Difference between revisions of "SED Hard Drives"

From Hack Sphere Labs Wiki
Jump to: navigation, search
(Unlocking w/ secure erase)
 
Line 14: Line 14:
 
PSID is a OPAL 2.0 concept, OPAL 1.0 drives do not have it.
 
PSID is a OPAL 2.0 concept, OPAL 1.0 drives do not have it.
 
*When the drive is shipped from the factory, all passwords are set to the value of MSID. This 32-byte random value can only be read by the host electronically over the interface. After receipt of the drive, it is the responsibility of the owner to use the default MSID password as the authority to change all other passwords to unique owner-specified values.
 
*When the drive is shipped from the factory, all passwords are set to the value of MSID. This 32-byte random value can only be read by the host electronically over the interface. After receipt of the drive, it is the responsibility of the owner to use the default MSID password as the authority to change all other passwords to unique owner-specified values.
 +
 +
 +
=FreeNAS Post=
 +
*https://forums.freenas.org/index.php?threads/seagate-sas-sed-self-encrypting-drive-unlock.46165/#post-316286
 +
 +
<pre>
 +
Yes. They actually have better utils now. Here is some info from my wiki:
 +
 +
https://wiki.hackspherelabs.com/index.php?title=SED_Hard_Drives
 +
 +
sedutil is what you want for linux: https://wiki.archlinux.org/index.php/Self-Encrypting_Drives
 +
 +
https://github.com/Drive-Trust-Alliance/sedutil
 +
 +
For me though, it will not work. I was so confused about the concepts around all of this because of how the information about it all is presented. It is really simple stuff really but the sedutil is really what makes is simple.
 +
 +
The problem for me though is that I have a OPAL 1.0 drive. OPAL 1.0 worked more like when you used to lock a hard drive through ATA commands, hdparm, etc. So once the drive was password protected there was no way to unprotect it. This is the problem with my two OPAL 1.0 drives. Someone (the software they used to manage the drives) changed the MSID on the drive. With OPAL 1.0 the MSID is a default value from the factory but once it is changed and lost, the drive cannot be unlocked without it.
 +
 +
With OPAL 2.0 each drive has a PSID on it. The Physical SID is a number that can be read off the disk that says PSID and 4 groups of 8 numbers. OPAL 2.0 drives should be erasable and useable with the PSID and sedutil.
 +
 +
You can see an example of a PSID here: http://www.seagate.com/files/staticfiles/support/docs/manual/Interface manuals/100515636b.pdf Page 15.
 +
 +
The reason that I was so confused is that I have these SED drives and everything says that they are unlockable by entering the PSID from the drive. Well no one mentioned anything about OPAL 1.0 and when I saw "SID" and then the 32 char number I just thought that I came across a manufacture that called a PSID a SID. It was a physical label on the drive and it had a 32 char number on it. But it is actually the MSID of the drive which will not unlock and erase the drive after changed. So the drives are trash unless someone someday figures out how to fix that.
 +
 +
At least it seems, I can find nothing on unlocking OPAL 1.0 drives and formatting them but at this point I assume that since it is an older spec that it functions like its related ATA spec with secure erase and such. I have an open question to the devs that built sed util but I have not recieved anything back ( https://github.com/Drive-Trust-Alliance/sedutil/issues/79 ). Everything that I read points to a changed and lost MSID in Opal 1.0 and the drives are useless but nothing in any of the docs that Seagate provide say that exactly.
 +
 +
I assume that they did not say it because it was obvious that is what the old spec did and this new spec will do the same.
 +
</pre>

Latest revision as of 07:59, 27 September 2016

SED or Self Encrypting Drives

11:16 < Kasperle> webdawg: there are some micron SED SSDs that can be unlocked with an ID printed on the device
11:17 < Kasperle> webdawg: it's probably dependent on the device/brand of SED

Unlock/Reset DEK Seagate SED with SID on drive?

Unlocking w/ secure erase

PSID is a OPAL 2.0 concept, OPAL 1.0 drives do not have it.

  • When the drive is shipped from the factory, all passwords are set to the value of MSID. This 32-byte random value can only be read by the host electronically over the interface. After receipt of the drive, it is the responsibility of the owner to use the default MSID password as the authority to change all other passwords to unique owner-specified values.


FreeNAS Post

Yes. They actually have better utils now. Here is some info from my wiki:

https://wiki.hackspherelabs.com/index.php?title=SED_Hard_Drives

sedutil is what you want for linux: https://wiki.archlinux.org/index.php/Self-Encrypting_Drives

https://github.com/Drive-Trust-Alliance/sedutil

For me though, it will not work. I was so confused about the concepts around all of this because of how the information about it all is presented. It is really simple stuff really but the sedutil is really what makes is simple.

The problem for me though is that I have a OPAL 1.0 drive. OPAL 1.0 worked more like when you used to lock a hard drive through ATA commands, hdparm, etc. So once the drive was password protected there was no way to unprotect it. This is the problem with my two OPAL 1.0 drives. Someone (the software they used to manage the drives) changed the MSID on the drive. With OPAL 1.0 the MSID is a default value from the factory but once it is changed and lost, the drive cannot be unlocked without it.

With OPAL 2.0 each drive has a PSID on it. The Physical SID is a number that can be read off the disk that says PSID and 4 groups of 8 numbers. OPAL 2.0 drives should be erasable and useable with the PSID and sedutil.

You can see an example of a PSID here: http://www.seagate.com/files/staticfiles/support/docs/manual/Interface manuals/100515636b.pdf Page 15.

The reason that I was so confused is that I have these SED drives and everything says that they are unlockable by entering the PSID from the drive. Well no one mentioned anything about OPAL 1.0 and when I saw "SID" and then the 32 char number I just thought that I came across a manufacture that called a PSID a SID. It was a physical label on the drive and it had a 32 char number on it. But it is actually the MSID of the drive which will not unlock and erase the drive after changed. So the drives are trash unless someone someday figures out how to fix that.

At least it seems, I can find nothing on unlocking OPAL 1.0 drives and formatting them but at this point I assume that since it is an older spec that it functions like its related ATA spec with secure erase and such. I have an open question to the devs that built sed util but I have not recieved anything back ( https://github.com/Drive-Trust-Alliance/sedutil/issues/79 ). Everything that I read points to a changed and lost MSID in Opal 1.0 and the drives are useless but nothing in any of the docs that Seagate provide say that exactly.

I assume that they did not say it because it was obvious that is what the old spec did and this new spec will do the same.