der.hans wrote: > moin moin, > > talked to a co-worker tonight about a need to wipe a bunch of disks. He > pointed out that there's a hidden feature in newer IDE and SATA drives > that supposedly does a real delete of data for every single block on the > drive. > > http://blogs.zdnet.com/storage/?p=129&tag=nl.e539 > > Are there any Free Software programs that can trigger this type of erase? Yep and you have it already: ------------------- alandd@:~> /sbin/hdparm --security-help ATA Security Commands: --security-freeze Freeze security settings until reset The remainder of these are VERY DANGEROUS and can KILL your drive! Due to bugs in most Linux kernels, use of these commands may even trigger kernel segfaults or worse. EXPERIMENT AT YOUR OWN RISK! --security-unlock PWD Unlock drive, using password PWD --security-set-pass PWD Lock drive, using password PWD (DANGEROUS) Use 'NULL' as the password to set empty password Drive gets locked when user password is selected --security-disable PWD Disable drive locking, using password PWD --security-erase PWD Erase (locked) drive using password PWD (DANGEROUS) (VERY VERY DANGEROUS -- DO NOT USE!!) --security-erase-enhanced PWD Enhanced-erase a (locked) drive, using password PWD (VERY VERY DANGEROUS -- DO NOT USE!!) --security-mode MODE Select security level (high/maximum) (default high) h high security m maximum security --user-master USER Select user/master password (default master) u user m master --------------- Read a bit more about it here and don't skip the comments: http://storagemojo.com/?p=448 A good note about kernel support is here: http://lists.samba.org/archive/linux/2007-May/017639.html " The Linux kernel up until 2.6.12 (and probably later) doesn´t handle the security unlock and disable commands gracefully and will segfault and in some cases even panic. The security commands however might indeed have been executed by the drive. This poor kernel behaviour makes the PIO data security commands rather useless at the moment. "Maybe this has been fixed with later kernels." Also be aware that some BIOS implementations and/or ATA controller microcode will block these commands from reaching the drive. Computer OEMs don't want them triggered by accident and so remove support for them. Which ones block? I know that Intel chipsets don't. > Is there a similar type of erase for SCSI? No and yes. The SCSI specification up to SCSI-2 does not define any such commands. SCSI-3 has an optional secure erase command but I don't know of any manufacturer that supports it. Yet. An option with SCSI is the SCSI Format Unit command which does a block-by-block erase of the disk data IF it is implemented correctly. Some SCSI drive manufacturers only erase the first few thousand blocks which makes the host "think" it is erased and makes the command finish quicker. You just have to try it since device documentation rarely defines the level of support provided. Go look at http://dcfldd.sourceforge.net/ for a dd command derivative that has some extra options that help in wiping of data by multiple overwrites of specified patterns. There are other wipe tools that are less "roll you own" like http://www.linux-kurser.dk/secure_harddisk_eraser.html Alan