#!/bin/bash # activate hardware's mysterious black magic "ATA secure erase", to # prepare for old drive disposal, or to reclaim used parts of an SSD # which are otherwise inaccessible to the OS. # # point of having this script is simply to avoid typoing the device # name or the cmds. should review script and wiki page each time use # script. # # do NOT use for drives not connected directly to the SATA controller # on the motherboard (such as drives connected by USB SATA adaptors) # # see: https://ata.wiki.kernel.org/index.php/ATA_Secure_Erase set -e set -x # `hdparm -I` prints lots of facts about the device which can help # confirm we're erasing the correct device and not our root partition. # triple check it against lsblk, blkid, gparted etc. device="" # ^ this script should not be committed to git with any value in this # variable, to remind me to review the script each time I use it (and # in case the copy in /root/bin gets executed instead of the one in # /home/spwhitton ..) if [[ $EUID -ne 0 ]]; then echo >&2 "this script must be run as root" exit fi ! test -z "$device" ! ( mount | grep -q "$(basename $device)" ) # scrub "$device" # in case the ATA secure erase actually just bricks # # the device, first erase the device without relying # # on its firmware, so we can just go ahead and dispose # # of it if it does get bricked. # # # # commented out because it is not clear to me that # # scrub(1) can do anything meaningful to an SSD; # # uncomment if wanted when running this script hdparm -I "$device" | grep -q "not frozen" # ^ if it ends up frozen, suspending to RAM and resuming often works # to unfreeze hdparm --user-master u --security-set-pass Eins "$device" ! ( hdparm -I "$device" | grep -q "not enabled" ) # drive may not support --security-erase-enhanced and so might need to # change following line to use --security-erase date hdparm -I "$device" | grep -q "not frozen" time hdparm --user-master u --security-erase-enhanced Eins "$device" date hdparm -I "$device" | grep -q "not enabled"