本次经历完全起源于自己作死,瞎玩和粗心。验证HDD安全擦除时,认为系统hang住,造成事故发生。下面我们讲讲HDD硬盘securityATAerase。
Issue the following command, where "X" matches your device (eg. sdb). 通常不要选择系统盘
hdparm -I /dev/sdb
Security:
Master password revision code = 65534
supported
not enabled
not locked
not frozen
not expired: security count
supported: enhanced erase
2min for SECURITY ERASE UNIT. 2min for ENHANCED SECURITY ERASE UNIT.
If the command output shows "frozen" (instead of "not frozen") then you cannot continue to the next step.
Many BIOSes will protect your drives if you have a password set (security enabled) by issuing a SECURITY FREEZE command before booting an operating system. If your drive is frozen, and it has a password enabled, try removing the password using the BIOS and powering down the system to see if that disables the freeze. Otherwise you may need to use a different motherboard (with a different BIOS).
A possible solution for SATA drives is hot-(re)plug the data cable (this might crash your kernel). If hot-(re)pluging the SATA data cable crashes the kernel try letting the operating system fully boot up, then quickly hot-(re)plug both the SATA power and data cables.
echo -n mem > /sys/power/state
WARNING: When the user password is set the drive will be locked after next power cycle (the drive will deny normal access until unlocked with the correct password).
Any password will do, as this should only be temporary. After the secure erase the password will be set back to NULL. For this procedure we'll use the password "Eins".
hdparm --user-master u --security-set-pass user123 /dev/sdb
Step 2a - Command Output:
security_password="user123"
/dev/sdd:
Issuing SECURITY_SET_PASS command, password="Eins", user=user, mode=high
hdparm -I /dev/sdb
Step 2b - Command Output (should display "enabled"):
Security:
Master password revision code = 65534
supported
enabled
not locked
not frozen
not expired: security count
supported: enhanced erase
Security level high
50min for SECURITY ERASE UNIT. 50min for ENHANCED SECURITY ERASE UNIT.
time hdparm --user-master u --security-erase user123 /dev/sdb
Step 3 Command Output:
Wait until the command completes.
security_password="Eins"
/dev/sdd:
Issuing SECURITY_ERASE command, password="user123", user=user
0.000u 0.000s 0:39.71 0.0% 0+0k 0+0io 0pf+0w
事故发生于此,因为没有注意擦出时间是50min,以为系统hang住,本人强制关机,结果开机时,会提示你输入sdb硬盘的user passwd。此密码并不是刚刚设置的security_passwd=“user123”,三次输入错误,导致硬盘被locked。进入OS后查看sdb的status。
hdparm -I /dev/sdb
Security: Master password revision code = 65534 supported enabled locked not frozen not expired: security count supported: enhanced erase Security level high 50min for SECURITY ERASE UNIT. 50min for ENHANCED SECURITY ERASE UNIT.
此时sdb已被上锁,执行安全擦除时无效的,本人在网上查了很久都没有找到谁遇到过这种情况,最后看了hdparm命令才知道答案。想把密码擦掉,必选先把硬盘解锁。操作如下
让我们解锁吧
#hdparm --user-master u --security-unlock user123 / dev / sdb security_password = “user123” 的/ dev / SDX: 发出SECURITY_UNLOCK命令,password =“user123”,user = user
并禁用安全性:
#hdparm --user-master u --security-disable user123 / dev / sdb
security_password = “user123”
的/ dev / SDX:
发出SECURITY_DISABLE命令,password =“user123”,user = user
现在我们很好:
#hdparm -I / dev / sdb
...
Security:
Master password revision code = 65534
supported
not enabled
not locked
not frozen
not expired: security count
supported: enhanced erase
Security level high
50min for SECURITY ERASE UNIT. 50min for ENHANCED SECURITY ERASE UNIT.
下面步骤是接第三部,正常情况下的操作。
After a successful erasure the drive security should automatically be set to disabled (thus no longer requiring a password for access). Verify this by running the following command:
hdparm -I /dev/sdb
Step 4 - Command Output (should display "not enabled"):
Security:
Master password revision code = 65534
supported
not enabled
not locked
not frozen
not expired: security count
supported: enhanced erase
50min for SECURITY ERASE UNIT. 50min for ENHANCED SECURITY ERASE UNIT.
❊❊ 因为我用的是6T的HDD每一次PE都会需要大约2个小时的时间,所以一定要看清楚自己操作,避免不必要的事发生 。