blob: 2a99890400f34fb47c6bf061687c30f1673592b6 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
|
#!/bin/bash
# activate hardware's mysterious black magic "ATA secure erase", to
# prepare for old drive disposal, or to reclaim used parts of an SSD
# which are otherwise inaccessible to the OS.
#
# point of having this script is simply to avoid typoing the device
# name or the cmds. should review script and wiki page each time use
# script.
#
# do NOT use for drives not connected directly to the SATA controller
# on the motherboard (such as drives connected by USB SATA adaptors)
#
# see: https://ata.wiki.kernel.org/index.php/ATA_Secure_Erase
set -e
set -x
# `hdparm -I` prints lots of facts about the device which can help
# confirm we're erasing the correct device and not our root partition.
# triple check it against lsblk, blkid, gparted etc.
device=""
# ^ this script should not be committed to git with any value in this
# variable, to remind me to review the script each time I use it (and
# in case the copy in /root/bin gets executed instead of the one in
# /home/spwhitton ..)
if [[ $EUID -ne 0 ]]; then
echo >&2 "this script must be run as root"
exit
fi
! test -z "$device"
! ( mount | grep -q "$(basename $device)" )
# scrub "$device" # in case the ATA secure erase actually just bricks
# # the device, first erase the device without relying
# # on its firmware, so we can just go ahead and dispose
# # of it if it does get bricked.
# #
# # commented out because it is not clear to me that
# # scrub(1) can do anything meaningful to an SSD;
# # uncomment if wanted when running this script
hdparm -I "$device" | grep -q "not frozen"
# ^ if it ends up frozen, suspending to RAM and resuming often works
# to unfreeze
hdparm --user-master u --security-set-pass Eins "$device"
! ( hdparm -I "$device" | grep -q "not enabled" )
# drive may not support --security-erase-enhanced and so might need to
# change following line to use --security-erase
date
hdparm -I "$device" | grep -q "not frozen"
time hdparm --user-master u --security-erase-enhanced Eins "$device"
date
hdparm -I "$device" | grep -q "not enabled"
|
