NVMe Sanitize is asynchronous — the actual erasure happens in the background, and the standard tooling never checked whether it completed. If drive firmware silently fails — which UC San Diego researchers documented happening in 3 of 12 drives they tested — the operator has no way to know.
AAD-50 fixes this. After every single sanitize cycle, AAD-50 polls NVMe Log Page 0x81 and refuses to advance until SSTAT = 0x1 confirms hardware completion. No assumptions. No trust. Hardware confirmation only.
| Property | Detail |
|---|---|
| Version | 1.1 |
| Platforms | Linux, Windows, Windows GUI |
| Cycles | 50 (B->C->A phase matrix) |
| Verification | Log Page 0x81 per-cycle polling |
| Audit output | SHA-256 tamper-evident chain + PDF Certificate of Destruction |
| Standards alignment | NIST SP 800-88 Rev.2 Purge, NVMe Base Spec 2.0, ISO/IEC 27040 |
| License | Open source, free |
| Author | Yonas Abeselom, Addis Ababa, Ethiopia |
| Phase | Cycles | Action | NVMe Command |
|---|---|---|---|
| B - Physical Overwrite | 1-40 | NAND cell overwrite | SANITIZE_ACTION_OVERWRITE (0x02) |
| C - FTL Teardown | 41-45 | FTL index destruction | SANITIZE_ACTION_BLOCK_ERASE (0x01) |
| A - Crypto Seal | 46-50 | Media key destruction | SANITIZE_ACTION_CRYPTO_ERASE (0x04) |
Every cycle is hardware-confirmed via Log Page 0x81 before the next begins.
On June 2, 2026, RFC [#3415] was opened on linux-nvme/nvme-cli proposing that the fire-and-forget verification gap be addressed natively in the tool.
14 days later, PR [#3438] — implementing --wait and --repeat N — was merged into linux-nvme/nvme-cli master by Daniel Wagner, the primary maintainer. The verification architecture now ships with virtually every Linux distribution on earth.
nvme-cli v3.0-b.1 explicitly lists PR [#3438] in its official release changelog.
-> Peter Gutmann (Univ. of Auckland, author of the Gutmann 35-pass method) — reviewed the specification twice, both rounds improved it. Final verdict: "It looks pretty good, I can't really find anything to complain about."
-> Steven Swanson (UC San Diego, senior author of Wei et al. FAST 2011) — responded with substantive feedback on the generalisability of his 2011 findings to modern NVMe drives.
-> Keith Busch (primary nvme-cli maintainer) — gave qualified personal approval for PR [#3438].
-> Daniel Wagner (nvme-cli maintainer) — merged PR [#3438] into master, commit 84078fa.
-> Guido van Rossum (creator of Python) — reviewed the implementation and called it "very cool."
-> NVM Express — initiated internal review of the specification.