Find the answer to your Linux question:
Results 1 to 5 of 5
Dear all, I discovered how to secure erase drives using hdparm which is incredibly useful. However, it appears that the commands dont work when the drives are plugged in using ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Apr 2012
    Posts
    45

    How do I: Secure erase devices attatched to LSI HBA


    Dear all,
    I discovered how to secure erase drives using hdparm which is incredibly useful. However, it appears that the commands dont work when the drives are plugged in using the LSI SAS 9201-16e HBA. I get the following output:
    "HDIO_GET_IDENTITY failed: Invalid argument"


    Does anyone know if there is something i can download to get the HBA to trigger a secure erase? MegaRaid keeps popping up everywhere, but I'm not sure I can use that CLI as this does not support RAID and is just an HBA.

    (getting information with smartctl works, but cant trigger secure erase with that.)

    Stu
    Last edited by stu2000; 05-20-2012 at 07:36 PM. Reason: Changing title from 'How to' to 'How do I' as I'm asking for help, not posting a tutorial

  2. #2
    Just Joined!
    Join Date
    May 2012
    Posts
    1

    hdparm to read HDD attached on HBA

    having same issue, any news from your end? cheers.

  3. #3
    Just Joined!
    Join Date
    Apr 2012
    Posts
    45
    Unfortunately not. LSI have been in contact with me a few times. It doesn't appear that they support secure-erase. You can easily find out what drives are plugged in by using the SAS2IRCU exe that comes on the cd that comes with the product (but is not on their website for some reason). They talk about 'instant secure-erase' available on drives plugged into their megaraid card, but I'm seriuosly dubious about that. I dont doubt that it would be hard/impossible to retrieve data from, but there are other benefits to running a proper hdparm secure erase other than making the data unreadable, such as restoring an SSD to peak performance.

  4. $spacer_open
    $spacer_close
  5. #4
    Just Joined!
    Join Date
    Apr 2012
    Posts
    45
    Hey all,
    Still having the same issue, but running centos 6 and the hdparm commands seem to be working now but still can't get the secure erase command to run.
    The following commands work and run correctly (sdx is an example drive):
    Code:
    sudo hdparm -I /dev/sdx
    sudo hdparm --user-master u --security-set-pass p /dev/sdx
    Unfortunately when I run:
    Code:
    sudo hdparm --user-master u --security-erase p /dev/sdx
    It states that it is passing the argument and after a while returns with:
    Code:
    Issuing SECURITY_ERASE command, password="p", user=user
    SECURITY_ERASE: Invalid exchange
    The drives are still connected through a HBA (LSI) and using sas2ircu program I can query information but there is no command for secure erasure. Can someone confirm my theory that the hba causes the 'invalid exchange' and the only way to perform a secure erase if for the drive to be connected directly to the motherboard sata port and not an HBA.

  6. #5
    Just Joined!
    Join Date
    Apr 2012
    Posts
    45

    Solved

    Ok so the issue is the hdparm version
    In Centos 6 it is version 9.16 (hdparm -V)

    You need 9.31 or later to run hdparm secure erase requests through 'intelligent devices' such as firewire, usb, or an HBA.

    Installing ubuntu and running the same commands worked for me because it has a much later version of hdparm. The nice thing is that ubuntu automatically supported the hba too right from a live cd.

    Found out by reading this paragraph:
    DISCLAIMER: The security-erase command is a single command which typically takes minutes or hours to complete, whereas most ATA commands take milliseconds, or seconds to complete. Whilst drives directly attached to a straight-forward SATA controller should work reliably, some "intelligent" interfaces such as USB or firewire to PATA/SATA bridges, SAS controllers or hardware RAID controllers may try to reset devices which they have decided are no longer responding. They may also decide that locked devices are faulty, and hence not provide any access to them in order to issue unlock commands. Such devices may still be unlocked by connecting them directly to a different SATA interface. Additionally, hdparm versions prior to 9.31 do not pass-through the long command time-outs required for the erase commands to the SCSI-ATA Command Translation ("SAT") layer which such devices use. Do not use versions of hdparm prior to 9.31 with such interfaces.
    Source

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •