[gentoo-user] new hd: Security / hdparm / differences

[tuxic@posteo.de]

Hi,

In my system there is a 3T Winchester digital blue 

	Model Number:       WDC WD30EZRZ-00GXCB0
    Firmware Revision:  80.00A80


I bougth a second one for backyp purposes

	Model Number:       WDC WD30EZRZ-00Z5HB0
  	Firmware Revision:  80.00A80

Looks pretty simiiar to me...

The first one is in use for a month or so, I received
the second one just two hours ago.

I want to disable the security feature and the spindown-if-idle
feature of the second drive as I did with the first.

First step was to compare the output of 'hdparm -I <drive>' of the
first with that of the second one.

Differences ( I will skip identical parts ):

First:
Standards:
	Used: unknown (minor revision code 0x006d) 
	Supported: 10 9 8 7 6 5 
	Likely used: 10

Second:
Standards:
	Supported: 9 8 7 6 5 
	Likely used: 9



First:
Formfactor 3.5inch

Second:
Not mentioned

First
Commands/features:
	Enabled	Supported:
	   *	DMA Setup Auto-Activate optimization
	    	Device-initiated interface power management
	   *	Software settings preservation
	    	unknown 206[12] (vendor specific)
	    	unknown 206[13] (vendor specific)
	   *	DOWNLOAD MICROCODE DMA command
	   *	WRITE BUFFER DMA command
	   *	READ BUFFER DMA command

Second:
Commands/features:
	Enabled	Supported:
	    	DMA Setup Auto-Activate optimization
	   *	SCT Write Same (AC2)
	   *	SCT Features Control (AC4)
	   *	SCT Data Tables (AC5)
	    	unknown 206[12] (vendor specific)
	    	unknown 206[13] (vendor specific)
	    	unknown 206[14] (vendor specific)



"DMA Setup Ayto-Activate optimization" is enable for the first drive,
for second one it is not. The section about this feature in the
manpage says "use with extreme caytion" and I cannot decide, whether
that what is written there is still valid or some sort of cry
from the past.

I am unsure about to think about these differences...?

The second thing are the security settings. I want drives with no
security settings and no way to manipulate them without user
interaction. I want these settings stored in the drive instead
of setting them at each boot since the second drive will be
temporarily used in a docking station "past boot".

The current security settings for both drives are:
	not	enabled
	not	locked
		frozen
	not	expired: security count
		supported: enhanced erase

(I have frozen the settings for the second drive just a minute ago and
it will forget the settings (going "not frozen" then) as soon I switch
the docking station off and on again.)

If I remember correctly I did this for the frsit drive with:
freeze security setting
lock security settings

and I did this without using any password.

On the second drive "freeze" works as exspected, but "lock"
wants a password.

After startpageing for a while I found a site with "Master passwords
for some drives"...and I am unsure of what I have found there
(reliability-wise ... it was not via the TOR network, though... ;)

Currently there are no data on the second drive. So accidentally
wiping it off doesn't matter as long the drive remains intact.

I would prefer to have both drives in the same state.
I didn't changed any DMA-related settings for the first drive by the
way.

How should I handle the DMA differences between the frist and the
second drive?

How can I handle the security issue with the second drive?

Cheers!
Meino