Well, what do you know, since 2001, nearly every HDD under the sun comes with a Secure Erase feature, as it is part of the ATA standard.
The even better news is that
hdparm fully supports it (is there anything hdparm can't do?), thus, if you're on Linux and you need to securely erase all the data from a drive, all you need to do, say, if your disk is /dev/sdb, is:# hdparm --user-master u --security-set-pass p /dev/sdb security_password="p" /dev/sdb: Issuing SECURITY_SET_PASS command, password="p", user=user, mode=high # hdparm --user-master u --security-erase p /dev/sdb security_password="p" /dev/sdb: Issuing SECURITY_ERASE command, password="p", user=userAfter a while, you should find that your drive has been securely erased. Neat!
VERY IMPORTANT NOTE: If you want to reuse the drive after the secure erase is complete, you MUST issue the following command to remove the lock.
# hdparm --security-disable p /dev/sdb security_password="p" /dev/sdb: Issuing SECURITY_DISABLE command, password="p", user=userThis is because, if you don't disable security, the drive will be kept locked, which will produce ATA/SATA interface errors and prevent any write access!
Note that if you want to find out whether the security erase/enhanced erase feature is supported at all, as well as how long that erasing is going to take, you probably want to issue the following beforehand:
~# hdparm -I /dev/sdb
/dev/sdb:
ATA device, with non-removable media
Model Number: SAMSUNG HD322GJ
Serial Number: XXXXXXXXXXXXXX
Firmware Revision: XXXXXXXX
Transport: Serial, ATA8-AST, SATA 1.0a, SATA II Extensions, SATA Rev 2.5, SATA Rev 2.6
(...)
Security:
Master password revision code = 65534
supported
not enabled
not locked
not frozen
not expired: security count
supported: enhanced erase
48min for SECURITY ERASE UNIT. 48min for ENHANCED SECURITY ERASE UNIT.
No comments:
Post a Comment
Note: only a member of this blog may post a comment.