Results 1 to 5 of 5
|
Enjoy an ad free experience by logging in. Not a member yet? Register.
|
|
-
05-20-2012 #1
- Join Date
- Apr 2012
- Posts
- 45
How do I: Secure erase devices attatched to LSI HBA
I discovered how to secure erase drives using hdparm which is incredibly useful. However, it appears that the commands dont work when the drives are plugged in using the LSI SAS 9201-16e HBA. I get the following output:
"HDIO_GET_IDENTITY failed: Invalid argument"
Does anyone know if there is something i can download to get the HBA to trigger a secure erase? MegaRaid keeps popping up everywhere, but I'm not sure I can use that CLI as this does not support RAID and is just an HBA.
(getting information with smartctl works, but cant trigger secure erase with that.)
StuLast edited by stu2000; 05-20-2012 at 06:36 PM. Reason: Changing title from 'How to' to 'How do I' as I'm asking for help, not posting a tutorial
-
05-29-2012 #2
- Join Date
- May 2012
- Posts
- 1
hdparm to read HDD attached on HBA
having same issue, any news from your end? cheers.
-
05-29-2012 #3
- Join Date
- Apr 2012
- Posts
- 45
Unfortunately not. LSI have been in contact with me a few times. It doesn't appear that they support secure-erase. You can easily find out what drives are plugged in by using the SAS2IRCU exe that comes on the cd that comes with the product (but is not on their website for some reason). They talk about 'instant secure-erase' available on drives plugged into their megaraid card, but I'm seriuosly dubious about that. I dont doubt that it would be hard/impossible to retrieve data from, but there are other benefits to running a proper hdparm secure erase other than making the data unreadable, such as restoring an SSD to peak performance.
-
10-02-2012 #4
- Join Date
- Apr 2012
- Posts
- 45
Hey all,
Still having the same issue, but running centos 6 and the hdparm commands seem to be working now but still can't get the secure erase command to run.
The following commands work and run correctly (sdx is an example drive):
Code:sudo hdparm -I /dev/sdx sudo hdparm --user-master u --security-set-pass p /dev/sdx
Code:sudo hdparm --user-master u --security-erase p /dev/sdx
Code:Issuing SECURITY_ERASE command, password="p", user=user SECURITY_ERASE: Invalid exchange
-
10-02-2012 #5
- Join Date
- Apr 2012
- Posts
- 45
Solved
Ok so the issue is the hdparm version
In Centos 6 it is version 9.16 (hdparm -V)
You need 9.31 or later to run hdparm secure erase requests through 'intelligent devices' such as firewire, usb, or an HBA.
Installing ubuntu and running the same commands worked for me because it has a much later version of hdparm. The nice thing is that ubuntu automatically supported the hba too right from a live cd.
Found out by reading this paragraph:
DISCLAIMER: The security-erase command is a single command which typically takes minutes or hours to complete, whereas most ATA commands take milliseconds, or seconds to complete. Whilst drives directly attached to a straight-forward SATA controller should work reliably, some "intelligent" interfaces such as USB or firewire to PATA/SATA bridges, SAS controllers or hardware RAID controllers may try to reset devices which they have decided are no longer responding. They may also decide that locked devices are faulty, and hence not provide any access to them in order to issue unlock commands. Such devices may still be unlocked by connecting them directly to a different SATA interface. Additionally, hdparm versions prior to 9.31 do not pass-through the long command time-outs required for the erase commands to the SCSI-ATA Command Translation ("SAT") layer which such devices use. Do not use versions of hdparm prior to 9.31 with such interfaces.