LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 01-14-2020, 05:37 AM   #1
vincix
Senior Member
 
Registered: Feb 2011
Distribution: Ubuntu, Centos
Posts: 1,052

Rep: Reputation: 78
the purpose of hdparm --security-set-pass when erasing an SSD


Hi,

I've got a pretty simple question to which I wasn't able to find an answer on the internet: what is the logic of setting a password in order to securely erase the SSD? The SSD has to be locked with a password in order to for the security erase to work. Does it actually use that password somehow in the erasing alghoritm? Or to put it differently: does it matter how complex the password is if you're going to erase the SSD anyhow?

Thanks!
 
Old 01-14-2020, 08:10 AM   #2
sevendogsbsd
Senior Member
 
Registered: Sep 2017
Posts: 1,207

Rep: Reputation: 463Reputation: 463Reputation: 463Reputation: 463Reputation: 463
Not sure why a password is created or is needed to do a secure erase. I do know that if you set a password on the SSD (hardware encryption) and forget it, the drive is toast and there is no way to recover it, at least on the Samsung EVO's, can't speak to other manufacturer's.
 
Old 01-14-2020, 03:52 PM   #3
vincix
Senior Member
 
Registered: Feb 2011
Distribution: Ubuntu, Centos
Posts: 1,052

Original Poster
Rep: Reputation: 78
So by toast you mean you cannot make use of the SSD anymore (let alone keeping the data).
But when you run secure erase and you type in the existing password (which sometimes can be set in BIOS - see Dell computers), then, after the secure erase is finished, there is not password set anymore. I'm not sure how this changes things. But yes, the question in my first post remains.
 
Old 01-14-2020, 03:57 PM   #4
sevendogsbsd
Senior Member
 
Registered: Sep 2017
Posts: 1,207

Rep: Reputation: 463Reputation: 463Reputation: 463Reputation: 463Reputation: 463
Sorry, I have never run secure erase so wasn't quite sure what was happening. On Samsung drives, if you set a password to encrypt the drive and forget it, the drive is toast, no way to recover, even using secure erase. I think I confused the topics, sorry.
 
Old 01-14-2020, 11:11 PM   #5
EdGr
Member
 
Registered: Dec 2010
Location: California, USA
Distribution: Slackware
Posts: 248

Rep: Reputation: 101Reputation: 101
The password is required to make secure erase hard to do by accident.

The password does not matter. I set a one letter password. It disappears after the secure erase.
Ed
 
3 members found this post helpful.
Old 01-15-2020, 08:04 AM   #6
vincix
Senior Member
 
Registered: Feb 2011
Distribution: Ubuntu, Centos
Posts: 1,052

Original Poster
Rep: Reputation: 78
Quote:
Originally Posted by EdGr View Post
The password is required to make secure erase hard to do by accident.

The password does not matter. I set a one letter password. It disappears after the secure erase.
Ed
Thanks for the answer. Nobody actually explains that on the internet, they take it as a given, which is slightly frustrating
 
Old 01-15-2020, 11:59 AM   #7
rnturn
Senior Member
 
Registered: Jan 2003
Location: Illinois (SW Chicago 'burbs)
Distribution: Currently: openSUSE, Raspbian, Slackware. Formerly: CentOS, MacOS, Red Hat. Other: Solaris, Tru64
Posts: 1,669

Rep: Reputation: 202Reputation: 202Reputation: 202
Quote:
Originally Posted by EdGr View Post
The password is required to make secure erase hard to do by accident.

The password does not matter. I set a one letter password. It disappears after the secure erase.
Ed
That was part of the purpose of creating a drive volume name back in the MS-DOS days. You were prompted to enter the volume name when running FORMAT to make accidentally running destructive commands like "FORMAT C:" less of a problem. (They never did make a similar move to make the RECOVER command less of a disaster in-waiting, though. I always removed it from hard disks.)
 
Old 01-15-2020, 05:41 PM   #8
friefl
LQ Newbie
 
Registered: Jan 2020
Location: Australia
Distribution: about to find out
Posts: 8

Rep: Reputation: Disabled
I doubt the present answers.

Securely erasing an SSD by writing multiple passes of zeroes and ones across the entire disk is marginally life-shortening for the SSD. The problem is most easily resolved by simply encrypting the data and directories, a single pass, then deleting the directory. Data is still there but unavailable, which is why the password itself does not matter.
 
Old 01-15-2020, 09:16 PM   #9
michaelk
Moderator
 
Registered: Aug 2002
Posts: 19,385

Rep: Reputation: 3086Reputation: 3086Reputation: 3086Reputation: 3086Reputation: 3086Reputation: 3086Reputation: 3086Reputation: 3086Reputation: 3086Reputation: 3086Reputation: 3086
Quote:
Securely erasing an SSD by writing multiple passes of zeroes and ones across the entire disk is marginally life-shortening for the SSD.
That maybe true but due to wear leveling there is no way to know for the user how many passes it will take to erase the entire drive including spare memory cells. Or determine if or when all memory cells are encrypted. The benefit of using the secure erase function versus writing multiple passes with a SSD is that you reset the device back to its original out of the box state. The security feature and secure erase function is part of the ATA specification and it is up to the manufacture on how to implement it. As posted one way to make sure the end user can not inadvertently send the ATA erase command is to make sure you set the security feature i.e. password.

Last edited by michaelk; 01-15-2020 at 09:45 PM.
 
Old 01-16-2020, 08:40 AM   #10
ntubski
Senior Member
 
Registered: Nov 2005
Distribution: Debian, Arch
Posts: 3,542

Rep: Reputation: 1839Reputation: 1839Reputation: 1839Reputation: 1839Reputation: 1839Reputation: 1839Reputation: 1839Reputation: 1839Reputation: 1839Reputation: 1839Reputation: 1839
Quote:
Originally Posted by friefl View Post
I doubt the present answers.

Securely erasing an SSD by writing multiple passes of zeroes and ones across the entire disk is marginally life-shortening for the SSD. The problem is most easily resolved by simply encrypting the data and directories, a single pass, then deleting the directory. Data is still there but unavailable, which is why the password itself does not matter.
I don't see how what you said contradicts the present answers.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Patriot Scorch M2 SSD 128 GB showing low performance with hdparm razorbjm Linux - Hardware 3 02-04-2019 11:19 AM
SSD Drive locked in hdparm won't unlock BEaSTFX Linux - Hardware 3 12-13-2018 10:52 AM
[SOLVED] What is the purpose of lib64? How does it serve it's purpose? BMan8577 Linux - Newbie 2 09-20-2011 02:39 PM
hdparm doesn't load hdparm.conf KOTAPAKA Linux - Hardware 2 05-21-2008 10:54 AM
hdparm -g NOT= hdparm -i ---LILO hangs @ L stevewalsh Linux - General 4 07-23-2001 10:37 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 02:47 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration