Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
hdparm does not show "Security" section
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Kernel & Hardware
View previous topic :: View next topic  
Author Message
big_gie
Apprentice
Apprentice


Joined: 31 Aug 2004
Posts: 158

PostPosted: Tue Sep 14, 2010 9:33 pm    Post subject: hdparm does not show "Security" section Reply with quote

Hi,

I want to do a "Secure Erase" of my SSD for a new and clean installation. According to https://ata.wiki.kernel.org/index.php/ATA_Secure_Erase I should use hdparm, but it does not report a "Security" section and setting a user password fails.

The netbook is an Asus EeePC 1000 with kernel 2.6.33.4

Quote:

# hdparm -iI /dev/sda
/dev/sda:

Model=ASUS-PHISON SSD, FwRev=TST2.04U, SerialNo=SOQ1782251
Config={ HardSect NotMFM Fixed DTR>10Mbs }
RawCHS=15636/16/63, TrkSize=32256, SectSize=512, ECCbytes=4
BuffType=DualPort, BuffSize=1kB, MaxMultSect=1, MultSect=off
CurCHS=15636/16/63, CurSects=15761088, LBA=yes, LBAsects=15761088
IORDY=yes, tPIO={min:120,w/IORDY:120}, tDMA={min:120,rec:120}
PIO modes: pio0 pio1 pio2 pio3 pio4
DMA modes: mdma0 mdma1 mdma2
UDMA modes: udma0 udma1 udma2 udma3 *udma4
AdvancedPM=no
Drive conforms to: Unspecified: ATA/ATAPI-4,5

* signifies the current active mode


CompactFlash ATA device
Model Number: ASUS-PHISON SSD
Serial Number: SOQ1782251
Firmware Revision: TST2.04U
Standards:
Supported: 5 4
Likely used: 6
Configuration:
Logical max current
cylinders 15636 15636
heads 16 16
sectors/track 63 63
--
CHS current addressable sectors: 15761088
LBA user addressable sectors: 15761088
Logical/Physical Sector size: 512 bytes
device size with M = 1024*1024: 7695 MBytes
device size with M = 1000*1000: 8069 MBytes (8 GB)
cache/buffer size = 1 KBytes (type=DualPort)
Capabilities:
LBA, IORDY(cannot be disabled)
Standby timer values: spec'd by Standard, no device specific minimum
R/W multiple sector transfer: Max = 1 Current = 0
DMA: mdma0 mdma1 mdma2 udma0 udma1 udma2 udma3 *udma4
Cycle time: min=120ns recommended=120ns
PIO: pio0 pio1 pio2 pio3 pio4
Cycle time: no flow control=120ns IORDY flow control=120ns
Commands/features:
Enabled Supported:
* Power Management feature set
* WRITE_BUFFER command
* READ_BUFFER command
* NOP cmd
* CFA feature set
* Mandatory FLUSH_CACHE
* CFA advanced modes: pio5 pio6 mdma3 mdma4
Integrity word not set (found 0x0000, expected 0x11a5)


Quote:

# hdparm --user-master u --security-set-pass Eins /dev/sda
security_password="Eins"

/dev/sda:
Issuing SECURITY_SET_PASS command, password="Eins", user=user, mode=high
SECURITY_SET_PASS: Input/output error


Quote:

# hdparm -V
hdparm v9.30


Could it be related to the "Integrity word not set" message?

Any better way of achieving this?

Thanx!
Back to top
View user's profile Send private message
NeddySeagoon
Administrator
Administrator


Joined: 05 Jul 2003
Posts: 54097
Location: 56N 3W

PostPosted: Tue Sep 14, 2010 10:07 pm    Post subject: Reply with quote

big_gie,

As its an SSD,
Code:
dd if=/dev/zero of=/dev/sd... bs=4096
will do nicely.
Do fill in the right drive, there is no undo function. Hmm I'm 100% sure that works on SSD as the wear leveling may move defeat it.
_________________
Regards,

NeddySeagoon

Computer users fall into two groups:-
those that do backups
those that have never had a hard drive fail.
Back to top
View user's profile Send private message
big_gie
Apprentice
Apprentice


Joined: 31 Aug 2004
Posts: 158

PostPosted: Tue Sep 14, 2010 10:11 pm    Post subject: Reply with quote

Thanx for your answer. But I'm not sure this will work. Writting 0's to the drive is just filling it with (empty) data. It won't (I think) clear the memory cells.
See http://www.anandtech.com/show/2738/8
Back to top
View user's profile Send private message
darkphader
Veteran
Veteran


Joined: 09 May 2002
Posts: 1217
Location: Motown

PostPosted: Tue Sep 14, 2010 10:18 pm    Post subject: Reply with quote

If you do a simple
Code:
hdparm -I /dev/sda
you should receive a security section which will tell you if the drive is frozen or not. Start there.
_________________
WYSIWYG - What You See Is What You Grep
Back to top
View user's profile Send private message
NeddySeagoon
Administrator
Administrator


Joined: 05 Jul 2003
Posts: 54097
Location: 56N 3W

PostPosted: Tue Sep 14, 2010 10:19 pm    Post subject: Reply with quote

big_gie,

You cannot clear the memory cells on any hard drive. Magnetic drives can be degaussed but thats destructive.
SSDs have something in the memory cells too.

If you are paranoid you can make a filesystem on the drive with a bad blocks write test.
That will write 00,55,AA and FF all over the drive, and still the cells will not be empty.

Any data you had on the drive will be long gone - which is the object of the exercise.
_________________
Regards,

NeddySeagoon

Computer users fall into two groups:-
those that do backups
those that have never had a hard drive fail.
Back to top
View user's profile Send private message
darkphader
Veteran
Veteran


Joined: 09 May 2002
Posts: 1217
Location: Motown

PostPosted: Tue Sep 14, 2010 10:22 pm    Post subject: Reply with quote

NeddySeagoon wrote:
As its an SSD,
Code:
dd if=/dev/zero of=/dev/sd... bs=4096
will do nicely.

Should an SSD be treated like a flash drive and write ones instead of zeroes?
Code:
tr '\000' '\377' < /dev/zero | dd bs=16384 of=/dev/sdx
as per http://goo.gl/FHMx
_________________
WYSIWYG - What You See Is What You Grep
Back to top
View user's profile Send private message
NeddySeagoon
Administrator
Administrator


Joined: 05 Jul 2003
Posts: 54097
Location: 56N 3W

PostPosted: Tue Sep 14, 2010 10:32 pm    Post subject: Reply with quote

darkphader,

Good point - you want ones to be in the memory cells, which is the equivelent of the erase command, which is not normally available to the OS.
However, you have no idea how many inversions there are from the RAM to the HDD unless you can read some bytes you know were never written.
_________________
Regards,

NeddySeagoon

Computer users fall into two groups:-
those that do backups
those that have never had a hard drive fail.
Back to top
View user's profile Send private message
big_gie
Apprentice
Apprentice


Joined: 31 Aug 2004
Posts: 158

PostPosted: Tue Sep 14, 2010 10:34 pm    Post subject: Reply with quote

darkphader wrote:
If you do a simple
Code:
hdparm -I /dev/sda
you should receive a security section which will tell you if the drive is frozen or not. Start there.

Actually, I did, but there is no Security section...See my first post.

NeddySeagoon wrote:
You cannot clear the memory cells on any hard drive...

Maybe I did not used the right term... For a SSD drive without TRIM, the drive cannot know if data has been deleted and after some time will suffer slowdowns. According to Wikipedia's TRIM article:
http://en.wikipedia.org/wiki/TRIM_(SSD_command)#Flash_drive_specific_issues wrote:
If they are considered to contain data, the contents first need to be erased before a write operation can be performed reliably. In SSDs, a write operation can be done on the page-level, but due to hardware limitations, erase commands always affect entire blocks.[7] As a result, writing data to SSD media is very fast as long as empty pages can be used, but slows down considerably once previously written pages need to be overwritten. Since an erase of the cells in the page is needed before it can be written again, but only entire blocks can be erased, an overwrite will initiate a read-erase-modify-write cycle:[4][8]: the contents of the entire block have to be stored in cache before it is effectively erased on the flash medium, then the overwritten page is modified in the cache so the cached block is up to date, and only then is the entire block (with updated page) written to the flash medium. This phenomenon is known as write amplification.[9][10]

Since I'm pretty sure my SSD does not support TRIM (only high ends one are starting to have it), I want to reset it.

Writting any data to the disk (be it 0's or 1's) will just confuse more the drive as it will think it is full.

NeddySeagoon wrote:
Any data you had on the drive will be long gone - which is the object of the exercise.

Yes, that's one goal.
Back to top
View user's profile Send private message
darkphader
Veteran
Veteran


Joined: 09 May 2002
Posts: 1217
Location: Motown

PostPosted: Tue Sep 14, 2010 10:45 pm    Post subject: Reply with quote

big_gie wrote:
Actually, I did, but there is no Security section...See my first post.

I saw that, but with the lowercase "i" added (which shouldn't be an issue) as well so I didn't know if the drive was choking (Integrity word not set) on the lowercase or the uppercase request.
_________________
WYSIWYG - What You See Is What You Grep
Back to top
View user's profile Send private message
big_gie
Apprentice
Apprentice


Joined: 31 Aug 2004
Posts: 158

PostPosted: Tue Sep 14, 2010 10:49 pm    Post subject: Reply with quote

Ok ;)
I added the "-i" flag to include more output: the top, condensed part.

Code:

# hdparm -i /dev/sda

/dev/sda:

 Model=ASUS-PHISON SSD, FwRev=TST2.04U, SerialNo=SOQ1782251
 Config={ HardSect NotMFM Fixed DTR>10Mbs }
 RawCHS=15636/16/63, TrkSize=32256, SectSize=512, ECCbytes=4
 BuffType=DualPort, BuffSize=1kB, MaxMultSect=1, MultSect=off
 CurCHS=15636/16/63, CurSects=15761088, LBA=yes, LBAsects=15761088
 IORDY=yes, tPIO={min:120,w/IORDY:120}, tDMA={min:120,rec:120}
 PIO modes:  pio0 pio1 pio2 pio3 pio4
 DMA modes:  mdma0 mdma1 mdma2
 UDMA modes: udma0 udma1 udma2 udma3 *udma4
 AdvancedPM=no
 Drive conforms to: Unspecified:  ATA/ATAPI-4,5

 * signifies the current active mode
Code:
# hdparm -I /dev/sda

/dev/sda:

CompactFlash ATA device
        Model Number:       ASUS-PHISON SSD                         
        Serial Number:      SOQ1782251         
        Firmware Revision:  TST2.04U
Standards:
        Supported: 5 4
        Likely used: 6
Configuration:
        Logical         max     current
        cylinders       15636   15636
        heads           16      16
        sectors/track   63      63
        --
        CHS current addressable sectors:   15761088
        LBA    user addressable sectors:   15761088
        Logical/Physical Sector size:           512 bytes
        device size with M = 1024*1024:        7695 MBytes
        device size with M = 1000*1000:        8069 MBytes (8 GB)
        cache/buffer size  = 1 KBytes (type=DualPort)
Capabilities:
        LBA, IORDY(cannot be disabled)
        Standby timer values: spec'd by Standard, no device specific minimum
        R/W multiple sector transfer: Max = 1   Current = 0
        DMA: mdma0 mdma1 mdma2 udma0 udma1 udma2 udma3 *udma4
             Cycle time: min=120ns recommended=120ns
        PIO: pio0 pio1 pio2 pio3 pio4
             Cycle time: no flow control=120ns  IORDY flow control=120ns
Commands/features:
        Enabled Supported:
           *    Power Management feature set
           *    WRITE_BUFFER command
           *    READ_BUFFER command
           *    NOP cmd
           *    CFA feature set
           *    Mandatory FLUSH_CACHE
           *    CFA advanced modes: pio5 pio6 mdma3 mdma4
Integrity word not set (found 0x0000, expected 0x11a5)
Back to top
View user's profile Send private message
darkphader
Veteran
Veteran


Joined: 09 May 2002
Posts: 1217
Location: Motown

PostPosted: Tue Sep 14, 2010 11:16 pm    Post subject: Reply with quote

The Security section comes right after the Commands/features section which it looks like the drive isn't completing. Maybe check with the manufacturer and find out why it isn't providing all of the information.

I have used security erase on some Intel SSD's in some newer server hardware and its pretty straightforward. My older desktop shows all of my drives (not SSD's) as frozen :( Apparently it's the way most older BIOSes were setup.
_________________
WYSIWYG - What You See Is What You Grep
Back to top
View user's profile Send private message
Juan Facundo
Tux's lil' helper
Tux's lil' helper


Joined: 19 Jun 2009
Posts: 138

PostPosted: Sat Jun 29, 2013 9:43 pm    Post subject: Reply with quote

Hi. I am having some trouble with my sdd drive.

some info:
Code:
# hdparm -I /dev/sdb

/dev/sdb:

ATA device, with non-removable media
   Model Number:       SAMSUNG MZMPA032HMCD-000L1             
   Serial Number:      S0RUNEAC200107     
   Firmware Revision:  AXM18L1Q
   Transport:          Serial, ATA8-AST, SATA 1.0a, SATA II Extensions, SATA Rev 2.5, SATA Rev 2.6
Standards:
   Used: ATA/ATAPI-7 T13 1532D revision 1
   Supported: 8 7 6 5 & some of 8
Configuration:
   Logical      max   current
   cylinders   16383   16383
   heads      16   16
   sectors/track   63   63
   --
   CHS current addressable sectors:   16514064
   LBA    user addressable sectors:   62533296
   LBA48  user addressable sectors:   62533296
   Logical  Sector size:                   512 bytes
   Physical Sector size:                   512 bytes
   device size with M = 1024*1024:       30533 MBytes
   device size with M = 1000*1000:       32017 MBytes (32 GB)
   cache/buffer size  = unknown
   Nominal Media Rotation Rate: Solid State Device
Capabilities:
   LBA, IORDY(can be disabled)
   Queue depth: 32
   Standby timer values: spec'd by Standard, no device specific minimum
   R/W multiple sector transfer: Max = 16   Current = 16
   DMA: mdma0 mdma1 mdma2 udma0 udma1 udma2 udma3 udma4 udma5 *udma6
        Cycle time: min=120ns recommended=120ns
   PIO: pio0 pio1 pio2 pio3 pio4
        Cycle time: no flow control=120ns  IORDY flow control=120ns
Commands/features:
   Enabled   Supported:
      *   SMART feature set
          Security Mode feature set
      *   Power Management feature set
      *   Write cache
      *   Look-ahead
      *   Host Protected Area feature set
      *   WRITE_BUFFER command
      *   READ_BUFFER command
      *   DOWNLOAD_MICROCODE
          SET_MAX security extension
      *   48-bit Address feature set
      *   Device Configuration Overlay feature set
      *   Mandatory FLUSH_CACHE
      *   FLUSH_CACHE_EXT
      *   SMART error logging
      *   SMART self-test
      *   General Purpose Logging feature set
      *   WRITE_{DMA|MULTIPLE}_FUA_EXT
          Write-Read-Verify feature set
      *   WRITE_UNCORRECTABLE_EXT command
      *   {READ,WRITE}_DMA_EXT_GPL commands
      *   Gen1 signaling speed (1.5Gb/s)
      *   Gen2 signaling speed (3.0Gb/s)
      *   Native Command Queueing (NCQ)
      *   Host-initiated interface power management
      *   Phy event counters
          DMA Setup Auto-Activate optimization
          Device-initiated interface power management
      *   Software settings preservation
      *   SET MAX SETPASSWORD/UNLOCK DMA commands
      *   WRITE BUFFER DMA command
      *   READ BUFFER DMA command
      *   Data Set Management TRIM supported (limit unknown)
Security:
   Master password revision code = 65534
      supported
   not   enabled
   not   locked
      frozen
   not   expired: security count
      supported: enhanced erase
   6min for SECURITY ERASE UNIT. 6min for ENHANCED SECURITY ERASE UNIT.
Checksum: correct

it says "frozen" and i have read i need to "undo" this before trying to make a secure erase or something else. I have read too, i could try putting the system into sleep mode (suspend to disk). I am trying it, but seems not working.
I need some help.
Code:
 Kernel version: gentoo-sources 3.8.13

Code:
# hdparm -V
hdparm v9.39
Back to top
View user's profile Send private message
darkphader
Veteran
Veteran


Joined: 09 May 2002
Posts: 1217
Location: Motown

PostPosted: Sat Jun 29, 2013 10:05 pm    Post subject: Reply with quote

Juan Facundo wrote:
Hi. I am having some trouble with my sdd drive.

it says "frozen" and i have read i need to "undo" this before trying to make a secure erase or something else. I have read too, i could try putting the system into sleep mode (suspend to disk). I am trying it, but seems not working.


I've always just power cycled the drive to unfreeze it (that's right, live power cycle with system running - disconnect the drive's power cable then reconnect it).
_________________
WYSIWYG - What You See Is What You Grep
Back to top
View user's profile Send private message
Juan Facundo
Tux's lil' helper
Tux's lil' helper


Joined: 19 Jun 2009
Posts: 138

PostPosted: Sat Jun 29, 2013 11:02 pm    Post subject: Reply with quote

damm.., it's an ultraboook...
Back to top
View user's profile Send private message
Juan Facundo
Tux's lil' helper
Tux's lil' helper


Joined: 19 Jun 2009
Posts: 138

PostPosted: Sat Jun 29, 2013 11:12 pm    Post subject: Reply with quote

is there some other way?
Back to top
View user's profile Send private message
darkphader
Veteran
Veteran


Joined: 09 May 2002
Posts: 1217
Location: Motown

PostPosted: Sat Jun 29, 2013 11:20 pm    Post subject: Reply with quote

Juan Facundo wrote:
damm.., it's an ultraboook...
!!

I think it's the BIOS that freezes the drive during boot up, that's why some systems always have a frozen drive and some never do. Maybe there's a BIOS setting you can change. If not, maybe you can remove the drive and perform the task in another system and then replace it.

You can use dd to zero it out. If SSD are like flash keys then you "erase" by writing ones and not zeroes. Ex:
Code:
tr '\000' '\377' < /dev/zero | dd bs=16384 of=/dev/sdX

Chris
_________________
WYSIWYG - What You See Is What You Grep
Back to top
View user's profile Send private message
darkphader
Veteran
Veteran


Joined: 09 May 2002
Posts: 1217
Location: Motown

PostPosted: Sat Jun 29, 2013 11:27 pm    Post subject: Reply with quote

Juan Facundo wrote:
is there some other way?

See the notes in Step 1a here:
https://ata.wiki.kernel.org/index.php/ATA_Secure_Erase

"Many BIOSes will protect your drives if you have a password set (security enabled) by issuing a SECURITY FREEZE command before booting an operating system. If your drive is frozen, and it has a password enabled, try removing the password using the BIOS and powering down the system to see if that disables the freeze. Otherwise you may need to use a different motherboard (with a different BIOS)."
_________________
WYSIWYG - What You See Is What You Grep
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Kernel & Hardware All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum