Comments (8)
Hi @achelon5,
I will work on getting a recent build of SeaChest_Security for Solaris. What features are you looking for specifically for ATA security? We don't allow setting ATA Security passwords in the tools for a few reasons, but did add update some ATA security options for clearing passwords, setting freezelock, and viewing current ATA security status.
from openseachest.
Hi,
For context, I had already modified a copy of your software to add the following commands:
--securityDisable [SeaChest | ASCIIPW] [user | master]
--secureErase [normal | enhanced]
--securityFreeze
--securityUnlock [SeaChest | ASCIIPW] [user | master]
--securitySet [SeaChest | ASCIIPW] [user | master] [high | maximum] [master password identifier]
--securityStatus
--dcoFreeze
I had also coded the --securityStatus command to replicate the familiar hdparm style output. E.g.
/dev/rdsk/c3t0d0 - ST10000VN0004-1ZD101 - XXXXXXXX - ATA
Security:
Master password identifier code = 65534 (0xFFFE)
supported
not enabled
not locked
frozen
not expired: security count
supported: enhanced erase
890 min for SECURITY ERASE UNIT. 890 min for ENHANCED SECURITY ERASE UNIT
Given that it appeared to me that you were integrating the majority of these into your code anyway I thought I'd prefer to use yours.
I am a software engineer myself and I understand your reticence in allowing users the ability to set ATA passwords, since this is not handled gracefully by many systems. For instance Solaris does not seem to allow an ATA password locked drive to be unlocked from within Solaris, erroneously claiming the locked drives "failed to power up" but I value the ability to use and test this feature since I would like to use it if I can get it working correctly.
Regards,
Achelon
from openseachest.
Hi @achelon5,
Thanks for the information!
I will work on getting a build of this tool up for you.
Also, great information to know about what Solaris shows for ATA security locked drives.
from openseachest.
Thanks, incidentally (appreciating the fact that you are not Seagate Support) is this likely to be a fault in the drive firmware or am I correct in surmising that the Operating System itself is misinterpreting the aborting of a command in the locked state as a drive failure?
from openseachest.
@achelon5, it is most likely the operating system not understanding how to identify the drive when it is locked.
Most operating systems that I've taken bus traces on usually send identify commands, read commands, and read some logs from the drive to figure out its capabilities and whether there are any filesystems present on it.
With ATA security in a locked state, most commands will be aborted. Any media access is definitely aborted, and other commands that would change something about the drive (such as trying to change the maxLBA or write to a log).
Identify, reading certain logs (such as the identify device data log), checking the power mode, changing from active to idle or standby, and ATA security commands to unlock or erase the drive are allowed. This is a short list from a quick glance at the ACS4 spec.
I'm not certain what Solaris does for discovery, but it may be trying to read the device, not paying attention to the ATA security status bits, and getting an abort and deciding that something is wrong with the drive. I've seen similar cases to this when putting ATA locked drives on some SAS HBAs that do similar device discovery.
from openseachest.
Hi @achelon5
As @vonericsen mentioned he has compiled a version of the closed source tool SeaChest_Security now available in our GitHub ToolBin at https://github.com/Seagate/ToolBin/tree/master/SeaChest/Security/v2.0.1/Solaris
Additionally, we are underway to introduce an openSeaChest_Security project. I am not sure at this time when that one will arrive.
Good luck with your efforts!
from openseachest.
Hi @achelon5,
Today I pushed openSeaChest_Security as a new tool that can be built from the makefile that is checked in (as well as visual studio, mingw, etc).
By default, the ability to set passwords is disabled, but can be turned on with a #define in the openSeaChest_Security.c file.
This is to limit setting passwords since that has some consequences if the system is rebooted and causes issues in some OSs and behind some controllers.
from openseachest.
from openseachest.
Related Issues (20)
- what if we put everything in one binary? HOT 3
- After changing sector size, PowerChoice (EPC) timers are ignored on all my 16TB drives HOT 23
- Exos X16 fails to change sector size on a Supermicro server HOT 5
- tracking "unkown command" HOT 7
- Prebuilt EFI binaries? HOT 3
- Firmware update failing - Firmware Download Failed - Download Microcode returning: ABORTED HOT 30
- I have got dual ST8000NM000A-2KE101 - they have 0 bad sectors and errors but Raid 1 keep getting degraded - Intel® Optane™ Memory HOT 26
- How do we scan, find new firmware and update it? I am on windows HOT 3
- Make Package for ESXi HOT 2
- EPC timers no longer working after long SMART test HOT 15
- openSeaChest_Format: unknown option --showSupportedSectorSizes HOT 1
- Linux openSeaChest reports drive in `standby_z` state regardless of the actual state. HOT 13
- issue HOT 2
- Settings do not take effect HOT 5
- Some detailed changelog HOT 2
- openSeaChest .deb package misses export PATH variable HOT 3
- multiple ST20000NM007D EXOS X20 20TB firmware SC03 fails warranty claim HOT 2
- openSeaChest_PowerControl standby time ignored HOT 3
- Add option to ignore drives in standby HOT 2
- Code Security Report: 6 high severity findings, 16 total findings HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from openseachest.