Solid State Drive/Memory cell clearing
Template:Article summary start Template:Article summary text Template:Article summary heading Template:Article summary wiki Template:Article summary wiki Template:Article summary end
Contents
Introduction
On occasion, users may wish to completely reset an SSD's cells to the same virgin state they were manufactured, thus restoring it to its factory default write performance. Write performance is known to degrade over time even on SSDs with native TRIM support. TRIM only safeguards against file deletes, not replacements such as an incremental save.
Quick N' Dirty
dcfldd if=/dev/zero of=/dev/sdX bs=4k hdparm --user-master u --security-set-pass Eins /dev/sdX hdparm --user-master u --security-erase Eins /dev/sdX
Step 1 - Make sure the drive security is not frozen
Issue the following command:
# hdparm -I /dev/sdX
If the command output shows "frozen" one cannot continue to the next step. Most BIOSes block (do no allow) the ATA Secure Erase command by issuing a "SECURITY FREEZE" command to "freeze" the drive before booting an operating system.
A possible solution for SATA drives is hot-(re)plug the data cable (which might crash the kernel). If hot-(re)pluging the SATA data cable crashes the kernel try letting the operating system fully boot up, then quickly hot-(re)plug both the SATA power and data cables.
- It has been reported that hooking up the drive to an eSATA SIIG ExpressCard/54 with an eSATA enclosure will leave the drive security state to "not frozen."
- Placing the target system into "sleep" (Clevo M865TU notebook, Fujitsu T2010 notebook, Dell XPS M1330) and waking it up again has been reported to work as well; this may reset drives to "not frozen". In case you are booting from USB, you need a distribution, that runs entirely in RAM, like [1], see the grml2ram option. Run echo -n mem > /sys/power/state to set the computer to sleep.
- Hooking up the drive to a USB 2/3 port does NOT work, as you need to issue IDE commands which is only possible via IDE/SATA connection.
- Make sure drive security is disabled in BIOS, so no password is set.
Security: Master password revision code = 65534 supported not enabled not locked not frozen not expired: security count supported: enhanced erase 2min for SECURITY ERASE UNIT. 2min for ENHANCED SECURITY ERASE UNIT.
Step 2 - Enable security by setting a user password
Any password will do, as this should only be temporary. After the secure erase the password will be set back to NULL. In this example, the password is "Eins" as shown:
# hdparm --user-master u --security-set-pass Eins /dev/sdX security_password="Eins" /dev/sdX: Issuing SECURITY_SET_PASS command, password="Eins", user=user, mode=high
As a sanity check, issue the following command
# hdparm -I /dev/sdX
The command output should display "enabled":
Security: Master password revision code = 65534 supported enabled not locked not frozen not expired: security count supported: enhanced erase Security level high 2min for SECURITY ERASE UNIT. 2min for ENHANCED SECURITY ERASE UNIT.
Step 3 - Issue the ATA Secure Erase command
# time hdparm --user-master u --security-erase Eins /dev/sdX
Wait until the command completes. This example output shows it took about 40 seconds for an Intel X25-M 80GB SSD, for a 1TB hard disk it might take 3 hours or more!
security_password="Eins" /dev/sdX: Issuing SECURITY_ERASE command, password="Eins", user=user 0.000u 0.000s 0:39.71 0.0% 0+0k 0+0io 0pf+0w
The drive is now erased. After a successful erasure the drive security should automatically be set to disabled (thus no longer requiring a password for access). Verify this by running the following command:
# hdparm -I /dev/sdX
The command output should display "not enabled":
Security: Master password revision code = 65534 supported not enabled not locked not frozen not expired: security count supported: enhanced erase 2min for SECURITY ERASE UNIT. 2min for ENHANCED SECURITY ERASE UNIT.
Post Process Observation
I experienced a "glitch" with my Intel X25-M (G2) after doing this procedure. I do not know if it's fdisk's fault or the procedure's fault.
For some reason, after creating two partitions (1st = 68 G and 2nd = rest of drive), the 32 H and 32 S settings weren't retained. Creating just one partition, writing changes, and exiting gave a result consistent with the -H 32 -S 32 settings when checking via the "fdisk -l" command. However, after adding the 2nd partition, writing and running the same "fdisk -l" command, new values for the geometry were shown - they switched to 255/63! The solution was to start fdisk with the 32/32 parameters and write down the number of cylinders, then use cfdisk to do my partitioning.
Example:
# fdisk -H 32 -S 32 /dev/sdb Command (m for help): p Disk /dev/sdb: 80.0 GB, 80026361856 bytes 32 heads, 32 sectors/track, 152638 cylinders, total 156301488 sectors Units = sectors of 1 * 512 = 512 bytes Sector size (logical/physical): 512 bytes / 512 bytes I/O size (minimum/optimal): 512 bytes / 512 bytes Disk identifier: 0x00000000
Device Boot Start End Blocks Id System /dev/sdb1 32 132812799 66406384 83 Linux /dev/sdb2 132812800 156301311 11744256 83 Linux
Here the correct number of cylinders is 152638. I now went into cfdisk and invoked the "geometry" option via: Template:Keypress. I then manually defined the number of heads to 32, sectors per track to 32, and cylinders to 152638. Now I setup my partitions:
cfdisk (util-linux-ng 2.18) Disk Drive: /dev/sdb Size: 80026361856 bytes, 80.0 GB Heads: 32 Sectors per Track: 32 Cylinders: 152638 Name Flags Part Type FS Type [Label] Size (MB) ------------------------------------------------------------------------------------------------------- sdb1 Primary ext4 68000.16 sdb2 Primary ext4 12026.12
Now querying the device via fdisk gave the consistent values.
# fdisk -l /dev/sdb
Disk /dev/sdb: 80.0 GB, 80026361856 bytes 32 heads, 32 sectors/track, 152638 cylinders, total 156301488 sectors Units = sectors of 1 * 512 = 512 bytes Sector size (logical/physical): 512 bytes / 512 bytes I/O size (minimum/optimal): 512 bytes / 512 bytes Disk identifier: 0x00000000
Device Boot Start End Blocks Id System /dev/sdb1 32 132812799 66406384 83 Linux /dev/sdb2 132812800 156301311 11744256 83 Linux