diff options
author | Sean Whitton <spwhitton@spwhitton.name> | 2019-12-30 18:38:16 +0000 |
---|---|---|
committer | Sean Whitton <spwhitton@spwhitton.name> | 2019-12-30 19:30:32 +0000 |
commit | 57cef6c60022b7e2b8876ff30bfe49bdf1c5be18 (patch) | |
tree | 0ddaa363f2e20d9d2b720d937b1b24f516e389d2 | |
parent | 1156012e91a714f92d4c432351ddb37d1bfe30f2 (diff) | |
download | dotfiles-57cef6c60022b7e2b8876ff30bfe49bdf1c5be18.tar.gz |
add ata-secure-erase
-rwxr-xr-x | bin/ata-secure-erase | 43 |
1 files changed, 43 insertions, 0 deletions
diff --git a/bin/ata-secure-erase b/bin/ata-secure-erase new file mode 100755 index 00000000..c7b5f994 --- /dev/null +++ b/bin/ata-secure-erase @@ -0,0 +1,43 @@ +#!/bin/sh + +# activate hardware's mysterious black magic "ATA secure erase", to +# prepare for old drive disposal, or to reclaim used parts of an SSD +# which are otherwise inaccessible to the OS. +# +# point of having this script is simply to avoid typoing the device +# name or the cmds. should review script and wiki page each time use +# script. +# +# do NOT use for drives not connected directly to the SATA controller +# on the motherboard (such as drives connected by USB SATA adaptors) +# +# see: https://ata.wiki.kernel.org/index.php/ATA_Secure_Erase + +set -e +set -x + +# `hdparm -I` prints lots of facts about the device which can help +# confirm we're erasing the correct device and not our root partition. +# triple check it against lsblk, blkid etc. +device="" + +! test -z "$device" +mount | grep -v "$device" + +# sudo scrub "$device" # in case the ATA secure erase actually just +# # bricks the device, first erase the device +# # without relying on its firmware, so we can just +# # go ahead and dispose of it if it does get +# # bricked. +# # +# # commented out because it is not clear to me +# # that scrub(1) can do anything meaningful to an +# # SSD; uncomment if wanted when running this script + +sudo hdparm -I "$device" | grep "not frozen" + +sudo hdparm --user-master u --security-set-pass Eins "$device" +sudo hdparm -I "$device" | grep -v "not enabled" + +sudo time hdparm --user-master u --security-erase-enhanced Eins "$device" +sudo hdparm -I "$device" | grep "not enabled" |