diff options
author | Sean Whitton <spwhitton@spwhitton.name> | 2020-01-19 10:20:25 -0700 |
---|---|---|
committer | Sean Whitton <spwhitton@spwhitton.name> | 2020-01-19 10:20:25 -0700 |
commit | b28656fb9c4670ec242cd8748d50f320a749ec86 (patch) | |
tree | 2c9201efb2dd2f8c26340a4be6588ae4c4c744ac /scripts | |
parent | 22b7afcd84e363f9490a60c24350a08aced3fc29 (diff) | |
download | dotfiles-b28656fb9c4670ec242cd8748d50f320a749ec86.tar.gz |
move ata-secure-erase
We have to edit it and then run it as root so no point in having it on
PATH.
Diffstat (limited to 'scripts')
-rwxr-xr-x | scripts/root/ata-secure-erase | 55 |
1 files changed, 55 insertions, 0 deletions
diff --git a/scripts/root/ata-secure-erase b/scripts/root/ata-secure-erase new file mode 100755 index 00000000..480e0acd --- /dev/null +++ b/scripts/root/ata-secure-erase @@ -0,0 +1,55 @@ +#!/bin/bash + +# activate hardware's mysterious black magic "ATA secure erase", to +# prepare for old drive disposal, or to reclaim used parts of an SSD +# which are otherwise inaccessible to the OS. +# +# point of having this script is simply to avoid typoing the device +# name or the cmds. should review script and wiki page each time use +# script. +# +# do NOT use for drives not connected directly to the SATA controller +# on the motherboard (such as drives connected by USB SATA adaptors) +# +# see: https://ata.wiki.kernel.org/index.php/ATA_Secure_Erase + +set -e +set -x + +# `hdparm -I` prints lots of facts about the device which can help +# confirm we're erasing the correct device and not our root partition. +# triple check it against lsblk, blkid, gparted etc. +device="" +# ^ this script should not be committed to git with any value in this +# variable, to remind me to review the script each time I use it (and +# in case the copy in /root/bin gets executed instead of the one in +# /home/spwhitton ..) + +if [[ $EUID -ne 0 ]]; then + echo >&2 "this script must be run as root" + exit +fi + +! test -z "$device" +! ( mount | grep -q "$(basename $device)" ) + +# scrub "$device" # in case the ATA secure erase actually just bricks +# # the device, first erase the device without relying +# # on its firmware, so we can just go ahead and dispose +# # of it if it does get bricked. +# # +# # commented out because it is not clear to me that +# # scrub(1) can do anything meaningful to an SSD; +# # uncomment if wanted when running this script + +hdparm -I "$device" | grep -q "not frozen" + +hdparm --user-master u --security-set-pass Eins "$device" +! ( hdparm -I "$device" | grep -q "not enabled" ) + +# drive may not support --security-erase-enhanced and so might need to +# change following line to use --security-erase +date +time hdparm --user-master u --security-erase-enhanced Eins "$device" +date +hdparm -I "$device" | grep -q "not enabled" |