Comments (3)
This is a great question!
I had to do some research and confirm with our spec representative in order to make sure I can give you an accurate answer.
For drives with HPA and DCO here is the interaction with hidden areas when using ATA security erase and Sanitize:
ATA Security Erase
- Normal Mode: DCO and HPA protected area is NOT erased
- Enhanced Mode: Protected area DOES get erased
Examples:
500GB drive with DCO or HPA configured to 250GB
- Normal mode: 250GB of data is erased
- Enhanced mode: 500GB of data is erased (+ previously reallocated sectors)
Sanitize
Protected areas SHALL BE erased
Example:
500GB drive with DCO or HPA configured to 250GB: 500GB of data is erased (+ previously reallocated sectors).
Please be aware that HPA was replaced with AMAC (Accessible Max Address Configuration) in newer ACS specifications and that DCO was made obsolete.
AMAC is different for these erases compared to HPA and DCO:
ATA Security and Sanitize
In all modes, all data will be cleared by these erases.
Example:
500GB drive with AMAC configured to 250GB: 500GB of data is erased.
NOTE: Previously reallocated sectors are only erased with Sanitize or ATA Security Erase in Enhanced mode
from openseachest.
Do the firmware commands above that wipe these hidden areas also require this, or are the HPA/DCO/AMAC simply wiped by default every time the commands are run?
Based on my research and conversation with our spec representative, HPA/DCO/AMAC do not need to be disabled/removed for Sanitize or Enhanced ATA security erase to wipe these areas (and normal ATA security erase for AMAC).
If it's an HPA or DCO drive, and it only supports normal mode for ATA security erase, then this will be required. Some drives (especially older ones) do not support the enhanced mode for ATA security erase.
If you can remove these before the erase, it would make it easier to validate that they were in fact erased no matter which combination of features are in use or are used for the erase.
For HPA and AMAC, we have an option in openSeaChest_Configure called --restoreMaxLBA
which will remove the protected area by making the native max or accessible max LBA back to the native max of the drive.
There are a couple potential problems that may occur depending on how the drive is attached and driver or hardware (USB bridges) function:
- If for some reason the command completion data (Return task file registers) are not available due to a hardware, firmware, or driver bug/limitation, it is not possible to read the native max LBA and restore back to original. Swapping to other hardware can get around this. Unfortunately this does happen often with USB adapters. It is less common in other scenarios, but not impossible to experience a similar problem with something like a SAS HBA.
- HPA can have a password set. If this is the case, it must be HPA unlocked before this can be done. I will say I'm not aware of any hardware or BIOS that uses this feature, but it should be pointed out in case an error is found.
- If an HPA command has been sent by anything else (other software, BIOS, etc), the drive must be power cycled before another HPA command to change native max LBA can be sent. A BIOS may be able to do this, but I haven't heard of it so far, but I have seen lots of strange things in the past. If this is the case, the drive will abort any other HPA request until it has been reset or power cycled (software usually cannot issue resets directly).
We do not currently have support for DCO options in the tools, but if desired, create a new Github issue and note it as a feature request and we'll look into adding them. DCO has its own similar issues. If a DCO freezelock has been issued, the drive will not process any DCO commands until power cycled (and maybe hardware reset). In this case, I have seen the BIOS from some system OEM's issue a DCO freezelock commands before the OS boots. To get around this you would need to use a non-ATA/AHCI card or adapter that would otherwise work...or use another system.
This same freeze-lock issue may also happen with ATA security. In this case, openSeaChest is able to detect the freezelock and report it. Windows will issue an ATA security freeze lock as soon as a drive is attached on a native ATA interface...using a SAS HBA or USB bridge, this doesn't happen (but it is possible any of these could choose to issue this command, but I have not experienced this myself). The exception to this rule is booting into Windows PE/Recovery environment, this does not happen unless the freeze lock was issued by the BIOS. In this case, Windows will only allow an erase to be started with a specific password. More details about this here. Note that this only affects ATA busses. This is not a problem in ATA over SCSI or USB/external adapters.
from openseachest.
This is a great question!
I had to do some research and confirm with our spec representative in order to make sure I can give you an accurate answer.
For drives with HPA and DCO here is the interaction with hidden areas when using ATA security erase and Sanitize:
ATA Security Erase
* Normal Mode: DCO and HPA protected area is _NOT_ erased * Enhanced Mode: Protected area _DOES_ get erased
Examples:
500GB drive with DCO or HPA configured to 250GB* Normal mode: 250GB of data is erased * Enhanced mode: 500GB of data is erased (+ previously reallocated sectors)
Sanitize
Protected areas SHALL BE erasedExample:
500GB drive with DCO or HPA configured to 250GB: 500GB of data is erased (+ previously reallocated sectors).Please be aware that HPA was replaced with AMAC (Accessible Max Address Configuration) in newer ACS specifications and that DCO was made obsolete.
AMAC is different for these erases compared to HPA and DCO:ATA Security and Sanitize
In all modes, all data will be cleared by these erases.Example:
500GB drive with AMAC configured to 250GB: 500GB of data is erased.
NOTE: Previously reallocated sectors are only erased with Sanitize or ATA Security Erase in Enhanced mode
This is great information, thanks for the quick reply in spite of having to research the details, it's much appreciated.
Just to confirm, tools like hdparm
first require removing the HPA and DCO areas before the area they occupied becomes available to wipe. Do the firmware commands above that wipe these hidden areas also require this, or are the HPA/DCO/AMAC simply wiped by default every time the commands are run?
from openseachest.
Related Issues (20)
- Exos X16 fails to change sector size on a Supermicro server HOT 5
- tracking "unkown command" HOT 7
- Prebuilt EFI binaries? HOT 3
- Firmware update failing - Firmware Download Failed - Download Microcode returning: ABORTED HOT 30
- I have got dual ST8000NM000A-2KE101 - they have 0 bad sectors and errors but Raid 1 keep getting degraded - Intel® Optane™ Memory HOT 26
- How do we scan, find new firmware and update it? I am on windows HOT 3
- Make Package for ESXi HOT 2
- EPC timers no longer working after long SMART test HOT 15
- openSeaChest_Format: unknown option --showSupportedSectorSizes HOT 1
- Linux openSeaChest reports drive in `standby_z` state regardless of the actual state. HOT 13
- issue HOT 2
- Settings do not take effect HOT 5
- Some detailed changelog HOT 2
- openSeaChest .deb package misses export PATH variable HOT 3
- multiple ST20000NM007D EXOS X20 20TB firmware SC03 fails warranty claim HOT 2
- openSeaChest_PowerControl standby time ignored HOT 3
- Add option to ignore drives in standby HOT 2
- Code Security Report: 6 high severity findings, 16 total findings HOT 1
- Support QNAP TR-004 4-bay enclosure HOT 1
- Issue with Setting Sector Size on Seagate ST24000NM002H after Interruption, Drive Bricked HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from openseachest.