test fait sur un disque Intel enterprise SSD DCS3700 ( /!\ vrai disque Intel pas du rebrandé hp ou dell /!\ )

si le disque est sdc :

  • Visualisation

hdparm -I /dev/sdc
ATA device, with non-removable media
Model Number: INTEL SSDSC2BA400G3
...
Security:
Master password revision code = 65534
supported
not enabled
not locked
not frozen
not expired: security count
supported: enhanced erase
4min for SECURITY ERASE UNIT. 4min for ENHANCED SECURITY ERASE UNIT.

 

  • mettre un mot de passe :

hdparm --user-master u --security-mode m --security-set-pass password /dev/sdc

security_password="password"

 

Vérification

hdparm -I /dev/sdc
...
Security:
Master password revision code = 65534
supported
enabled
not locked
not frozen
not expired: security count
supported: enhanced erase
Security level maximum
4min for SECURITY ERASE UNIT. 4min for ENHANCED SECURITY ERASE UNIT.

Il faut faire un arrêt électrique de la machine (poweroff) et non pas un simple reboot

Après le démarrage, le disque est présent mais illisible.

 

  • Vérification :

hdparm -I /dev/sdc
...
Security:
Master password revision code = 65534
supported
enabled
locked
not frozen
not expired: security count
supported: enhanced erase
Security level maximum
4min for SECURITY ERASE UNIT. 4min for ENHANCED SECURITY ERASE UNIT.
Trying to read from the disk trigger these errors :

sd 4:0:2:0: [sdc] Result: hostbyte=DID_OK driverbyte=DRIVER_SENSE
sd 4:0:2:0: [sdc] Sense Key : Illegal Request [current]
sd 4:0:2:0: [sdc] Add. Sense: Security conflict in translated device
sd 4:0:2:0: [sdc] CDB: Read(10): 28 00 00 00 00 00 00 00 20 00
end_request: I/O error, dev sdc, sector 0
Buffer I/O error on device sdc, logical block 0
Buffer I/O error on device sdc, logical block 1
Buffer I/O error on device sdc, logical block 2
Buffer I/O error on device sdc, logical block 3
sd 4:0:2:0: [sdc] Result: hostbyte=DID_OK driverbyte=DRIVER_SENSE
sd 4:0:2:0: [sdc] Sense Key : Illegal Request [current]
sd 4:0:2:0: [sdc] Add. Sense: Security conflict in translated device
sd 4:0:2:0: [sdc] CDB: Read(10): 28 00 00 00 00 00 00 00 08 00
end_request: I/O error, dev sdc, sector 0
Buffer I/O error on device sdc, logical bogical block 0

Commande pour utiliser le disque (mettre le mot de passe) :

hdparm --user-master u --security-unlock password /dev/sdc
security_password="password"

/dev/sdc:
Issuing SECURITY_UNLOCK command, password="password", user=user
Le disque est maintenant accessible (lancer partprobe pour que le kernel scanne la table de partition).

 

  • Pour annuler l'encryption du disque, faire :

hdparm --user-master u --security-disable password /dev/sdc