ATA Secure Erase - password set - not locked

Question

Today I tried to wipe my ssd using ATA Secure Erase (with an Ubuntu live sytem). I basically followed the description here: What is the recommended way to empty a SSD?

However, I think I made a mistake during the password setting.

Setting the password

At first I used the command:

sudo hdparm --user-master u --security-set-pass NULL /dev/sda

which gave as output:

security_password: ""

/dev/sda:
Issuing SECURITY_SET_PASS command, password="", user=user, mode=high

Afterwards I tested if this had succeeded with sudo hdparm -I /dev/sda which resulted in

Security: 
       Master password revision code = 65534
               supported
               enabled
       not     locked
       not     frozen
       not     expired: security count
               supported: enhanced erase
       Security level high
       2min for SECURITY ERASE UNIT. 2min for ENHANCED SECURITY ERASE UNIT.

Unfortunately I thought the password setting did not work, cause I did not read carefully enough. So I tried again with a different password.

sudo hdparm --user-master u --security-set-pass 0000 /dev/sda

the output made me think that setting the password was successful

security_password: "0000"

/dev/sda:
Issuing SECURITY_SET_PASS command, password="", user=user, mode=high

But actually it just says that the SECURITY_SET_PASS command has been issued and nothing about success or failure.

Failed attempts to erase the disk

Afterwards I tried erasing with

hdparm --user-master u --security-erase 0000 /dev/sda

which gave me

security_password: "0000"
/dev/sda: Permission denied

Since that did not work I figured that the second attempt at password setting was probably not successful and thus I used

hdparm --user-master u --security-erase NULL /dev/sda

to my suprise I just got permission denied again

security_password: ""
/dev/sda: Permission denied

Atempts to fix the problem

Then I reasearched a bit and read about the --security-disable option here: https://ata.wiki.kernel.org/index.php/ATA_Secure_Erase

and it also said not to use an empty string or NULL there :/

The following attempts

sudo hdparm --security-disable 0000
sudo hdparm --security-disable NULL
sudo hdparm --security-disable PWD
sudo hdparm --security-disable ""
sudo hdparm --security-disable

all resulted in the output

missing PASSWD

Current state of the disk

Security: 
       Master password revision code = 65534
               supported
               enabled
       not     locked
       not     frozen
       not     expired: security count
               supported: enhanced erase
       Security level high
       2min for SECURITY ERASE UNIT. 2min for ENHANCED SECURITY ERASE UNIT.

It says not locked in the security part and I did not reboot yet thus I still have a little bit of hope left.

The question

I assume the user password is set to the empty string. Is it somehow possible to get rid of the password and save my ssd?

Thanks in advance if anyone has an idea :)

Answer 1

My initial intention was to merely comment, but then I was told my reputation isn't high enough to do that. Anyway, let me begin by clarifying that I am by no means an experienced Linux user. That said, I did actually manage to tackle a similar issue I was facing up until the day before yesterday.

In my case, I did a reboot before long, which I guess you too have done by now, and that rendered my ssd not only security enabled but also locked.

I wouldn't know about the security-disable command, but the security-unlock appears to be a bit buggy (can't say I understand much of that).

What worked for me was to issue

sudo hdparm --user-master m --security-erase "" /dev/sda

NOTE: Mine is a Kingston SSD, in which case the master password is apparently set to NULL by default. Depending on the manufacturer you should replace it with the appropriate master-password. I've found a potentially useful list here, which I have, however, not tested, since Kingston was not included and I had to look elsewhere.

NOTE 2: The aforementioned command will obviously erase all data from your disk, including whatever user password you have set, setting security back to not enabled.

NOTE 3: I have been told that I should not try this more than 5 times per power cycle. I've also been told that rebooting may not be enough to enter a fresh power cycle, although in my case, it seems to have been.