* [gentoo-user] new hd: Security / hdparm / differences
@ 2020-04-22 12:34 tuxic
2020-04-22 17:16 ` Michael
0 siblings, 1 reply; 2+ messages in thread
From: tuxic @ 2020-04-22 12:34 UTC (permalink / raw
To: Gentoo
Hi,
In my system there is a 3T Winchester digital blue
Model Number: WDC WD30EZRZ-00GXCB0
Firmware Revision: 80.00A80
I bougth a second one for backyp purposes
Model Number: WDC WD30EZRZ-00Z5HB0
Firmware Revision: 80.00A80
Looks pretty simiiar to me...
The first one is in use for a month or so, I received
the second one just two hours ago.
I want to disable the security feature and the spindown-if-idle
feature of the second drive as I did with the first.
First step was to compare the output of 'hdparm -I <drive>' of the
first with that of the second one.
Differences ( I will skip identical parts ):
First:
Standards:
Used: unknown (minor revision code 0x006d)
Supported: 10 9 8 7 6 5
Likely used: 10
Second:
Standards:
Supported: 9 8 7 6 5
Likely used: 9
First:
Formfactor 3.5inch
Second:
Not mentioned
First
Commands/features:
Enabled Supported:
* DMA Setup Auto-Activate optimization
Device-initiated interface power management
* Software settings preservation
unknown 206[12] (vendor specific)
unknown 206[13] (vendor specific)
* DOWNLOAD MICROCODE DMA command
* WRITE BUFFER DMA command
* READ BUFFER DMA command
Second:
Commands/features:
Enabled Supported:
DMA Setup Auto-Activate optimization
* SCT Write Same (AC2)
* SCT Features Control (AC4)
* SCT Data Tables (AC5)
unknown 206[12] (vendor specific)
unknown 206[13] (vendor specific)
unknown 206[14] (vendor specific)
"DMA Setup Ayto-Activate optimization" is enable for the first drive,
for second one it is not. The section about this feature in the
manpage says "use with extreme caytion" and I cannot decide, whether
that what is written there is still valid or some sort of cry
from the past.
I am unsure about to think about these differences...?
The second thing are the security settings. I want drives with no
security settings and no way to manipulate them without user
interaction. I want these settings stored in the drive instead
of setting them at each boot since the second drive will be
temporarily used in a docking station "past boot".
The current security settings for both drives are:
not enabled
not locked
frozen
not expired: security count
supported: enhanced erase
(I have frozen the settings for the second drive just a minute ago and
it will forget the settings (going "not frozen" then) as soon I switch
the docking station off and on again.)
If I remember correctly I did this for the frsit drive with:
freeze security setting
lock security settings
and I did this without using any password.
On the second drive "freeze" works as exspected, but "lock"
wants a password.
After startpageing for a while I found a site with "Master passwords
for some drives"...and I am unsure of what I have found there
(reliability-wise ... it was not via the TOR network, though... ;)
Currently there are no data on the second drive. So accidentally
wiping it off doesn't matter as long the drive remains intact.
I would prefer to have both drives in the same state.
I didn't changed any DMA-related settings for the first drive by the
way.
How should I handle the DMA differences between the frist and the
second drive?
How can I handle the security issue with the second drive?
Cheers!
Meino
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: [gentoo-user] new hd: Security / hdparm / differences
2020-04-22 12:34 [gentoo-user] new hd: Security / hdparm / differences tuxic
@ 2020-04-22 17:16 ` Michael
0 siblings, 0 replies; 2+ messages in thread
From: Michael @ 2020-04-22 17:16 UTC (permalink / raw
To: Gentoo
[-- Attachment #1: Type: text/plain, Size: 3841 bytes --]
On Wednesday, 22 April 2020 13:34:10 BST tuxic@posteo.de wrote:
> Hi,
>
> In my system there is a 3T Winchester digital blue
>
> Model Number: WDC WD30EZRZ-00GXCB0
> Firmware Revision: 80.00A80
>
>
> I bougth a second one for backyp purposes
>
> Model Number: WDC WD30EZRZ-00Z5HB0
> Firmware Revision: 80.00A80
>
> Looks pretty simiiar to me...
>
> The first one is in use for a month or so, I received
> the second one just two hours ago.
>
> I want to disable the security feature and the spindown-if-idle
> feature of the second drive as I did with the first.
>
> First step was to compare the output of 'hdparm -I <drive>' of the
> first with that of the second one.
>
> Differences ( I will skip identical parts ):
>
> First:
> Standards:
> Used: unknown (minor revision code 0x006d)
> Supported: 10 9 8 7 6 5
> Likely used: 10
>
> Second:
> Standards:
> Supported: 9 8 7 6 5
> Likely used: 9
>
>
>
> First:
> Formfactor 3.5inch
>
> Second:
> Not mentioned
>
> First
> Commands/features:
> Enabled Supported:
> * DMA Setup Auto-Activate optimization
> Device-initiated interface power management
> * Software settings preservation
> unknown 206[12] (vendor specific)
> unknown 206[13] (vendor specific)
> * DOWNLOAD MICROCODE DMA command
> * WRITE BUFFER DMA command
> * READ BUFFER DMA command
>
> Second:
> Commands/features:
> Enabled Supported:
> DMA Setup Auto-Activate optimization
> * SCT Write Same (AC2)
> * SCT Features Control (AC4)
> * SCT Data Tables (AC5)
> unknown 206[12] (vendor specific)
> unknown 206[13] (vendor specific)
> unknown 206[14] (vendor specific)
>
>
>
> "DMA Setup Ayto-Activate optimization" is enable for the first drive,
> for second one it is not. The section about this feature in the
> manpage says "use with extreme caytion" and I cannot decide, whether
> that what is written there is still valid or some sort of cry
> from the past.
>
> I am unsure about to think about these differences...?
>
> The second thing are the security settings. I want drives with no
> security settings and no way to manipulate them without user
> interaction. I want these settings stored in the drive instead
> of setting them at each boot since the second drive will be
> temporarily used in a docking station "past boot".
>
> The current security settings for both drives are:
> not enabled
> not locked
> frozen
> not expired: security count
> supported: enhanced erase
>
> (I have frozen the settings for the second drive just a minute ago and
> it will forget the settings (going "not frozen" then) as soon I switch
> the docking station off and on again.)
>
> If I remember correctly I did this for the frsit drive with:
> freeze security setting
> lock security settings
>
> and I did this without using any password.
>
> On the second drive "freeze" works as exspected, but "lock"
> wants a password.
>
> After startpageing for a while I found a site with "Master passwords
> for some drives"...and I am unsure of what I have found there
> (reliability-wise ... it was not via the TOR network, though... ;)
>
> Currently there are no data on the second drive. So accidentally
> wiping it off doesn't matter as long the drive remains intact.
>
> I would prefer to have both drives in the same state.
> I didn't changed any DMA-related settings for the first drive by the
> way.
>
> How should I handle the DMA differences between the frist and the
> second drive?
>
> How can I handle the security issue with the second drive?
>
> Cheers!
> Meino
Is the second drive connected to the same bus controller? If on a USB docking
station hdparm may or may not be able to do what you want - have a look here:
https://ata.wiki.kernel.org/index.php/ATA_Secure_Erase
[-- Attachment #2: This is a digitally signed message part. --]
[-- Type: application/pgp-signature, Size: 833 bytes --]
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2020-04-22 17:16 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2020-04-22 12:34 [gentoo-user] new hd: Security / hdparm / differences tuxic
2020-04-22 17:16 ` Michael
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox