# hdparm does not show "Security" section

## big_gie

Hi,

I want to do a "Secure Erase" of my SSD for a new and clean installation. According to https://ata.wiki.kernel.org/index.php/ATA_Secure_Erase I should use hdparm, but it does not report a "Security" section and setting a user password fails.

The netbook is an Asus EeePC 1000 with kernel 2.6.33.4

 *Quote:*   

> 
> 
> # hdparm -iI /dev/sda
> 
> /dev/sda:
> ...

 

 *Quote:*   

> 
> 
> # hdparm --user-master u --security-set-pass Eins /dev/sda
> 
> security_password="Eins"
> ...

 

 *Quote:*   

> 
> 
> # hdparm -V
> 
> hdparm v9.30
> ...

 

Could it be related to the "Integrity word not set" message?

Any better way of achieving this?

Thanx!

----------

## NeddySeagoon

big_gie,

As its an SSD, 

```
dd if=/dev/zero of=/dev/sd... bs=4096
```

will do nicely.

Do fill in the right drive, there is no undo function.  Hmm I'm 100% sure that works on SSD as the wear leveling may move defeat it.

----------

## big_gie

Thanx for your answer. But I'm not sure this will work. Writting 0's to the drive is just filling it with (empty) data. It won't (I think) clear the memory cells.

See http://www.anandtech.com/show/2738/8

----------

## darkphader

If you do a simple

```
hdparm -I /dev/sda
```

you should receive a security section which will tell you if the drive is frozen or not. Start there.

----------

## NeddySeagoon

big_gie,

You cannot clear the memory cells on any hard drive. Magnetic drives can be degaussed but thats destructive.

SSDs have something in the memory cells too. 

If you are paranoid you can make a filesystem on the drive with a bad blocks write test.

That will write 00,55,AA and FF all over the drive, and still the cells will not be empty.

Any data you had on the drive will be long gone - which is the object of the exercise.

----------

## darkphader

 *NeddySeagoon wrote:*   

> As its an SSD, 
> 
> ```
> dd if=/dev/zero of=/dev/sd... bs=4096
> ```
> ...

 

Should an SSD be treated like a flash drive and write ones instead of zeroes?

```
tr '\000' '\377' < /dev/zero | dd bs=16384 of=/dev/sdx
```

as per http://goo.gl/FHMx

----------

## NeddySeagoon

darkphader,

Good point - you want ones to be in the memory cells, which is the equivelent of the erase command, which is not normally available to the OS.

However, you have no idea how many inversions there are from the RAM to the HDD unless you can read some bytes you know were never written.

----------

## big_gie

 *darkphader wrote:*   

> If you do a simple
> 
> ```
> hdparm -I /dev/sda
> ```
> ...

 

Actually, I did, but there is no Security section...See my first post.

 *NeddySeagoon wrote:*   

> You cannot clear the memory cells on any hard drive...

 

Maybe I did not used the right term... For a SSD drive without TRIM, the drive cannot know if data has been deleted and after some time will suffer slowdowns. According to Wikipedia's TRIM article:

 *http://en.wikipedia.org/wiki/TRIM_(SSD_command)#Flash_drive_specific_issues wrote:*   

> If they are considered to contain data, the contents first need to be erased before a write operation can be performed reliably. In SSDs, a write operation can be done on the page-level, but due to hardware limitations, erase commands always affect entire blocks.[7] As a result, writing data to SSD media is very fast as long as empty pages can be used, but slows down considerably once previously written pages need to be overwritten. Since an erase of the cells in the page is needed before it can be written again, but only entire blocks can be erased, an overwrite will initiate a read-erase-modify-write cycle:[4][8]: the contents of the entire block have to be stored in cache before it is effectively erased on the flash medium, then the overwritten page is modified in the cache so the cached block is up to date, and only then is the entire block (with updated page) written to the flash medium. This phenomenon is known as write amplification.[9][10]

 

Since I'm pretty sure my SSD does not support TRIM (only high ends one are starting to have it), I want to reset it.

Writting any data to the disk (be it 0's or 1's) will just confuse more the drive as it will think it is full.

 *NeddySeagoon wrote:*   

> Any data you had on the drive will be long gone - which is the object of the exercise.

 

Yes, that's one goal.

----------

## darkphader

 *big_gie wrote:*   

> Actually, I did, but there is no Security section...See my first post.

 

I saw that, but with the lowercase "i" added (which shouldn't be an issue) as well so I didn't know if the drive was choking (Integrity word not set) on the lowercase or the uppercase request.

----------

## big_gie

Ok  :Wink: 

I added the "-i" flag to include more output: the top, condensed part.

```

# hdparm -i /dev/sda

/dev/sda:

 Model=ASUS-PHISON SSD, FwRev=TST2.04U, SerialNo=SOQ1782251

 Config={ HardSect NotMFM Fixed DTR>10Mbs }

 RawCHS=15636/16/63, TrkSize=32256, SectSize=512, ECCbytes=4

 BuffType=DualPort, BuffSize=1kB, MaxMultSect=1, MultSect=off

 CurCHS=15636/16/63, CurSects=15761088, LBA=yes, LBAsects=15761088

 IORDY=yes, tPIO={min:120,w/IORDY:120}, tDMA={min:120,rec:120}

 PIO modes:  pio0 pio1 pio2 pio3 pio4 

 DMA modes:  mdma0 mdma1 mdma2 

 UDMA modes: udma0 udma1 udma2 udma3 *udma4 

 AdvancedPM=no

 Drive conforms to: Unspecified:  ATA/ATAPI-4,5

 * signifies the current active mode

```

```
# hdparm -I /dev/sda

/dev/sda:

CompactFlash ATA device

        Model Number:       ASUS-PHISON SSD                         

        Serial Number:      SOQ1782251          

        Firmware Revision:  TST2.04U

Standards:

        Supported: 5 4 

        Likely used: 6

Configuration:

        Logical         max     current

        cylinders       15636   15636

        heads           16      16

        sectors/track   63      63

        --

        CHS current addressable sectors:   15761088

        LBA    user addressable sectors:   15761088

        Logical/Physical Sector size:           512 bytes

        device size with M = 1024*1024:        7695 MBytes

        device size with M = 1000*1000:        8069 MBytes (8 GB)

        cache/buffer size  = 1 KBytes (type=DualPort)

Capabilities:

        LBA, IORDY(cannot be disabled)

        Standby timer values: spec'd by Standard, no device specific minimum

        R/W multiple sector transfer: Max = 1   Current = 0

        DMA: mdma0 mdma1 mdma2 udma0 udma1 udma2 udma3 *udma4 

             Cycle time: min=120ns recommended=120ns

        PIO: pio0 pio1 pio2 pio3 pio4 

             Cycle time: no flow control=120ns  IORDY flow control=120ns

Commands/features:

        Enabled Supported:

           *    Power Management feature set

           *    WRITE_BUFFER command

           *    READ_BUFFER command

           *    NOP cmd

           *    CFA feature set

           *    Mandatory FLUSH_CACHE

           *    CFA advanced modes: pio5 pio6 mdma3 mdma4 

Integrity word not set (found 0x0000, expected 0x11a5)

```

----------

## darkphader

The Security section comes right after the Commands/features section which it looks like the drive isn't completing. Maybe check with the manufacturer and find out why it isn't providing all of the information.

I have used security erase on some Intel SSD's in some newer server hardware and its pretty straightforward. My older desktop shows all of my drives (not SSD's) as frozen :(  Apparently it's the way most older BIOSes were setup.

----------

## Juan Facundo

Hi. I am having some trouble with my sdd drive.

some info:

```
# hdparm -I /dev/sdb

/dev/sdb:

ATA device, with non-removable media

   Model Number:       SAMSUNG MZMPA032HMCD-000L1              

   Serial Number:      S0RUNEAC200107      

   Firmware Revision:  AXM18L1Q

   Transport:          Serial, ATA8-AST, SATA 1.0a, SATA II Extensions, SATA Rev 2.5, SATA Rev 2.6

Standards:

   Used: ATA/ATAPI-7 T13 1532D revision 1 

   Supported: 8 7 6 5 & some of 8

Configuration:

   Logical      max   current

   cylinders   16383   16383

   heads      16   16

   sectors/track   63   63

   --

   CHS current addressable sectors:   16514064

   LBA    user addressable sectors:   62533296

   LBA48  user addressable sectors:   62533296

   Logical  Sector size:                   512 bytes

   Physical Sector size:                   512 bytes

   device size with M = 1024*1024:       30533 MBytes

   device size with M = 1000*1000:       32017 MBytes (32 GB)

   cache/buffer size  = unknown

   Nominal Media Rotation Rate: Solid State Device

Capabilities:

   LBA, IORDY(can be disabled)

   Queue depth: 32

   Standby timer values: spec'd by Standard, no device specific minimum

   R/W multiple sector transfer: Max = 16   Current = 16

   DMA: mdma0 mdma1 mdma2 udma0 udma1 udma2 udma3 udma4 udma5 *udma6 

        Cycle time: min=120ns recommended=120ns

   PIO: pio0 pio1 pio2 pio3 pio4 

        Cycle time: no flow control=120ns  IORDY flow control=120ns

Commands/features:

   Enabled   Supported:

      *   SMART feature set

          Security Mode feature set

      *   Power Management feature set

      *   Write cache

      *   Look-ahead

      *   Host Protected Area feature set

      *   WRITE_BUFFER command

      *   READ_BUFFER command

      *   DOWNLOAD_MICROCODE

          SET_MAX security extension

      *   48-bit Address feature set

      *   Device Configuration Overlay feature set

      *   Mandatory FLUSH_CACHE

      *   FLUSH_CACHE_EXT

      *   SMART error logging

      *   SMART self-test

      *   General Purpose Logging feature set

      *   WRITE_{DMA|MULTIPLE}_FUA_EXT

          Write-Read-Verify feature set

      *   WRITE_UNCORRECTABLE_EXT command

      *   {READ,WRITE}_DMA_EXT_GPL commands

      *   Gen1 signaling speed (1.5Gb/s)

      *   Gen2 signaling speed (3.0Gb/s)

      *   Native Command Queueing (NCQ)

      *   Host-initiated interface power management

      *   Phy event counters

          DMA Setup Auto-Activate optimization

          Device-initiated interface power management

      *   Software settings preservation

      *   SET MAX SETPASSWORD/UNLOCK DMA commands

      *   WRITE BUFFER DMA command

      *   READ BUFFER DMA command

      *   Data Set Management TRIM supported (limit unknown)

Security: 

   Master password revision code = 65534

      supported

   not   enabled

   not   locked

      frozen

   not   expired: security count

      supported: enhanced erase

   6min for SECURITY ERASE UNIT. 6min for ENHANCED SECURITY ERASE UNIT. 

Checksum: correct

```

it says "frozen" and i have read i need to "undo" this before trying to make a secure erase or something else. I have read too, i could try putting the system into sleep mode (suspend to disk). I am trying it, but seems not working.

I need some help.

```
 Kernel version: gentoo-sources 3.8.13
```

```
# hdparm -V

hdparm v9.39
```

----------

## darkphader

 *Juan Facundo wrote:*   

> Hi. I am having some trouble with my sdd drive.
> 
> it says "frozen" and i have read i need to "undo" this before trying to make a secure erase or something else. I have read too, i could try putting the system into sleep mode (suspend to disk). I am trying it, but seems not working.
> 
> 

 

I've always just power cycled the drive to unfreeze it (that's right, live power cycle with system running - disconnect the drive's power cable then reconnect it).

----------

## Juan Facundo

damm.., it's an ultraboook...

----------

## Juan Facundo

is there some other way?

----------

## darkphader

 *Juan Facundo wrote:*   

> damm.., it's an ultraboook...

 !!

I think it's the BIOS that freezes the drive during boot up, that's why some systems always have a frozen drive and some never do. Maybe there's a BIOS setting you can change. If not, maybe you can remove the drive and perform the task in another system and then replace it.

You can use dd to zero it out. If SSD are like flash keys then you "erase" by writing ones and not zeroes. Ex:

```
tr '\000' '\377' < /dev/zero | dd bs=16384 of=/dev/sdX
```

Chris

----------

## darkphader

 *Juan Facundo wrote:*   

> is there some other way?

 

See the notes in Step 1a here:

https://ata.wiki.kernel.org/index.php/ATA_Secure_Erase

"Many BIOSes will protect your drives if you have a password set (security enabled) by issuing a SECURITY FREEZE command before booting an operating system. If your drive is frozen, and it has a password enabled, try removing the password using the BIOS and powering down the system to see if that disables the freeze. Otherwise you may need to use a different motherboard (with a different BIOS)."

----------

