Return to Level1Techs.com

Help with removing decrypted partitions on two HDD's

helpdesk
hardware

#21

Have a read of this: https://linux.die.net/man/8/hdparm

An ATA drive can have two passwords, a USER password and a MASTER password.
From looking at your screenshots above it appears only the USER password is set.

If you know the user password, go into the BIOS and try to change the password. Just press RETURN for the new password, which will usually result in the USER password being removed and the drive unlocked.

If you don't know the USER password, you may be able to set the MASTER password and then perform an "ATA Secure Erase". This will wipe the disk, but leave it unlocked at the end.
See https://en.wikipedia.org/wiki/Parallel_ATA#HDD_passwords_and_security

Procedure for ATA secure erase:
https://ata.wiki.kernel.org/index.php/ATA_Secure_Erase


#22

I cannot get fdisk to read the drive, so there's no really mount point for it, I don' think there is a master password in this BIOS, there's only user and supervisor and that's separate from hdd password.

I'm starting to think I should trash it to be honest.


#23

You can set the drive master password using "hdparm" on Linux. You can then perform an "ATA Secure Erase" which will wipe the drive and remove the user password.


#24

Uhh, how can I do that without even able to see it? There is no /dev/sdX on it, nothing.


#25

Are you sure? Can you post output of
sudo lsblk -ato +serial
with the drives hooked up?

Edit: If you get nothing, try booting into Linux with the drive disconnected. Once Linux is up and running, connect the drive.

SATA is hot-pluggable (if running in AHCI mode). Check in the BIOS for the SATA mode.


#26

sudo lsblk -ato +serial
sdg 0 512 0 512 512 1 cfq 128 128 0B 5VJ5CWQX

That's one of the drives as tested, however it still does not show up in fdisk nor gparted. Interesting that.


#27

Ok - so now do:

hdparm -I /dev/sdg

and post the output.
(NB: That's an uppercase i as the flag to hdparm. In some fonts it can look like an l or a 1).


#28
/dev/sde:

ATA device, with non-removable media
	Model Number:       ST9500420AS                             
	Serial Number:      5VJ5CWQX
	Firmware Revision:  0003SDM1
	Transport:          Serial
Standards:
	Used: unknown (minor revision code 0x0029) 
	Supported: 8 7 6 5 
	Likely used: 8
Configuration:
	Logical		max	current
	cylinders	16383	16383
	heads		16	16
	sectors/track	63	63
	--
	CHS current addressable sectors:   16514064
	LBA    user addressable sectors:  268435455
	LBA48  user addressable sectors:  976773168
	Logical/Physical Sector size:           512 bytes
	device size with M = 1024*1024:      476940 MBytes
	device size with M = 1000*1000:      500107 MBytes (500 GB)
	cache/buffer size  = 16384 KBytes
	Nominal Media Rotation Rate: 7200
Capabilities:
	LBA, IORDY(can be disabled)
	Queue depth: 32
	Standby timer values: spec'd by Standard, no device specific minimum
	R/W multiple sector transfer: Max = 16	Current = 16
	Advanced power management level: 128
	Recommended acoustic management value: 208, current value: 0
	DMA: mdma0 mdma1 mdma2 udma0 udma1 udma2 udma3 udma4 udma5 *udma6 
	     Cycle time: min=120ns recommended=120ns
	PIO: pio0 pio1 pio2 pio3 pio4 
	     Cycle time: no flow control=120ns  IORDY flow control=120ns
Commands/features:
	Enabled	Supported:
	   *	SMART feature set
	   *	Security Mode feature set
	   *	Power Management feature set
	   *	Write cache
	   *	Look-ahead
	   *	Host Protected Area feature set
	   *	WRITE_BUFFER command
	   *	READ_BUFFER command
	   *	NOP cmd
	   *	DOWNLOAD_MICROCODE
	   *	Advanced Power Management feature set
	    	SET_MAX security extension
	    	Automatic Acoustic Management feature set
	   *	48-bit Address feature set
	   *	Device Configuration Overlay feature set
	   *	Mandatory FLUSH_CACHE
	   *	FLUSH_CACHE_EXT
	   *	SMART error logging
	   *	SMART self-test
	   *	General Purpose Logging feature set
	   *	WRITE_{DMA|MULTIPLE}_FUA_EXT
	   *	WRITE_DMA_QUEUED_FUA_EXT
	   *	64-bit World wide name
	   *	IDLE_IMMEDIATE with UNLOAD
	    	Write-Read-Verify feature set
	   *	WRITE_UNCORRECTABLE_EXT command
	   *	{READ,WRITE}_DMA_EXT_GPL commands
	   *	Segmented DOWNLOAD_MICROCODE
	   *	Gen1 signaling speed (1.5Gb/s)
	   *	Gen2 signaling speed (3.0Gb/s)
	   *	Native Command Queueing (NCQ)
	   *	Host-initiated interface power management
	   *	Phy event counters
	    	Device-initiated interface power management
	   *	Software settings preservation
	   *	SMART Command Transport (SCT) feature set
	   *	SCT Read/Write Long (AC1), obsolete
	   *	SCT Write Same (AC2)
	   *	SCT Error Recovery Control (AC3)
	   *	SCT Features Control (AC4)
	   *	SCT Data Tables (AC5)
	    	unknown 206[12] (vendor specific)
Security: 
	Master password revision code = 65534
		supported
		enabled
		locked
	not	frozen
	not	expired: security count
		supported: enhanced erase
	Security level high
	100min for SECURITY ERASE UNIT. 100min for ENHANCED SECURITY ERASE UNIT. 
Logical Unit WWN Device Identifier: 5000c50024aedb19
	NAA		: 5
	IEEE OUI	: 000c50
	Unique ID	: 024aedb19
Checksum: correct

It changed to sde since I plugged it back in. Am I out of luck here?


#29

Looks good to me!

If you're happy to wipe the entire drive, try the following steps. I think this should work, but I don't have a locked drive here to test with. In the steps below replace X with the correct sd device (confirm with lsblk that the serial number matches the one you expect).

Set the drive master password to "Eins"

hdparm --user-master m --security-set-pass Eins /dev/X

...which should respond with something like:

security_password="Eins"

/dev/sdX:
Issuing SECURITY_SET_PASS command, password="Eins", user=master, mode=high

Then try:

Perform an ATA Secure Erase using the previously set master password:

time hdparm --user-master m --security-erase Eins /dev/X

...and approx 100mins later (according to your hdparm output) you should have a freshly wiped disk which is unlocked.

Repeat the hdparm -I /dev/sdX command, and check it reports "not locked" in the "Security:" section.


#30

Will do, thanks again for helping me out with this, I was literally stumped. Fingers crossed!

UPDATE:
I get this in the output for the first command:

security_password: "Eins"

/dev/sde:
 Issuing SECURITY_SET_PASS command, password="Eins", user=master, mode=high
SECURITY_SET_PASS: Input/output error

Is this hardware failure?


#31

Is the drive directly attached, or in a USB dock? Some USB docks cannot pass through the required ATA commands.
What version of "hdparm" do you have?
Run sudo dmesg | tail -50 and post the relevant logs


#32

I use a USB dock, here's the log:

[13730.103172] sd 6:0:0:0: [sde] tag#0 CDB: Read(10) 28 00 00 00 00 00 00 00 08 00
[13730.103174] blk_update_request: critical medium error, dev sde, sector 0
[13730.103177] Buffer I/O error on dev sde, logical block 0, async page read
[13730.103188] ldm_validate_partition_table(): Disk read failed.
[13730.103871] sd 6:0:0:0: [sde] tag#0 FAILED Result: hostbyte=DID_OK driverbyte=DRIVER_SENSE
[13730.103873] sd 6:0:0:0: [sde] tag#0 Sense Key : Medium Error [current] 
[13730.103874] sd 6:0:0:0: [sde] tag#0 Add. Sense: Unrecovered read error
[13730.103876] sd 6:0:0:0: [sde] tag#0 CDB: Read(10) 28 00 00 00 00 00 00 00 08 00
[13730.103877] blk_update_request: critical medium error, dev sde, sector 0
[13730.103878] Buffer I/O error on dev sde, logical block 0, async page read
[13730.104564] sd 6:0:0:0: [sde] tag#0 FAILED Result: hostbyte=DID_OK driverbyte=DRIVER_SENSE
[13730.104565] sd 6:0:0:0: [sde] tag#0 Sense Key : Medium Error [current] 
[13730.104567] sd 6:0:0:0: [sde] tag#0 Add. Sense: Unrecovered read error
[13730.104568] sd 6:0:0:0: [sde] tag#0 CDB: Read(10) 28 00 00 00 00 00 00 00 08 00
[13730.104569] blk_update_request: critical medium error, dev sde, sector 0
[13730.104570] Buffer I/O error on dev sde, logical block 0, async page read
[13730.105237] sd 6:0:0:0: [sde] tag#0 FAILED Result: hostbyte=DID_OK driverbyte=DRIVER_SENSE
[13730.105238] sd 6:0:0:0: [sde] tag#0 Sense Key : Medium Error [current] 
[13730.105239] sd 6:0:0:0: [sde] tag#0 Add. Sense: Unrecovered read error
[13730.105240] sd 6:0:0:0: [sde] tag#0 CDB: Read(10) 28 00 00 00 00 00 00 00 08 00
[13730.105241] blk_update_request: critical medium error, dev sde, sector 0
[13730.105242] Buffer I/O error on dev sde, logical block 0, async page read
[13730.105933] sd 6:0:0:0: [sde] tag#0 FAILED Result: hostbyte=DID_OK driverbyte=DRIVER_SENSE
[13730.105935] sd 6:0:0:0: [sde] tag#0 Sense Key : Medium Error [current] 
[13730.105936] sd 6:0:0:0: [sde] tag#0 Add. Sense: Unrecovered read error
[13730.105937] sd 6:0:0:0: [sde] tag#0 CDB: Read(10) 28 00 00 00 00 00 00 00 08 00
[13730.105938] blk_update_request: critical medium error, dev sde, sector 0
[13730.105939] Buffer I/O error on dev sde, logical block 0, async page read
[13730.105944] Dev sde: unable to read RDB block 0
[13730.106617] sd 6:0:0:0: [sde] tag#0 FAILED Result: hostbyte=DID_OK driverbyte=DRIVER_SENSE
[13730.106619] sd 6:0:0:0: [sde] tag#0 Sense Key : Medium Error [current] 
[13730.106620] sd 6:0:0:0: [sde] tag#0 Add. Sense: Unrecovered read error
[13730.106622] sd 6:0:0:0: [sde] tag#0 CDB: Read(10) 28 00 00 00 00 00 00 00 08 00
[13730.106623] blk_update_request: critical medium error, dev sde, sector 0
[13730.106625] Buffer I/O error on dev sde, logical block 0, async page read
[13730.107298] sd 6:0:0:0: [sde] tag#0 FAILED Result: hostbyte=DID_OK driverbyte=DRIVER_SENSE
[13730.107299] sd 6:0:0:0: [sde] tag#0 Sense Key : Medium Error [current] 
[13730.107300] sd 6:0:0:0: [sde] tag#0 Add. Sense: Unrecovered read error
[13730.107302] sd 6:0:0:0: [sde] tag#0 CDB: Read(10) 28 00 00 00 00 00 00 00 08 00
[13730.107303] blk_update_request: critical medium error, dev sde, sector 0
[13730.107304] Buffer I/O error on dev sde, logical block 0, async page read
[13730.107310]  sde: unable to read partition table
[13730.108156] sd 6:0:0:0: [sde] Attached SCSI disk
[13730.114207] sd 6:0:0:0: [sde] tag#0 FAILED Result: hostbyte=DID_OK driverbyte=DRIVER_SENSE
[13730.114210] sd 6:0:0:0: [sde] tag#0 Sense Key : Medium Error [current] 
[13730.114211] sd 6:0:0:0: [sde] tag#0 Add. Sense: Unrecovered read error
[13730.114213] sd 6:0:0:0: [sde] tag#0 CDB: Read(10) 28 00 3a 38 5f 80 00 00 08 00
[13730.114215] blk_update_request: critical medium error, dev sde, sector 976772992
[13730.114981] Buffer I/O error on dev sde, logical block 122096624, async page read

I'm guessing I'll have to directly connect it via sata? hdparm version: 9.48


#33

Yep - it might be the USB dock. I've had problems with some in the past. I use an eSATA external dock to avoid USB completely.

One quick thing to try first is the default Seagate master password. You may be able to unlock the drive like this:

hdparm --user-master m --security-unlock "Seagate " /dev/sdX

...that's Seagate followed by 25 spaces (32bytes total). The forum won't display the repeated spaces!

EDIT: hdparm version 9.48 should be OK. It's what I have here.


#34

Here's the output:

/dev/sdd
security_password: "Seagate                         "

/dev/sdd:
 Issuing SECURITY_UNLOCK command, password="Seagate                         ", user=master
SG_IO: bad/missing sense data, sb[]:  70 00 05 00 00 00 00 0a 04 51 40 00 21 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

The same goes for Eins. I found this if it's any help: https://superuser.com/questions/642637/harddrive-wipe-out-hidden-areas-like-hpa-and-dco-also-after-malware-infectio


#35

Try connecting directly via SATA. It takes the USB to SATA bridge out of the equation.

You might find the BIOS "freezes" the drive on boot (which will be seen in the hdparm -I output), in which case boot into Linux with the drive data cable disconnected then plug it in once it has booted.


#36

I've been hotswapping via SATA, will reboot if thats the problem.

Here's the information for the second drive:

/dev/sdd:

ATA device, with non-removable media
	Model Number:       FUJITSU MHZ2400BT G1                    
	Serial Number:      K709T86258JS
	Firmware Revision:  0040020C
	Transport:          Serial, ATA8-AST, SATA 1.0a, SATA II Extensions, SATA Rev 2.5; Revision: ATA8-AST T13 Project D1697 Revision 0b
Standards:
	Used: ATA-8-ACS revision 3c 
	Supported: 8 7 6 5 
Configuration:
	Logical		max	current
	cylinders	16383	16383
	heads		16	16
	sectors/track	63	63
	--
	CHS current addressable sectors:   16514064
	LBA    user addressable sectors:  268435455
	LBA48  user addressable sectors:  781422768
	Logical  Sector size:                   512 bytes
	Physical Sector size:                   512 bytes
	device size with M = 1024*1024:      381554 MBytes
	device size with M = 1000*1000:      400088 MBytes (400 GB)
	cache/buffer size  = 8192 KBytes (type=DualPortCache)
Capabilities:
	LBA, IORDY(can be disabled)
	Queue depth: 32
	Standby timer values: spec'd by Standard, no device specific minimum
	R/W multiple sector transfer: Max = 16	Current = 16
	Advanced power management level: 128
	Recommended acoustic management value: 254, current value: 254
	DMA: mdma0 mdma1 mdma2 udma0 udma1 udma2 udma3 udma4 *udma5 
	     Cycle time: min=120ns recommended=120ns
	PIO: pio0 pio1 pio2 pio3 pio4 
	     Cycle time: no flow control=120ns  IORDY flow control=120ns
Commands/features:
	Enabled	Supported:
	   *	SMART feature set
	   *	Security Mode feature set
	   *	Power Management feature set
	   *	Write cache
	   *	Look-ahead
	   *	Host Protected Area feature set
	   *	WRITE_BUFFER command
	   *	READ_BUFFER command
	   *	DOWNLOAD_MICROCODE
	   *	Advanced Power Management feature set
	    	SET_MAX security extension
	   *	Automatic Acoustic Management feature set
	   *	48-bit Address feature set
	   *	Device Configuration Overlay feature set
	   *	Mandatory FLUSH_CACHE
	   *	FLUSH_CACHE_EXT
	   *	SMART error logging
	   *	SMART self-test
	   *	General Purpose Logging feature set
	   *	WRITE_{DMA|MULTIPLE}_FUA_EXT
	   *	64-bit World wide name
	   *	IDLE_IMMEDIATE with UNLOAD
	    	Disable Data Transfer After Error Detection
	   *	WRITE_UNCORRECTABLE_EXT command
	   *	{READ,WRITE}_DMA_EXT_GPL commands
	   *	Segmented DOWNLOAD_MICROCODE
	   *	Gen1 signaling speed (1.5Gb/s)
	   *	Native Command Queueing (NCQ)
	   *	Host-initiated interface power management
	   *	Phy event counters
	   *	DMA Setup Auto-Activate optimization
	    	Device-initiated interface power management
	   *	Software settings preservation
	   *	SMART Command Transport (SCT) feature set
	   *	SCT Write Same (AC2)
	   *	SCT Error Recovery Control (AC3)
	   *	SCT Features Control (AC4)
	   *	SCT Data Tables (AC5)
Security: 
	Master password revision code = 65534
		supported
		enabled
		locked
	not	frozen
	not	expired: security count
	not	supported: enhanced erase
	Security level high
	400min for SECURITY ERASE UNIT. 
Logical Unit WWN Device Identifier: 500000e04247a427
	NAA		: 5
	IEEE OUI	: 00000e
	Unique ID	: 04247a427
Checksum: correct

A dmesg | tail -50

[19616.683102] ata4.00: cmd 25/00:08:00:90:93/00:00:2e:00:00/e0 tag 16 dma 4096 in
                        res 51/04:08:00:90:93/00:00:2e:00:00/e0 Emask 0x1 (device error)
[19616.683104] ata4.00: status: { DRDY ERR }
[19616.683106] ata4.00: error: { ABRT }
[19616.684538] ata4.00: configured for UDMA/100
[19616.684561] ata4: EH complete
[19616.695088] ata4.00: exception Emask 0x0 SAct 0x0 SErr 0x0 action 0x0
[19616.695091] ata4.00: irq_stat 0x40000001
[19616.695093] ata4.00: failed command: READ DMA EXT
[19616.695096] ata4.00: cmd 25/00:08:00:90:93/00:00:2e:00:00/e0 tag 14 dma 4096 in
                        res 51/04:08:00:90:93/00:00:2e:00:00/e0 Emask 0x1 (device error)
[19616.695098] ata4.00: status: { DRDY ERR }
[19616.695099] ata4.00: error: { ABRT }
[19616.696389] ata4.00: configured for UDMA/100
[19616.696410] ata4: EH complete
[19616.707119] ata4.00: exception Emask 0x0 SAct 0x0 SErr 0x0 action 0x0
[19616.707122] ata4.00: irq_stat 0x40000001
[19616.707124] ata4.00: failed command: READ DMA EXT
[19616.707129] ata4.00: cmd 25/00:08:00:90:93/00:00:2e:00:00/e0 tag 0 dma 4096 in
                        res 51/04:08:00:90:93/00:00:2e:00:00/e0 Emask 0x1 (device error)
[19616.707131] ata4.00: status: { DRDY ERR }
[19616.707132] ata4.00: error: { ABRT }
[19616.708450] ata4.00: configured for UDMA/100
[19616.708458] ata4: EH complete
[19616.719115] ata4.00: exception Emask 0x0 SAct 0x0 SErr 0x0 action 0x0
[19616.719118] ata4.00: irq_stat 0x40000001
[19616.719120] ata4.00: failed command: READ DMA EXT
[19616.719125] ata4.00: cmd 25/00:08:00:90:93/00:00:2e:00:00/e0 tag 17 dma 4096 in
                        res 51/04:08:00:90:93/00:00:2e:00:00/e0 Emask 0x1 (device error)
[19616.719127] ata4.00: status: { DRDY ERR }
[19616.719129] ata4.00: error: { ABRT }
[19616.720385] ata4.00: configured for UDMA/100
[19616.720394] ata4: EH complete
[19616.731054] ata4.00: exception Emask 0x0 SAct 0x0 SErr 0x0 action 0x0
[19616.731057] ata4.00: irq_stat 0x40000001
[19616.731059] ata4.00: failed command: READ DMA EXT
[19616.731064] ata4.00: cmd 25/00:08:00:90:93/00:00:2e:00:00/e0 tag 3 dma 4096 in
                        res 51/04:08:00:90:93/00:00:2e:00:00/e0 Emask 0x1 (device error)
[19616.731066] ata4.00: status: { DRDY ERR }
[19616.731067] ata4.00: error: { ABRT }
[19616.732462] ata4.00: configured for UDMA/100
[19616.732470] Buffer I/O error on dev sdd, logical block 97677824, async page read
[19616.732481] ata4: EH complete
[19617.580018] ata3: SATA link up 3.0 Gbps (SStatus 123 SControl 300)
[19617.580472] ACPI Error: [DSSP] Namespace lookup failure, AE_NOT_FOUND (20160930/psargs-359)
[19617.580477] ACPI Error: Method parse/execution failed [\_SB.PCI0.SAT0.SPT2._GTF] (Node ffff9633d68cd0c8), AE_NOT_FOUND (20160930/psparse-543)
[19617.693182] ACPI Error: [DSSP] Namespace lookup failure, AE_NOT_FOUND (20160930/psargs-359)
[19617.693188] ACPI Error: Method parse/execution failed [\_SB.PCI0.SAT0.SPT2._GTF] (Node ffff9633d68cd0c8), AE_NOT_FOUND (20160930/psparse-543)
[19617.693326] ata3.00: configured for UDMA/133
[19617.693328] ata3: EH complete

#37

What I mean is don't use the USB dock. The "SG_IO: bad/missing sense data" is a known symptom of using a USB dock.
You will need to connect the drive directly to a motherboard SATA port, or to an external eSATA dock.
Some drive docks have both USB and eSATA ports, so you might just need an eSATA cable if your PC and dock have eSATA ports.

I wouldn't mess with the HPA and DCO options in hdparm right now. They're not needed for this issue and could brick the drives.

Anyhow, the Fujitsu default master password is 32 spaces. Try unlocking that one once its hooked up directly.

I'm going to be at work for a few hours now, so probably won't be able to reply for a while. Hopefully there's a few suggestions and things to try.


#38

After what you said:

I switched to SATA:

I hope this clears a misunderstanding, tried the 32 spaces password on the fujitsu, that had the same error. Also when I try to boot with the drives, the system loops.


#39

Ok - I found an old dead Seagate drive and will do some testing here.


#40

Read the output of hdparm. The lack of not means it's set. The HDD is locked and has a password set (locked and enabled). You won't be able to do anything with it until you deal with this.

You need to remove the password in the bios first for the HDD.