diff options
author | Sean Whitton <spwhitton@spwhitton.name> | 2019-12-31 21:28:51 +0000 |
---|---|---|
committer | Sean Whitton <spwhitton@spwhitton.name> | 2019-12-31 21:29:18 +0000 |
commit | c10ecbbbeb11abbdfed52f02827f9267928ec803 (patch) | |
tree | c6c4fb665e2d7055be6804f6b57d4d64aefa67a2 | |
parent | 86c8366bbf5296c728118652c102ae34648534e8 (diff) | |
download | dotfiles-c10ecbbbeb11abbdfed52f02827f9267928ec803.tar.gz |
get rid of sudo in ata-secure-erase
Avoids having to enter password more than once.
-rwxr-xr-x | bin/ata-secure-erase | 38 |
1 files changed, 23 insertions, 15 deletions
diff --git a/bin/ata-secure-erase b/bin/ata-secure-erase index 064b38ae..480e0acd 100755 --- a/bin/ata-secure-erase +++ b/bin/ata-secure-erase @@ -1,4 +1,4 @@ -#!/bin/sh +#!/bin/bash # activate hardware's mysterious black magic "ATA secure erase", to # prepare for old drive disposal, or to reclaim used parts of an SSD @@ -20,28 +20,36 @@ set -x # confirm we're erasing the correct device and not our root partition. # triple check it against lsblk, blkid, gparted etc. device="" +# ^ this script should not be committed to git with any value in this +# variable, to remind me to review the script each time I use it (and +# in case the copy in /root/bin gets executed instead of the one in +# /home/spwhitton ..) + +if [[ $EUID -ne 0 ]]; then + echo >&2 "this script must be run as root" + exit +fi ! test -z "$device" ! ( mount | grep -q "$(basename $device)" ) -# sudo scrub "$device" # in case the ATA secure erase actually just -# # bricks the device, first erase the device -# # without relying on its firmware, so we can just -# # go ahead and dispose of it if it does get -# # bricked. -# # -# # commented out because it is not clear to me -# # that scrub(1) can do anything meaningful to an -# # SSD; uncomment if wanted when running this script +# scrub "$device" # in case the ATA secure erase actually just bricks +# # the device, first erase the device without relying +# # on its firmware, so we can just go ahead and dispose +# # of it if it does get bricked. +# # +# # commented out because it is not clear to me that +# # scrub(1) can do anything meaningful to an SSD; +# # uncomment if wanted when running this script -sudo hdparm -I "$device" | grep -q "not frozen" +hdparm -I "$device" | grep -q "not frozen" -sudo hdparm --user-master u --security-set-pass Eins "$device" -! ( sudo hdparm -I "$device" | grep -q "not enabled" ) +hdparm --user-master u --security-set-pass Eins "$device" +! ( hdparm -I "$device" | grep -q "not enabled" ) # drive may not support --security-erase-enhanced and so might need to # change following line to use --security-erase date -sudo time hdparm --user-master u --security-erase-enhanced Eins "$device" +time hdparm --user-master u --security-erase-enhanced Eins "$device" date -sudo hdparm -I "$device" | grep -q "not enabled" +hdparm -I "$device" | grep -q "not enabled" |