ATA Secure Erase - password set - not locked
My initial intention was to merely comment, but then I was told my reputation isn't high enough to do that. Anyway, let me begin by clarifying that I am by no means an experienced Linux user. That said, I did actually manage to tackle a similar issue I was facing up until the day before yesterday.
In my case, I did a reboot before long, which I guess you too have done by now, and that rendered my ssd not only security enabled but also locked.
I wouldn't know about the security-disable
command, but the security-unlock
appears to be a bit buggy (can't say I understand much of that).
What worked for me was to issue
sudo hdparm --user-master m --security-erase "" /dev/sda
NOTE: Mine is a Kingston SSD, in which case the master password is apparently set to NULL by default. Depending on the manufacturer you should replace it with the appropriate master-password. I've found a potentially useful list here, which I have, however, not tested, since Kingston was not included and I had to look elsewhere.
NOTE 2: The aforementioned command will obviously erase all data from your disk, including whatever user password you have set, setting security back to not enabled.
NOTE 3: I have been told that I should not try this more than 5 times per power cycle. I've also been told that rebooting may not be enough to enter a fresh power cycle, although in my case, it seems to have been.
Related videos on Youtube
Max1
Updated on September 18, 2022Comments
-
Max1 almost 2 years
Today I tried to wipe my ssd using ATA Secure Erase (with an Ubuntu live sytem). I basically followed the description here: What is the recommended way to empty a SSD?
However, I think I made a mistake during the password setting.
Setting the password
At first I used the command:
sudo hdparm --user-master u --security-set-pass NULL /dev/sda
which gave as output:
security_password: "" /dev/sda: Issuing SECURITY_SET_PASS command, password="", user=user, mode=high
Afterwards I tested if this had succeeded with
sudo hdparm -I /dev/sda
which resulted inSecurity: Master password revision code = 65534 supported enabled not locked not frozen not expired: security count supported: enhanced erase Security level high 2min for SECURITY ERASE UNIT. 2min for ENHANCED SECURITY ERASE UNIT.
Unfortunately I thought the password setting did not work, cause I did not read carefully enough. So I tried again with a different password.
sudo hdparm --user-master u --security-set-pass 0000 /dev/sda
the output made me think that setting the password was successful
security_password: "0000" /dev/sda: Issuing SECURITY_SET_PASS command, password="", user=user, mode=high
But actually it just says that the SECURITY_SET_PASS command has been issued and nothing about success or failure.
Failed attempts to erase the disk
Afterwards I tried erasing with
hdparm --user-master u --security-erase 0000 /dev/sda
which gave me
security_password: "0000" /dev/sda: Permission denied
Since that did not work I figured that the second attempt at password setting was probably not successful and thus I used
hdparm --user-master u --security-erase NULL /dev/sda
to my suprise I just got permission denied again
security_password: "" /dev/sda: Permission denied
Atempts to fix the problem
Then I reasearched a bit and read about the --security-disable option here: https://ata.wiki.kernel.org/index.php/ATA_Secure_Erase
and it also said not to use an empty string or NULL there :/
The following attempts
sudo hdparm --security-disable 0000 sudo hdparm --security-disable NULL sudo hdparm --security-disable PWD sudo hdparm --security-disable "" sudo hdparm --security-disable
all resulted in the output
missing PASSWD
Current state of the disk
Security: Master password revision code = 65534 supported enabled not locked not frozen not expired: security count supported: enhanced erase Security level high 2min for SECURITY ERASE UNIT. 2min for ENHANCED SECURITY ERASE UNIT.
It says not locked in the security part and I did not reboot yet thus I still have a little bit of hope left.
The question
I assume the user password is set to the empty string. Is it somehow possible to get rid of the password and save my ssd?
Thanks in advance if anyone has an idea :)
-
Motivated over 5 yearsCan you please provide further context to "I should not try this more than 5 times per power cycle"? Do you mean to say that secure erase should not be run more than 5 times per power cycle per device?