1

I've already given a detailed description of my predicament in my previous question.
Now I've got this:

sudo hdparm --user-master u --security-erase my_password /dev/sda

returns: 

security_password: "my_password"


/dev/sda:

Issuing SECURITY_ERASE command, password="my_password", user=user

SECURITY_ERASE: Input/output error

What's going on?

Community
  • 1
m.a.a.
  • 645
  • Please don't add "solved" to the title. When you can, just mark the correct answer as accepted. – muru Jun 13 '16 at 19:45

2 Answers2

3

FYI: unlocking a Kingston SSD by use of hdparm, after setting a user password appears to be impossible.

NOTE: The drive will appear as locked next time you reboot after setting your password. Until then, security will only appear as enabled.

Whether trying the very user-password you just set, or other variants, such as "", "NULL", NULL or a row of 32 spaces, either as a user-password or as a master-password, will not unlock your drive, but instead give you an Input/output error.

sudo hdparm --user-master m --security-erase "" /dev/sda

will, however, do the job (that's m as in master, since in Kingston's case the master-password is apparently NULL by default).

The very same master password ("") that returns the Input/output error for the security-unlock command, works just fine with the security-erase command.

So don't lock your ssd unless you really intend to erase it, 'cause it's far from certain whether you'll be able to unlock it.

I've been reading reports of similar issues and I've even stumbled across a patch, which I have, however, not tested.

m.a.a.
  • 645
1

The --security-erase option presumes a drive that has already been locked with that password. I infer from your previous question that you just want a secure destruction of everything on the disk. This is how I do that:

sudo su - 
cat /dev/urandom > /dev/sda

Now wait (quite) a while for the "out of space" error. Disk sda is wiped, and very securely at that.

If you are in a hurry and aren't paranoid,

cat /dev/zero > /dev/sda

will work just as well (really) and be many times faster.

Optionally, run fdisk /dev/sda next and use the n command to add a new partition, accepting all the defaults to create a single big partition. But even if you skip this step, any OS install you do next will create the partition for you.

Community
  • 1
JD Baldwin
  • 613
  • The thing is I did actually manage to set a password, following kos' and Nick Weinberg's instructions. I could confirm that by seeing that Security had switched from not enabled to enabled the second time I typed sudo hdparm -I /dev/sda... So, what now? – m.a.a. Jun 10 '16 at 18:34
  • I'd suggest trying '--security-unlock my_password'. It may not want to do the erase, but maybe it will take the PW back off. – JD Baldwin Jun 10 '16 at 20:23
  • It's just occurred to me that if you initially did --security-set-pass <string> with actual < and > characters that you may have set the drive's PW to null. Try unlocking it with '' and NULL as the PW. Seems a long-shot, but worth trying. – JD Baldwin Jun 10 '16 at 20:30
  • So let me get this clear before I try anything: sudo hdparm --user-master u --security-unlock "NULL" /dev/sda - Is this what you are proposing? – m.a.a. Jun 10 '16 at 20:56
  • I'd try sudo hdparm --user-master u --security-unlock "" /dev/sda first. If that doesn't remove the lock, then try your version. – JD Baldwin Jun 10 '16 at 21:25
  • both variants returned SECURITY_UNLOCK: Input/output error – m.a.a. Jun 10 '16 at 21:40