From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id 9829B138350 for ; Wed, 22 Apr 2020 12:34:20 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 7EA22E0D0D; Wed, 22 Apr 2020 12:34:15 +0000 (UTC) Received: from mout01.posteo.de (mout01.posteo.de [185.67.36.65]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 0682BE092C for ; Wed, 22 Apr 2020 12:34:14 +0000 (UTC) Received: from submission (posteo.de [89.146.220.130]) by mout01.posteo.de (Postfix) with ESMTPS id 660BC16005F for ; Wed, 22 Apr 2020 14:34:12 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=posteo.de; s=2017; t=1587558852; bh=eAp8VaE7167svOs3dIW1MQ2hrezeo2nqFTy18Q+vCA4=; h=Date:From:To:Subject:From; b=iYYn+8W+61tp5Lrx0QiPA3asWhdwPSphcm4tH1sLyUEaMwatbCdgW1E9w0x9v4J3r t4gC+Mc8znLXi1WyGlNR7+8QGa9NXmmm/noVYgBwfag69/Tq3VitS16TqrO4+1FTwk UWiZY7WAJFxAcflz9MfYQUJWDAeN+8oVY7m2F5ALZVbewQhQTUnm3xi72H2Gd/rA5m 6zDE2HcPYWuixiYKDiIt+JaUa6cyr4qsiGyNNDcZ7/oNiLI++LnrIiMj8H8SlxzxjX Lv5FFmAwQwlGe5UHP854az3Eci2BVudc04V00RZxY1CG3HNnuze8OceG4tZvPhkHsg G26gEnMJAYfrQ== Received: from customer (localhost [127.0.0.1]) by submission (posteo.de) with ESMTPSA id 496fxv58Fyz9ry0 for ; Wed, 22 Apr 2020 14:34:11 +0200 (CEST) Date: Wed, 22 Apr 2020 14:34:10 +0200 From: tuxic@posteo.de To: Gentoo Subject: [gentoo-user] new hd: Security / hdparm / differences Message-ID: <20200422123410.czduusdx27bt6mf3@solfire> Mail-Followup-To: Gentoo Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline X-Archives-Salt: 66d360c8-a1ba-4f88-bb59-f305b9fc084f X-Archives-Hash: a9da658396fa445416f0591f40f4907c Hi, In my system there is a 3T Winchester digital blue Model Number: WDC WD30EZRZ-00GXCB0 Firmware Revision: 80.00A80 I bougth a second one for backyp purposes Model Number: WDC WD30EZRZ-00Z5HB0 Firmware Revision: 80.00A80 Looks pretty simiiar to me... The first one is in use for a month or so, I received the second one just two hours ago. I want to disable the security feature and the spindown-if-idle feature of the second drive as I did with the first. First step was to compare the output of 'hdparm -I ' of the first with that of the second one. Differences ( I will skip identical parts ): First: Standards: Used: unknown (minor revision code 0x006d) Supported: 10 9 8 7 6 5 Likely used: 10 Second: Standards: Supported: 9 8 7 6 5 Likely used: 9 First: Formfactor 3.5inch Second: Not mentioned First Commands/features: Enabled Supported: * DMA Setup Auto-Activate optimization Device-initiated interface power management * Software settings preservation unknown 206[12] (vendor specific) unknown 206[13] (vendor specific) * DOWNLOAD MICROCODE DMA command * WRITE BUFFER DMA command * READ BUFFER DMA command Second: Commands/features: Enabled Supported: DMA Setup Auto-Activate optimization * SCT Write Same (AC2) * SCT Features Control (AC4) * SCT Data Tables (AC5) unknown 206[12] (vendor specific) unknown 206[13] (vendor specific) unknown 206[14] (vendor specific) "DMA Setup Ayto-Activate optimization" is enable for the first drive, for second one it is not. The section about this feature in the manpage says "use with extreme caytion" and I cannot decide, whether that what is written there is still valid or some sort of cry from the past. I am unsure about to think about these differences...? The second thing are the security settings. I want drives with no security settings and no way to manipulate them without user interaction. I want these settings stored in the drive instead of setting them at each boot since the second drive will be temporarily used in a docking station "past boot". The current security settings for both drives are: not enabled not locked frozen not expired: security count supported: enhanced erase (I have frozen the settings for the second drive just a minute ago and it will forget the settings (going "not frozen" then) as soon I switch the docking station off and on again.) If I remember correctly I did this for the frsit drive with: freeze security setting lock security settings and I did this without using any password. On the second drive "freeze" works as exspected, but "lock" wants a password. After startpageing for a while I found a site with "Master passwords for some drives"...and I am unsure of what I have found there (reliability-wise ... it was not via the TOR network, though... ;) Currently there are no data on the second drive. So accidentally wiping it off doesn't matter as long the drive remains intact. I would prefer to have both drives in the same state. I didn't changed any DMA-related settings for the first drive by the way. How should I handle the DMA differences between the frist and the second drive? How can I handle the security issue with the second drive? Cheers! Meino