You are not logged in.
- Topics: Active | Unanswered
#1 2019-09-11 01:05:27
- nogeek
- Member
- Registered: 2018-07-15
- Posts: 24
[CLOSED] secure erase failure - unlock ssd with hdparm not possible
I have connected the SSD via a SATA to USB 2.0 Adpater and it is reconized by the computer:
$ lsblk
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT
sdb 8:16 0 447.1G 0 disk#
Checking if secure erase is possible (printing here only the security section):
$ hdparm -I /dev/sdb
Security:
supported
not enabled
not locked
not frozen
not expired: security count
supported: enhanced erase
20min for SECURITY ERASE UNIT. 60min for ENHANCED SECURITY ERASE UNIT.#
Have had set a passwort.
$ hdparm --user-master u --security-set-pass sec123abc /dev/sdb
security_password: "sec123abc"
/dev/sdb:
Issuing SECURITY_SET_PASS command, password="sec123abc", user=user, mode=high
The running kernel lacks CONFIG_IDE_TASK_IOCTL support for this device.
SECURITY_SET_PASS: Invalid argument#
Because of this error I checked the SSD again and three time in a row I get different output each time I run the command:
$ hdparm -I /dev/sdb
/dev/sdb:
ATA device, with non-removable media
Standards:
Likely used: 1
Configuration:
soft sectored
head switch time > 15us
fixed drive
disk xfer rate <= 5Mbs
disk xfer rate > 5Mbs, <= 10Mbs
data strobe offset option
format speed tolerance gap reqd
Logical max current
cylinders 21314 0
heads 0 0
sectors/track 0 0
--
Logical/Physical Sector size: 512 bytes
device size with M = 1024*1024: 0 MBytes
device size with M = 1000*1000: 0 MBytes
cache/buffer size = unknown
Capabilities:
IORDY not likely
Cannot perform double-word IO
R/W multiple sector transfer: not supported
DMA: not supported
PIO: pio0#
$ hdparm -I /dev/sdb
/dev/sdb:
SG_IO: bad/missing sense data, sb[]: 70 00 03 00 00 00 00 0a 00 00 00 00 11 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
ATA device, with non-removable media
Standards:
Likely used: 1
Configuration:
Logical max current
cylinders 0 0
heads 0 0
sectors/track 0 0
--
Logical/Physical Sector size: 512 bytes
device size with M = 1024*1024: 0 MBytes
device size with M = 1000*1000: 0 MBytes
cache/buffer size = unknown
Capabilities:
IORDY not likely
Cannot perform double-word IO
R/W multiple sector transfer: not supported
DMA: not supported
PIO: pio0
#
$ hdparm -I /dev/sdb
/dev/sdb:
ATA device, with non-removable media
Model Number: TOSHIBA-TR200
Serial Number: 49QB725OKBSN
Firmware Revision: SBFA15.2
Transport: Serial, ATA8-AST, SATA 1.0a, SATA II Extensions, SATA Rev 2.5, SATA Rev 2.6, SATA Rev 3.0
Standards:
Supported: 11 10 9 8 7 6 5
Likely used: 11
Configuration:
Logical max current
cylinders 16383 16383
heads 16 16
sectors/track 63 63
--
CHS current addressable sectors: 16514064
LBA user addressable sectors: 268435455
LBA48 user addressable sectors: 937703088
Logical Sector size: 512 bytes
Physical Sector size: 512 bytes
Logical Sector-0 offset: 0 bytes
device size with M = 1024*1024: 457862 MBytes
device size with M = 1000*1000: 480103 MBytes (480 GB)
cache/buffer size = unknown
Form Factor: 2.5 inch
Nominal Media Rotation Rate: Solid State Device
Capabilities:
LBA, IORDY(can be disabled)
Queue depth: 32
Standby timer values: spec'd by Standard, no device specific minimum
R/W multiple sector transfer: Max = 16 Current = 16
DMA: mdma0 mdma1 mdma2 udma0 udma1 udma2 udma3 udma4 udma5 *udma6
Cycle time: min=120ns recommended=120ns
PIO: pio0 pio1 pio2 pio3 pio4
Cycle time: no flow control=120ns IORDY flow control=120ns
Commands/features:
Enabled Supported:
* SMART feature set
Security Mode feature set
* Power Management feature set
* Write cache
* Look-ahead
* Host Protected Area feature set
* WRITE_BUFFER command
* READ_BUFFER command
* NOP cmd
* DOWNLOAD_MICROCODE
SET_MAX security extension
* 48-bit Address feature set
* Mandatory FLUSH_CACHE
* FLUSH_CACHE_EXT
* SMART error logging
* General Purpose Logging feature set
* WRITE_{DMA|MULTIPLE}_FUA_EXT
* 64-bit World wide name
* {READ,WRITE}_DMA_EXT_GPL commands
* Segmented DOWNLOAD_MICROCODE
* Gen1 signaling speed (1.5Gb/s)
* Gen2 signaling speed (3.0Gb/s)
* Gen3 signaling speed (6.0Gb/s)
* Native Command Queueing (NCQ)
* Phy event counters
* READ_LOG_DMA_EXT equivalent to READ_LOG_EXT
DMA Setup Auto-Activate optimization
Device-initiated interface power management
* Software settings preservation
Device Sleep (DEVSLP)
* DOWNLOAD MICROCODE DMA command
* SET MAX SETPASSWORD/UNLOCK DMA commands
* WRITE BUFFER DMA command
* READ BUFFER DMA command
* Data Set Management TRIM supported (limit 8 blocks)
Security:
Master password revision code = 65534
supported
not enabled
not locked
not frozen
not expired: security count
supported: enhanced erase
20min for SECURITY ERASE UNIT. 60min for ENHANCED SECURITY ERASE UNIT.
Logical Unit WWN Device Identifier: 58ce38ec0124245e
NAA : 5
IEEE OUI : 8ce38e
Unique ID : c0124245e
Device Sleep:
DEVSLP Exit Timeout (DETO): 100 ms (drive)
Minimum DEVSLP Assertion Time (MDAT): 10 ms (drive)
Checksum: correct#
When I run the command now I only get the last sort of output.
It says that there is a password now, but if I try to unlock the SSD the following happens:
$ hdparm --user-master u --security-unlock sec123abc /dev/sdb
security_password: "sec123abc"
/dev/sdb:
Issuing SECURITY_UNLOCK command, password="sec123abc", user=user
The running kernel lacks CONFIG_IDE_TASK_IOCTL support for this device.
SECURITY_UNLOCK: Invalid argument#
I tried to disable it again (I know that I have to unlock it first but everything before works strange, so I just give it a try):
$ hdparm --user-master u --security-disable sec123abc /dev/sdb
security_password: "sec123abc"
/dev/sdb:
Issuing SECURITY_DISABLE command, password="sec123abc", user=user
The running kernel lacks CONFIG_IDE_TASK_IOCTL support for this device.
SECURITY_UNLOCK: Invalid argumentSo something seems to be wrong with the kernel?
My Kernel is linux-image-5.2.13-gnu (it is linux-libre), I did not modify it or something like that.
#
Then I red here:
https://ata.wiki.kernel.org/index.php/ATA_Secure_Erase
that using a USB-Interface makes problems... (to late badly)
#
So I put the SSD into a SATA drive of another computer with devuan live minimal running, install hdparm and try to unlock and disable, what gives me the same output like this guy here got:
https://www.overclockers.com/forums/arc … 93716.html
On the live system runs the default devuan kernel.
Further he solved his problem by using a master password to unlock his SSD.
There are (unofficial) lists on the web with them. here is one of them:
https://ipv5.wordpress.com/2008/04/14/l … passwords/
I have a Toshiba device here and figured out that "the" masterpassword (it is the only one I have found in several lists) is 32 spaces, but that did not work:
$ hdparm --user-master m --security-set-pass /dev/sdb
missing PASSWDI tried 34 spaces between "--security-set-pass" and "/dev/sdb", because you need a space after each option/parameter and 32 spaces (because the first logical did not work and I am frustrated...).
#
I did not run the erase command and I do not will!
It would be nice if anyone could help me out....
Last edited by nogeek (2019-09-14 02:50:37)
Offline
#2 2019-09-11 05:27:40
- b3bgd
- Member
- Registered: 2019-08-31
- Posts: 14
Re: [CLOSED] secure erase failure - unlock ssd with hdparm not possible
I have a Toshiba device here and figured out that "the" masterpassword (it is the only one I have found in several lists) is 32 spaces, but that did not work:
$ hdparm --user-master m --security-set-pass /dev/sdb missing PASSWDI tried 34 spaces between "--security-set-pass" and "/dev/sdb", because you need a space after each option/parameter and 32 spaces (because the first logical did not work and I am frustrated...).
That's not what 32 spaces on a command line do... Just try:
echo xand see what you get. The error message above is pretty clear: missing PASSWD
Try:
$ hdparm --user-master m --security-set-pass " " /dev/sdbObserve the 32 spaces in quotes.
Offline
#3 2019-09-13 17:46:17
- nogeek
- Member
- Registered: 2018-07-15
- Posts: 24
Re: [CLOSED] secure erase failure - unlock ssd with hdparm not possible
thx b3bgd.
Of course I forgot....
However that gave me an:
SECURITY_UNLOCK: Invalid argumentinstead, but this too:
Security:
Master password revision code = 1
supported
enabled
not locked
not frozen
not expired: security count
supported: enhanced erase
20min for SECURITY ERASE UNIT. 60min for ENHANCED SECURITY ERASE UNIT.so I can run the erase command.
I have done that already and it was running corectly accept that:
The running kernel lacks CONFIG_IDE_TASK_IOCTL support for this device.was showing up again.
Hower the:
Master password revision code = 65534has changed to
Master password revision code = 1and after the erase it is still there....
Dunno what's the problem but I do not care anymore, a friend of mine took the SSD to use it so I do not need a solution here anymore.
Offline
#4 2019-09-14 18:29:58
- b3bgd
- Member
- Registered: 2019-08-31
- Posts: 14
Re: [CLOSED] secure erase failure - unlock ssd with hdparm not possible
Just for future reference, indeed it appears your SATA to USB adapter was the problem. Never ever use advanced SATA features over such an adapter:
https://sourceforge.net/p/hdparm/support-requests/7/
Offline
