Erase, when added to a workflow and deployed to a device, will erase devices to factory defaults. This is one of the most important actions within GroundControl.
The erase feature is “smart,” and only erases devices that have been activated, that is, at least partially set up. If the device has not been activated, it is already erased, and we don’t erase it again. This feature greatly speeds deployments.
We encourage you to include the Erase feature in almost every workflow. Erasing a device means every deployment begins at a known state — erased — so all subsequent actions will have a predictable effect. This makes deployments much more reliable.
Erase as the only Action
When “Erase” is used by itself within a workflow, the device will not be supervised. The Erase action, by itself, will remove supervision from devices.
The Erase action includes an option to erase only “supervised & DEP devices” or to erase “supervised, DEP and unsupervised devices.” This option exists as a safety, to help you avoid erasing devices by mistake. Keep the first option select for most uses.
Erasure Method and Certifications
GroundControl’s “Erase Device” action performs a cryptographic erase, identical to “Erase all Content and Settings.” This process destroys all of the encryption keys in effaceable storage, rendering all user data on the device cryptographically inaccessible.
GroundControl’s erase conforms to the following industry standards:
- NIST 800-88 revision 1 “Clear & Purge” http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-88r1.pdf
- SERI R2:2013 Provision 8, guidelines for data destruction https://sustainableelectronics.org/implementation-guide-provision-8