Generally speaking, “secure deletion” tools like that assume that the data is ultimately stored on a hard disk drive (HDD) where specific sectors can be overwritten (sometimes repeatedly) in order to make it difficult or impossible for the data to be forensically recovered. However, solid state drives (SSDs) don’t work the same way. You can’t be sure that you’re writing to the same physical sectors, so these old-fashioned “secure deletion” tools don’t have the same effect. Since we specifically recommend installing Qubes on an SSD, and since almost all recent computers use an SSD for the primary system drive, the old “secure deletion” tools have become less relevant. Generally speaking, the best solutions for SSDs are:
- Full-disk encryption (FDE), which Qubes uses by default. With FDE, you only have to destroy the encryption key in order to render the content of the drive unreadable. It doesn’t matter that you can’t securely delete individual files, since they’re unreadable anyway. (Of course, this was also – and still is – an option with HDDs.)
TRIM, which is more complicated. When set up correctly, the idea is that issuing a normal file deletion command is passed down through all required layers until the physical data is actually erased from the SSD.
This is just a brief overview, but it should point you in the right general directions, should you wish to do some more research.