add ata-secure-erase

1 files changed, 43 insertions, 0 deletions

diff --git a/bin/ata-secure-erase b/bin/ata-secure-erase
new file mode 100755
index 00000000..c7b5f994
--- /dev/null
+++ b/bin/ata-secure-erase
@@ -0,0 +1,43 @@
+#!/bin/sh
+
+# activate hardware's mysterious black magic "ATA secure erase", to
+# prepare for old drive disposal, or to reclaim used parts of an SSD
+# which are otherwise inaccessible to the OS.
+#
+# point of having this script is simply to avoid typoing the device
+# name or the cmds.  should review script and wiki page each time use
+# script.
+#
+# do NOT use for drives not connected directly to the SATA controller
+# on the motherboard (such as drives connected by USB SATA adaptors)
+#
+# see: https://ata.wiki.kernel.org/index.php/ATA_Secure_Erase
+
+set -e
+set -x
+
+# `hdparm -I` prints lots of facts about the device which can help
+# confirm we're erasing the correct device and not our root partition.
+# triple check it against lsblk, blkid etc.
+device=""
+
+! test -z "$device"
+mount | grep -v "$device"
+
+# sudo scrub "$device" # in case the ATA secure erase actually just
+#                      # bricks the device, first erase the device
+#                      # without relying on its firmware, so we can just
+#                      # go ahead and dispose of it if it does get
+#                      # bricked.
+#                      #
+#                      # commented out because it is not clear to me
+#                      # that scrub(1) can do anything meaningful to an
+#                      # SSD; uncomment if wanted when running this script
+
+sudo hdparm -I "$device" | grep "not	frozen"
+
+sudo hdparm --user-master u --security-set-pass Eins "$device"
+sudo hdparm -I "$device" | grep -v "not	enabled"
+
+sudo time hdparm --user-master u --security-erase-enhanced Eins "$device"
+sudo hdparm -I "$device" | grep "not	enabled"