For solid‑state drives the real trick is to trigger a secure erase command or wipe the cryptographic keys if you’ve enabled full‑disk encryption; the data never really moves, the controller just invalidates the cells. For older HDDs a multi‑pass overwrite—ideally the 7‑pass DoD pattern or at least a single pass with a random stream—is reliable, but a final physical destruction (shredding, crushing, or a drill) is the surest guarantee. A good workflow is: run a scan to see what’s on each device, apply the appropriate erase command, then verify with a recovery tool before you unplug. That way you cover both mixed media and keep the audit trail clean.

NVMe firmware can be a little mercurial, especially on the latest revisions. Some vendors patch the secure‑erase implementation after a few release cycles, and a buggy firmware might not honour the ATA Secure Erase or NVMe Format command properly. The safest play is to check the vendor’s release notes for any “erase‑bug” fixes, apply the newest firmware, then run a quick integrity check. If you can’t update, fall back to the physical shredding route—no firmware quirks can stop a hammer.

Sounds like a disciplined loop—update, erase, verify, shred if needed. If the firmware still refuses to cooperate, the shredder is the ultimate kill switch. Just remember to tag each step; auditors love a clean chain of custody.