delete == delete

[Alan Dayley]

der.hans wrote:
> moin moin,
> 
> talked to a co-worker tonight about a need to wipe a bunch of disks. He
> pointed out that there's a hidden feature in newer IDE and SATA drives
> that supposedly does a real delete of data for every single block on the
> drive.
> 
> http://blogs.zdnet.com/storage/?p=129&tag=nl.e539
> 
> Are there any Free Software programs that can trigger this type of erase?

Yep and you have it already:
-------------------
alandd@:~> /sbin/hdparm --security-help

ATA Security Commands:
 --security-freeze          Freeze security settings until reset

 The remainder of these are VERY DANGEROUS and can KILL your drive!
 Due to bugs in most Linux kernels, use of these commands may even
 trigger kernel segfaults or worse.  EXPERIMENT AT YOUR OWN RISK!

 --security-unlock PWD      Unlock drive, using password PWD
 --security-set-pass PWD    Lock drive, using password PWD (DANGEROUS)
                             Use 'NULL' as the password to set empty
password
                             Drive gets locked when user password is
selected
 --security-disable PWD     Disable drive locking, using password PWD
 --security-erase PWD       Erase (locked) drive using password PWD
(DANGEROUS)
                             (VERY VERY DANGEROUS -- DO NOT USE!!)
 --security-erase-enhanced PWD
                            Enhanced-erase a (locked) drive, using
password PWD
                             (VERY VERY DANGEROUS -- DO NOT USE!!)
 --security-mode MODE       Select security level (high/maximum)
(default high)
     h   high security
     m   maximum security
 --user-master USER         Select user/master password (default master)
     u   user
     m   master
---------------
Read a bit more about it here and don't skip the comments:
http://storagemojo.com/?p=448

A good note about kernel support is here:
http://lists.samba.org/archive/linux/2007-May/017639.html

" The  Linux  kernel up until 2.6.12 (and probably later) doesn´t
handle the security unlock and disable commands gracefully and will
segfault and in some cases even panic. The security commands however
might  indeed  have been executed by the drive. This poor kernel
behaviour makes the PIO data security commands rather useless at the moment.

"Maybe this has been fixed with later kernels."

Also be aware that some BIOS implementations and/or ATA controller
microcode will block these commands from reaching the drive.  Computer
OEMs don't want them triggered by accident and so remove support for
them.  Which ones block?  I know that Intel chipsets don't.

> Is there a similar type of erase for SCSI?

No and yes.  The SCSI specification up to SCSI-2 does not define any
such commands.  SCSI-3 has an optional secure erase command but I don't
know of any manufacturer that supports it.  Yet.

An option with SCSI is the SCSI Format Unit command which does a
block-by-block erase of the disk data IF it is implemented correctly.
Some SCSI drive manufacturers only erase the first few thousand blocks
which makes the host "think" it is erased and makes the command finish
quicker.  You just have to try it since device documentation rarely
defines the level of support provided.

Go look at http://dcfldd.sourceforge.net/ for a dd command derivative
that has some extra options that help in wiping of data by multiple
overwrites of specified patterns.  There are other wipe tools that are
less "roll you own" like
http://www.linux-kurser.dk/secure_harddisk_eraser.html

Alan


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 249 bytes
Desc: OpenPGP digital signature
Url : http://lists.PLUG.phoenix.az.us/pipermail/plug-discuss/attachments/20070516/be211d63/attachment.pgp