Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
How do I lock a hard drive with hdparm?
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Kernel & Hardware
View previous topic :: View next topic  
Author Message
DingbatCA
Guru
Guru


Joined: 07 Jul 2004
Posts: 384
Location: Portland Or

PostPosted: Wed Jun 28, 2017 5:39 pm    Post subject: How do I lock a hard drive with hdparm? Reply with quote

I am kinda stumped on this one. I can enable a drive password with hdparm:
Code:
hdparm --user-master u --security-set-pass foo /dev/sdc
security_password="foo"

/dev/sdc:
 Issuing SECURITY_SET_PASS command, password="foo", user=user, mode=high

hdparm -I /dev/sdc

/dev/sdc:

ATA device, with non-removable media
...
Security:
   Master password revision code = 65534
      supported
      enabled
   not   locked
   not   frozen
   not   expired: security count
      supported: enhanced erase
   Security level high
...

But I cant seem to figure out the lock command:
Code:
hdparm --security-help

ATA Security Commands:
 Most of these are VERY DANGEROUS and can destroy all of your data!
 Due to bugs in older Linux kernels, use of these commands may even
 trigger kernel segfaults or worse.  EXPERIMENT AT YOUR OWN RISK!

 --security-freeze           Freeze security settings until reset.

 --security-set-pass PASSWD  Lock drive, using password PASSWD:
                                  Use 'NULL' to set empty password.
                                  Drive gets locked if user-passwd is selected.
 --security-unlock   PASSWD  Unlock drive.
 --security-disable  PASSWD  Disable drive locking.
 --security-erase    PASSWD  Erase a (locked) drive.
 --security-erase-enhanced PASSWD   Enhanced-erase a (locked) drive.

 The above four commands may optionally be preceded by these options:
 --security-mode  LEVEL      Use LEVEL to select security level:
                                  h   high security (default).
                                  m   maximum security.
 --user-master    WHICH      Use WHICH to choose password type:
                                  u   user-password (default).
                                  m   master-password

The unlocking is easy:
Code:
hdparm --user-master u --security-unlock foo /dev/sdc

But where is the lock command?
Code:
 hdparm --user-master u --security-lock foo /dev/sdc

Any ideas?
Back to top
View user's profile Send private message
guitou
Guru
Guru


Joined: 02 Oct 2003
Posts: 399
Location: France

PostPosted: Thu Jun 29, 2017 11:58 am    Post subject: Reply with quote

Hello.

Quote:
--security-set-pass PASSWD Lock drive, using password PASSWD: ...


Is that what you were looking for? :p

++
Gi)
Back to top
View user's profile Send private message
DingbatCA
Guru
Guru


Joined: 07 Jul 2004
Posts: 384
Location: Portland Or

PostPosted: Thu Jun 29, 2017 2:57 pm    Post subject: Reply with quote

Enable security:
Code:
root@fuzzy ~# hdparm -I /dev/sdd
...
Security:
   Master password revision code = 65534
      supported
   not   enabled
   not   locked
   not   frozen
...
root@fuzzy ~# hdparm --user-master u --security-set-pass password /dev/sdd
security_password="password"

/dev/sdd:
 Issuing SECURITY_SET_PASS command, password="password", user=user, mode=high

root@fuzzy ~# hdparm -I /dev/sdd
Security:
   Master password revision code = 65534
      supported
      enabled
   not   locked
   not   frozen

Attempt to lock drive:
Code:
root@fuzzy ~# hdparm --security-set-pass password /dev/sdd
security_password="password"

/dev/sdd:
 Issuing SECURITY_SET_PASS command, password="password", user=user, mode=high
root@fuzzy ~# hdparm -I /dev/sdd
...
Security:
   Master password revision code = 65534
      supported
      enabled
   not   locked
   not   frozen
...

Still "not locked".

Trying a soft reset:
Code:
root@fuzzy ~# echo 1 > /sys/block/sdd/device/delete
root@fuzzy ~# dmesg -T | tail
...
[Thu Jun 29 07:37:01 2017] sd 33:0:1:0: [sdd] Synchronizing SCSI cache
[Thu Jun 29 07:37:01 2017] scsi target33:0:1: mptsas: ioc0: delete device: fw_channel 0, fw_id 36, phy 1, sas_addr 0xdd5d3842bda58f83
root@fuzzy ~# echo "- - -" > /sys/class/scsi_host/host33/scan
root@fuzzy ~# dmesg -T | tail
...
[Thu Jun 29 07:38:03 2017] scsi 33:0:1:0: Direct-Access     ATA      WDC WD20EADS-11R 0A80 PQ: 0 ANSI: 5
[Thu Jun 29 07:38:03 2017] sd 33:0:1:0: Attached scsi generic sg4 type 0
[Thu Jun 29 07:38:03 2017] sd 33:0:1:0: [sdd] 3907029168 512-byte logical blocks: (2.00 TB/1.82 TiB)
[Thu Jun 29 07:38:03 2017] sd 33:0:1:0: [sdd] Write Protect is off
[Thu Jun 29 07:38:03 2017] sd 33:0:1:0: [sdd] Mode Sense: 73 00 00 08
[Thu Jun 29 07:38:03 2017] sd 33:0:1:0: [sdd] Write cache: enabled, read cache: enabled, doesn't support DPO or FUA
[Thu Jun 29 07:38:03 2017] sd 33:0:1:0: [sdd] Attached SCSI disk
root@fuzzy ~# hdparm -I /dev/sdd
...
Security:
   Master password revision code = 65534
      supported
      enabled
   not   locked
   not   frozen
...

Cant seem to find the command(s) to issue a hard reset via command line. `hdparm -w /dev/sdd` exits with "HDIO_DRIVE_RESET failed: Invalid argument". Back to the googles....
Back to top
View user's profile Send private message
DingbatCA
Guru
Guru


Joined: 07 Jul 2004
Posts: 384
Location: Portland Or

PostPosted: Thu Jun 29, 2017 3:59 pm    Post subject: Reply with quote

Reboot works. There has to be a more graceful way?!
Code:
root@fuzzy ~# uptime
 08:58:07 up 2 min,  1 user,  load average: 0.05, 0.04, 0.01
root@fuzzy ~# hdparm -I /dev/sdd
...
Security:
   Master password revision code = 65534
      supported
      enabled
      locked
   not   frozen
...
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Kernel & Hardware All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum