View previous topic :: View next topic |
Author |
Message |
big_gie Apprentice
Joined: 31 Aug 2004 Posts: 158
|
Posted: Tue Sep 14, 2010 9:33 pm Post subject: hdparm does not show "Security" section |
|
|
Hi,
I want to do a "Secure Erase" of my SSD for a new and clean installation. According to https://ata.wiki.kernel.org/index.php/ATA_Secure_Erase I should use hdparm, but it does not report a "Security" section and setting a user password fails.
The netbook is an Asus EeePC 1000 with kernel 2.6.33.4
Quote: |
# hdparm -iI /dev/sda
/dev/sda:
Model=ASUS-PHISON SSD, FwRev=TST2.04U, SerialNo=SOQ1782251
Config={ HardSect NotMFM Fixed DTR>10Mbs }
RawCHS=15636/16/63, TrkSize=32256, SectSize=512, ECCbytes=4
BuffType=DualPort, BuffSize=1kB, MaxMultSect=1, MultSect=off
CurCHS=15636/16/63, CurSects=15761088, LBA=yes, LBAsects=15761088
IORDY=yes, tPIO={min:120,w/IORDY:120}, tDMA={min:120,rec:120}
PIO modes: pio0 pio1 pio2 pio3 pio4
DMA modes: mdma0 mdma1 mdma2
UDMA modes: udma0 udma1 udma2 udma3 *udma4
AdvancedPM=no
Drive conforms to: Unspecified: ATA/ATAPI-4,5
* signifies the current active mode
CompactFlash ATA device
Model Number: ASUS-PHISON SSD
Serial Number: SOQ1782251
Firmware Revision: TST2.04U
Standards:
Supported: 5 4
Likely used: 6
Configuration:
Logical max current
cylinders 15636 15636
heads 16 16
sectors/track 63 63
--
CHS current addressable sectors: 15761088
LBA user addressable sectors: 15761088
Logical/Physical Sector size: 512 bytes
device size with M = 1024*1024: 7695 MBytes
device size with M = 1000*1000: 8069 MBytes (8 GB)
cache/buffer size = 1 KBytes (type=DualPort)
Capabilities:
LBA, IORDY(cannot be disabled)
Standby timer values: spec'd by Standard, no device specific minimum
R/W multiple sector transfer: Max = 1 Current = 0
DMA: mdma0 mdma1 mdma2 udma0 udma1 udma2 udma3 *udma4
Cycle time: min=120ns recommended=120ns
PIO: pio0 pio1 pio2 pio3 pio4
Cycle time: no flow control=120ns IORDY flow control=120ns
Commands/features:
Enabled Supported:
* Power Management feature set
* WRITE_BUFFER command
* READ_BUFFER command
* NOP cmd
* CFA feature set
* Mandatory FLUSH_CACHE
* CFA advanced modes: pio5 pio6 mdma3 mdma4
Integrity word not set (found 0x0000, expected 0x11a5)
|
Quote: |
# hdparm --user-master u --security-set-pass Eins /dev/sda
security_password="Eins"
/dev/sda:
Issuing SECURITY_SET_PASS command, password="Eins", user=user, mode=high
SECURITY_SET_PASS: Input/output error |
Quote: |
# hdparm -V
hdparm v9.30
|
Could it be related to the "Integrity word not set" message?
Any better way of achieving this?
Thanx! |
|
Back to top |
|
|
NeddySeagoon Administrator
Joined: 05 Jul 2003 Posts: 54237 Location: 56N 3W
|
Posted: Tue Sep 14, 2010 10:07 pm Post subject: |
|
|
big_gie,
As its an SSD, Code: | dd if=/dev/zero of=/dev/sd... bs=4096 | will do nicely.
Do fill in the right drive, there is no undo function. Hmm I'm 100% sure that works on SSD as the wear leveling may move defeat it. _________________ Regards,
NeddySeagoon
Computer users fall into two groups:-
those that do backups
those that have never had a hard drive fail. |
|
Back to top |
|
|
big_gie Apprentice
Joined: 31 Aug 2004 Posts: 158
|
Posted: Tue Sep 14, 2010 10:11 pm Post subject: |
|
|
Thanx for your answer. But I'm not sure this will work. Writting 0's to the drive is just filling it with (empty) data. It won't (I think) clear the memory cells.
See http://www.anandtech.com/show/2738/8 |
|
Back to top |
|
|
darkphader Veteran
Joined: 09 May 2002 Posts: 1217 Location: Motown
|
Posted: Tue Sep 14, 2010 10:18 pm Post subject: |
|
|
If you do a simpleyou should receive a security section which will tell you if the drive is frozen or not. Start there. _________________ WYSIWYG - What You See Is What You Grep |
|
Back to top |
|
|
NeddySeagoon Administrator
Joined: 05 Jul 2003 Posts: 54237 Location: 56N 3W
|
Posted: Tue Sep 14, 2010 10:19 pm Post subject: |
|
|
big_gie,
You cannot clear the memory cells on any hard drive. Magnetic drives can be degaussed but thats destructive.
SSDs have something in the memory cells too.
If you are paranoid you can make a filesystem on the drive with a bad blocks write test.
That will write 00,55,AA and FF all over the drive, and still the cells will not be empty.
Any data you had on the drive will be long gone - which is the object of the exercise. _________________ Regards,
NeddySeagoon
Computer users fall into two groups:-
those that do backups
those that have never had a hard drive fail. |
|
Back to top |
|
|
darkphader Veteran
Joined: 09 May 2002 Posts: 1217 Location: Motown
|
Posted: Tue Sep 14, 2010 10:22 pm Post subject: |
|
|
NeddySeagoon wrote: | As its an SSD, Code: | dd if=/dev/zero of=/dev/sd... bs=4096 | will do nicely. |
Should an SSD be treated like a flash drive and write ones instead of zeroes? Code: | tr '\000' '\377' < /dev/zero | dd bs=16384 of=/dev/sdx | as per http://goo.gl/FHMx _________________ WYSIWYG - What You See Is What You Grep |
|
Back to top |
|
|
NeddySeagoon Administrator
Joined: 05 Jul 2003 Posts: 54237 Location: 56N 3W
|
Posted: Tue Sep 14, 2010 10:32 pm Post subject: |
|
|
darkphader,
Good point - you want ones to be in the memory cells, which is the equivelent of the erase command, which is not normally available to the OS.
However, you have no idea how many inversions there are from the RAM to the HDD unless you can read some bytes you know were never written. _________________ Regards,
NeddySeagoon
Computer users fall into two groups:-
those that do backups
those that have never had a hard drive fail. |
|
Back to top |
|
|
big_gie Apprentice
Joined: 31 Aug 2004 Posts: 158
|
Posted: Tue Sep 14, 2010 10:34 pm Post subject: |
|
|
darkphader wrote: | If you do a simpleyou should receive a security section which will tell you if the drive is frozen or not. Start there. |
Actually, I did, but there is no Security section...See my first post.
NeddySeagoon wrote: | You cannot clear the memory cells on any hard drive... |
Maybe I did not used the right term... For a SSD drive without TRIM, the drive cannot know if data has been deleted and after some time will suffer slowdowns. According to Wikipedia's TRIM article:
http://en.wikipedia.org/wiki/TRIM_(SSD_command)#Flash_drive_specific_issues wrote: | If they are considered to contain data, the contents first need to be erased before a write operation can be performed reliably. In SSDs, a write operation can be done on the page-level, but due to hardware limitations, erase commands always affect entire blocks.[7] As a result, writing data to SSD media is very fast as long as empty pages can be used, but slows down considerably once previously written pages need to be overwritten. Since an erase of the cells in the page is needed before it can be written again, but only entire blocks can be erased, an overwrite will initiate a read-erase-modify-write cycle:[4][8]: the contents of the entire block have to be stored in cache before it is effectively erased on the flash medium, then the overwritten page is modified in the cache so the cached block is up to date, and only then is the entire block (with updated page) written to the flash medium. This phenomenon is known as write amplification.[9][10] |
Since I'm pretty sure my SSD does not support TRIM (only high ends one are starting to have it), I want to reset it.
Writting any data to the disk (be it 0's or 1's) will just confuse more the drive as it will think it is full.
NeddySeagoon wrote: | Any data you had on the drive will be long gone - which is the object of the exercise. |
Yes, that's one goal. |
|
Back to top |
|
|
darkphader Veteran
Joined: 09 May 2002 Posts: 1217 Location: Motown
|
Posted: Tue Sep 14, 2010 10:45 pm Post subject: |
|
|
big_gie wrote: | Actually, I did, but there is no Security section...See my first post. |
I saw that, but with the lowercase "i" added (which shouldn't be an issue) as well so I didn't know if the drive was choking (Integrity word not set) on the lowercase or the uppercase request. _________________ WYSIWYG - What You See Is What You Grep |
|
Back to top |
|
|
big_gie Apprentice
Joined: 31 Aug 2004 Posts: 158
|
Posted: Tue Sep 14, 2010 10:49 pm Post subject: |
|
|
Ok
I added the "-i" flag to include more output: the top, condensed part.
Code: |
# hdparm -i /dev/sda
/dev/sda:
Model=ASUS-PHISON SSD, FwRev=TST2.04U, SerialNo=SOQ1782251
Config={ HardSect NotMFM Fixed DTR>10Mbs }
RawCHS=15636/16/63, TrkSize=32256, SectSize=512, ECCbytes=4
BuffType=DualPort, BuffSize=1kB, MaxMultSect=1, MultSect=off
CurCHS=15636/16/63, CurSects=15761088, LBA=yes, LBAsects=15761088
IORDY=yes, tPIO={min:120,w/IORDY:120}, tDMA={min:120,rec:120}
PIO modes: pio0 pio1 pio2 pio3 pio4
DMA modes: mdma0 mdma1 mdma2
UDMA modes: udma0 udma1 udma2 udma3 *udma4
AdvancedPM=no
Drive conforms to: Unspecified: ATA/ATAPI-4,5
* signifies the current active mode
|
Code: | # hdparm -I /dev/sda
/dev/sda:
CompactFlash ATA device
Model Number: ASUS-PHISON SSD
Serial Number: SOQ1782251
Firmware Revision: TST2.04U
Standards:
Supported: 5 4
Likely used: 6
Configuration:
Logical max current
cylinders 15636 15636
heads 16 16
sectors/track 63 63
--
CHS current addressable sectors: 15761088
LBA user addressable sectors: 15761088
Logical/Physical Sector size: 512 bytes
device size with M = 1024*1024: 7695 MBytes
device size with M = 1000*1000: 8069 MBytes (8 GB)
cache/buffer size = 1 KBytes (type=DualPort)
Capabilities:
LBA, IORDY(cannot be disabled)
Standby timer values: spec'd by Standard, no device specific minimum
R/W multiple sector transfer: Max = 1 Current = 0
DMA: mdma0 mdma1 mdma2 udma0 udma1 udma2 udma3 *udma4
Cycle time: min=120ns recommended=120ns
PIO: pio0 pio1 pio2 pio3 pio4
Cycle time: no flow control=120ns IORDY flow control=120ns
Commands/features:
Enabled Supported:
* Power Management feature set
* WRITE_BUFFER command
* READ_BUFFER command
* NOP cmd
* CFA feature set
* Mandatory FLUSH_CACHE
* CFA advanced modes: pio5 pio6 mdma3 mdma4
Integrity word not set (found 0x0000, expected 0x11a5)
|
|
|
Back to top |
|
|
darkphader Veteran
Joined: 09 May 2002 Posts: 1217 Location: Motown
|
Posted: Tue Sep 14, 2010 11:16 pm Post subject: |
|
|
The Security section comes right after the Commands/features section which it looks like the drive isn't completing. Maybe check with the manufacturer and find out why it isn't providing all of the information.
I have used security erase on some Intel SSD's in some newer server hardware and its pretty straightforward. My older desktop shows all of my drives (not SSD's) as frozen :( Apparently it's the way most older BIOSes were setup. _________________ WYSIWYG - What You See Is What You Grep |
|
Back to top |
|
|
Juan Facundo Tux's lil' helper
Joined: 19 Jun 2009 Posts: 138
|
Posted: Sat Jun 29, 2013 9:43 pm Post subject: |
|
|
Hi. I am having some trouble with my sdd drive.
some info:
Code: | # hdparm -I /dev/sdb
/dev/sdb:
ATA device, with non-removable media
Model Number: SAMSUNG MZMPA032HMCD-000L1
Serial Number: S0RUNEAC200107
Firmware Revision: AXM18L1Q
Transport: Serial, ATA8-AST, SATA 1.0a, SATA II Extensions, SATA Rev 2.5, SATA Rev 2.6
Standards:
Used: ATA/ATAPI-7 T13 1532D revision 1
Supported: 8 7 6 5 & some of 8
Configuration:
Logical max current
cylinders 16383 16383
heads 16 16
sectors/track 63 63
--
CHS current addressable sectors: 16514064
LBA user addressable sectors: 62533296
LBA48 user addressable sectors: 62533296
Logical Sector size: 512 bytes
Physical Sector size: 512 bytes
device size with M = 1024*1024: 30533 MBytes
device size with M = 1000*1000: 32017 MBytes (32 GB)
cache/buffer size = unknown
Nominal Media Rotation Rate: Solid State Device
Capabilities:
LBA, IORDY(can be disabled)
Queue depth: 32
Standby timer values: spec'd by Standard, no device specific minimum
R/W multiple sector transfer: Max = 16 Current = 16
DMA: mdma0 mdma1 mdma2 udma0 udma1 udma2 udma3 udma4 udma5 *udma6
Cycle time: min=120ns recommended=120ns
PIO: pio0 pio1 pio2 pio3 pio4
Cycle time: no flow control=120ns IORDY flow control=120ns
Commands/features:
Enabled Supported:
* SMART feature set
Security Mode feature set
* Power Management feature set
* Write cache
* Look-ahead
* Host Protected Area feature set
* WRITE_BUFFER command
* READ_BUFFER command
* DOWNLOAD_MICROCODE
SET_MAX security extension
* 48-bit Address feature set
* Device Configuration Overlay feature set
* Mandatory FLUSH_CACHE
* FLUSH_CACHE_EXT
* SMART error logging
* SMART self-test
* General Purpose Logging feature set
* WRITE_{DMA|MULTIPLE}_FUA_EXT
Write-Read-Verify feature set
* WRITE_UNCORRECTABLE_EXT command
* {READ,WRITE}_DMA_EXT_GPL commands
* Gen1 signaling speed (1.5Gb/s)
* Gen2 signaling speed (3.0Gb/s)
* Native Command Queueing (NCQ)
* Host-initiated interface power management
* Phy event counters
DMA Setup Auto-Activate optimization
Device-initiated interface power management
* Software settings preservation
* SET MAX SETPASSWORD/UNLOCK DMA commands
* WRITE BUFFER DMA command
* READ BUFFER DMA command
* Data Set Management TRIM supported (limit unknown)
Security:
Master password revision code = 65534
supported
not enabled
not locked
frozen
not expired: security count
supported: enhanced erase
6min for SECURITY ERASE UNIT. 6min for ENHANCED SECURITY ERASE UNIT.
Checksum: correct
|
it says "frozen" and i have read i need to "undo" this before trying to make a secure erase or something else. I have read too, i could try putting the system into sleep mode (suspend to disk). I am trying it, but seems not working.
I need some help.
Code: | Kernel version: gentoo-sources 3.8.13 |
Code: | # hdparm -V
hdparm v9.39 |
|
|
Back to top |
|
|
darkphader Veteran
Joined: 09 May 2002 Posts: 1217 Location: Motown
|
Posted: Sat Jun 29, 2013 10:05 pm Post subject: |
|
|
Juan Facundo wrote: | Hi. I am having some trouble with my sdd drive.
it says "frozen" and i have read i need to "undo" this before trying to make a secure erase or something else. I have read too, i could try putting the system into sleep mode (suspend to disk). I am trying it, but seems not working.
|
I've always just power cycled the drive to unfreeze it (that's right, live power cycle with system running - disconnect the drive's power cable then reconnect it). _________________ WYSIWYG - What You See Is What You Grep |
|
Back to top |
|
|
Juan Facundo Tux's lil' helper
Joined: 19 Jun 2009 Posts: 138
|
Posted: Sat Jun 29, 2013 11:02 pm Post subject: |
|
|
damm.., it's an ultraboook... |
|
Back to top |
|
|
Juan Facundo Tux's lil' helper
Joined: 19 Jun 2009 Posts: 138
|
Posted: Sat Jun 29, 2013 11:12 pm Post subject: |
|
|
is there some other way? |
|
Back to top |
|
|
darkphader Veteran
Joined: 09 May 2002 Posts: 1217 Location: Motown
|
Posted: Sat Jun 29, 2013 11:20 pm Post subject: |
|
|
Juan Facundo wrote: | damm.., it's an ultraboook... | !!
I think it's the BIOS that freezes the drive during boot up, that's why some systems always have a frozen drive and some never do. Maybe there's a BIOS setting you can change. If not, maybe you can remove the drive and perform the task in another system and then replace it.
You can use dd to zero it out. If SSD are like flash keys then you "erase" by writing ones and not zeroes. Ex: Code: | tr '\000' '\377' < /dev/zero | dd bs=16384 of=/dev/sdX |
Chris _________________ WYSIWYG - What You See Is What You Grep |
|
Back to top |
|
|
darkphader Veteran
Joined: 09 May 2002 Posts: 1217 Location: Motown
|
Posted: Sat Jun 29, 2013 11:27 pm Post subject: |
|
|
Juan Facundo wrote: | is there some other way? |
See the notes in Step 1a here:
https://ata.wiki.kernel.org/index.php/ATA_Secure_Erase
"Many BIOSes will protect your drives if you have a password set (security enabled) by issuing a SECURITY FREEZE command before booting an operating system. If your drive is frozen, and it has a password enabled, try removing the password using the BIOS and powering down the system to see if that disables the freeze. Otherwise you may need to use a different motherboard (with a different BIOS)." _________________ WYSIWYG - What You See Is What You Grep |
|
Back to top |
|
|
|