The officially official Devuan Forum!

You are not logged in.

#1 2019-09-11 01:05:27

nogeek
Member
From: Europe
Registered: 2018-07-15
Posts: 24  

[CLOSED] secure erase failure - unlock ssd with hdparm not possible

I have connected the SSD via a SATA to USB 2.0 Adpater and it is reconized by the computer:

$ lsblk
NAME             MAJ:MIN RM   SIZE RO TYPE  MOUNTPOINT
sdb                8:16   0 447.1G  0 disk

#

Checking if secure erase is possible (printing here only the security section):

$ hdparm -I /dev/sdb

Security:
                supported
        not     enabled
        not     locked
        not     frozen
        not     expired: security count
                supported: enhanced erase
        20min for SECURITY ERASE UNIT. 60min for ENHANCED SECURITY ERASE UNIT.

#

Have had set a passwort.

$ hdparm --user-master u --security-set-pass sec123abc /dev/sdb
security_password: "sec123abc"

/dev/sdb:
 Issuing SECURITY_SET_PASS command, password="sec123abc", user=user, mode=high
The running kernel lacks CONFIG_IDE_TASK_IOCTL support for this device.
SECURITY_SET_PASS: Invalid argument

#

Because of this error I checked the SSD again and three time in a row I get different output each time I run the command:

$ hdparm -I /dev/sdb

/dev/sdb:

ATA device, with non-removable media
Standards:
        Likely used: 1
Configuration:
        soft sectored
        head switch time > 15us
        fixed drive
        disk xfer rate <= 5Mbs
        disk xfer rate > 5Mbs, <= 10Mbs
        data strobe offset option
        format speed tolerance gap reqd
        Logical         max     current
        cylinders       21314   0
        heads           0       0
        sectors/track   0       0
        --
        Logical/Physical Sector size:           512 bytes
        device size with M = 1024*1024:           0 MBytes
        device size with M = 1000*1000:           0 MBytes
        cache/buffer size  = unknown
Capabilities:
        IORDY not likely
        Cannot perform double-word IO
        R/W multiple sector transfer: not supported
        DMA: not supported
        PIO: pio0

#

$ hdparm -I /dev/sdb

/dev/sdb:
SG_IO: bad/missing sense data, sb[]:  70 00 03 00 00 00 00 0a 00 00 00 00 11 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

ATA device, with non-removable media
Standards:
        Likely used: 1
Configuration:
        Logical         max     current
        cylinders       0       0
        heads           0       0
        sectors/track   0       0
        --
        Logical/Physical Sector size:           512 bytes
        device size with M = 1024*1024:           0 MBytes
        device size with M = 1000*1000:           0 MBytes
        cache/buffer size  = unknown
Capabilities:
        IORDY not likely
        Cannot perform double-word IO
        R/W multiple sector transfer: not supported
        DMA: not supported
        PIO: pio0

#

$ hdparm -I /dev/sdb

/dev/sdb:

ATA device, with non-removable media
        Model Number:       TOSHIBA-TR200
        Serial Number:      49QB725OKBSN
        Firmware Revision:  SBFA15.2
        Transport:          Serial, ATA8-AST, SATA 1.0a, SATA II Extensions, SATA Rev 2.5, SATA Rev 2.6, SATA Rev 3.0
Standards:
        Supported: 11 10 9 8 7 6 5
        Likely used: 11
Configuration:
        Logical         max     current
        cylinders       16383   16383
        heads           16      16
        sectors/track   63      63
        --
        CHS current addressable sectors:    16514064
        LBA    user addressable sectors:   268435455
        LBA48  user addressable sectors:   937703088
        Logical  Sector size:                   512 bytes
        Physical Sector size:                   512 bytes
        Logical Sector-0 offset:                  0 bytes
        device size with M = 1024*1024:      457862 MBytes
        device size with M = 1000*1000:      480103 MBytes (480 GB)
        cache/buffer size  = unknown
        Form Factor: 2.5 inch
        Nominal Media Rotation Rate: Solid State Device
Capabilities:
        LBA, IORDY(can be disabled)
        Queue depth: 32
        Standby timer values: spec'd by Standard, no device specific minimum
        R/W multiple sector transfer: Max = 16  Current = 16
        DMA: mdma0 mdma1 mdma2 udma0 udma1 udma2 udma3 udma4 udma5 *udma6
             Cycle time: min=120ns recommended=120ns
        PIO: pio0 pio1 pio2 pio3 pio4
             Cycle time: no flow control=120ns  IORDY flow control=120ns
Commands/features:
        Enabled Supported:
           *    SMART feature set
                Security Mode feature set
           *    Power Management feature set
           *    Write cache
           *    Look-ahead
           *    Host Protected Area feature set
           *    WRITE_BUFFER command
           *    READ_BUFFER command
           *    NOP cmd
           *    DOWNLOAD_MICROCODE
                SET_MAX security extension
           *    48-bit Address feature set
           *    Mandatory FLUSH_CACHE
           *    FLUSH_CACHE_EXT
           *    SMART error logging
           *    General Purpose Logging feature set
           *    WRITE_{DMA|MULTIPLE}_FUA_EXT
           *    64-bit World wide name
           *    {READ,WRITE}_DMA_EXT_GPL commands
           *    Segmented DOWNLOAD_MICROCODE
           *    Gen1 signaling speed (1.5Gb/s)
           *    Gen2 signaling speed (3.0Gb/s)
           *    Gen3 signaling speed (6.0Gb/s)
           *    Native Command Queueing (NCQ)
           *    Phy event counters
           *    READ_LOG_DMA_EXT equivalent to READ_LOG_EXT
                DMA Setup Auto-Activate optimization
                Device-initiated interface power management
           *    Software settings preservation
                Device Sleep (DEVSLP)
           *    DOWNLOAD MICROCODE DMA command
           *    SET MAX SETPASSWORD/UNLOCK DMA commands
           *    WRITE BUFFER DMA command
           *    READ BUFFER DMA command
           *    Data Set Management TRIM supported (limit 8 blocks)
Security:
        Master password revision code = 65534
                supported
        not     enabled
        not     locked
        not     frozen
        not     expired: security count
                supported: enhanced erase
        20min for SECURITY ERASE UNIT. 60min for ENHANCED SECURITY ERASE UNIT.
Logical Unit WWN Device Identifier: 58ce38ec0124245e
        NAA             : 5
        IEEE OUI        : 8ce38e
        Unique ID       : c0124245e
Device Sleep:
        DEVSLP Exit Timeout (DETO): 100 ms (drive)
        Minimum DEVSLP Assertion Time (MDAT): 10 ms (drive)
Checksum: correct

#

When I run the command now I only get the last sort of output.

It says that there is a password now, but if I try to unlock the SSD the following happens:

$ hdparm --user-master u --security-unlock sec123abc /dev/sdb
security_password: "sec123abc"

/dev/sdb:
 Issuing SECURITY_UNLOCK command, password="sec123abc", user=user
The running kernel lacks CONFIG_IDE_TASK_IOCTL support for this device.
SECURITY_UNLOCK: Invalid argument

#

I tried to disable it again (I know that I have to unlock it first but everything before works strange, so I just give it a try):

$ hdparm --user-master u --security-disable sec123abc /dev/sdb
security_password: "sec123abc"

/dev/sdb:
 Issuing SECURITY_DISABLE command, password="sec123abc", user=user
The running kernel lacks CONFIG_IDE_TASK_IOCTL support for this device.
SECURITY_UNLOCK: Invalid argument

So something seems to be wrong with the kernel?
My Kernel is linux-image-5.2.13-gnu (it is linux-libre), I did not modify it or something like that.

#

Then I red here:
https://ata.wiki.kernel.org/index.php/ATA_Secure_Erase
that using a USB-Interface makes problems... (to late badly)

#

So I put the SSD into a SATA drive of another computer with devuan live minimal running, install hdparm and try to unlock and disable, what gives me the same output like this guy here got:
https://www.overclockers.com/forums/arc … 93716.html
On the live system runs the default devuan kernel.

Further he solved his problem by using a master password to unlock his SSD.
There are (unofficial) lists on the web with them. here is one of them:
https://ipv5.wordpress.com/2008/04/14/l … passwords/
I have a Toshiba device here and figured out that "the" masterpassword (it is the only one I have found in several lists) is 32 spaces, but that did not work:

$ hdparm --user-master m --security-set-pass                                  /dev/sdb
missing PASSWD

I tried 34 spaces between "--security-set-pass" and "/dev/sdb", because you need a space after each option/parameter and 32 spaces (because the first logical did not work and I am frustrated...).

#

I did not run the erase command and I do not will!

It would be nice if anyone could help me out....

Last edited by nogeek (2019-09-14 02:50:37)


Sorry for my bad english.
-
Paranoia means the fear of something that do not exist. It is not good to have them.
But people with Pronoia are a problem: https://en.wikipedia.org/wiki/Pronoia_(psychology)

Offline

#2 2019-09-11 05:27:40

b3bgd
Member
Registered: 2019-08-31
Posts: 14  

Re: [CLOSED] secure erase failure - unlock ssd with hdparm not possible

nogeek wrote:

I have a Toshiba device here and figured out that "the" masterpassword (it is the only one I have found in several lists) is 32 spaces, but that did not work:

$ hdparm --user-master m --security-set-pass                                  /dev/sdb
missing PASSWD

I tried 34 spaces between "--security-set-pass" and "/dev/sdb", because you need a space after each option/parameter and 32 spaces (because the first logical did not work and I am frustrated...).

That's not what 32 spaces on a command line do... Just try:

echo                   x

and see what you get. The error message above is pretty clear: missing PASSWD
Try:

$ hdparm --user-master m --security-set-pass "                                " /dev/sdb

Observe the 32 spaces in quotes.

Offline

#3 2019-09-13 17:46:17

nogeek
Member
From: Europe
Registered: 2018-07-15
Posts: 24  

Re: [CLOSED] secure erase failure - unlock ssd with hdparm not possible

thx b3bgd.
Of course I forgot....

However that gave me an:

SECURITY_UNLOCK: Invalid argument

instead, but this too:

Security:
        Master password revision code = 1
                supported 
                enabled
        not     locked
        not     frozen
        not     expired: security count
                supported: enhanced erase
        20min for SECURITY ERASE UNIT. 60min for ENHANCED SECURITY ERASE UNIT.

so I can run the erase command.
I have done that already and it was running corectly accept that:

The running kernel lacks CONFIG_IDE_TASK_IOCTL support for this device.

was showing up again.
Hower the:

        Master password revision code = 65534

has changed to

        Master password revision code = 1

and after the erase it is still there....
Dunno what's the problem but I do not care anymore, a friend of mine took the SSD to use it so I do not need a solution here anymore.


Sorry for my bad english.
-
Paranoia means the fear of something that do not exist. It is not good to have them.
But people with Pronoia are a problem: https://en.wikipedia.org/wiki/Pronoia_(psychology)

Offline

#4 2019-09-14 18:29:58

b3bgd
Member
Registered: 2019-08-31
Posts: 14  

Re: [CLOSED] secure erase failure - unlock ssd with hdparm not possible

Just for future reference, indeed it appears your SATA to USB adapter was the problem. Never ever use advanced SATA features over such an adapter:
https://sourceforge.net/p/hdparm/support-requests/7/

Offline

Board footer