T13 Secure Erase
-
I want to implement T13 ATA Secure Erase and can not find any documentation. Is something available? I found this http://cmrr.ucsd.edu/people/Hughes/SecureErase.shtml[^]
36. When you surround an army, leave an outlet free. ... Do not press a desperate foe too hard. SUN-TZU - Art of War
-
I want to implement T13 ATA Secure Erase and can not find any documentation. Is something available? I found this http://cmrr.ucsd.edu/people/Hughes/SecureErase.shtml[^]
36. When you surround an army, leave an outlet free. ... Do not press a desperate foe too hard. SUN-TZU - Art of War
There are other factors to consider besides secure erasure. Like data remanance, correctly implemented PC BIOS (ie. it hasn't been compromised), PCI cards with onboard BIOS etc. Plus there's the thorny issue of SSD data remanance. If at all possible the HDD should be encrypted, but not so good with SSD. harddisk_ata_security_v1.1-1.pdf
"It's true that hard work never killed anyone. But I figure, why take the chance." - Ronald Reagan That's what machines are for. Got a problem? Sleep on it.
-
There are other factors to consider besides secure erasure. Like data remanance, correctly implemented PC BIOS (ie. it hasn't been compromised), PCI cards with onboard BIOS etc. Plus there's the thorny issue of SSD data remanance. If at all possible the HDD should be encrypted, but not so good with SSD. harddisk_ata_security_v1.1-1.pdf
"It's true that hard work never killed anyone. But I figure, why take the chance." - Ronald Reagan That's what machines are for. Got a problem? Sleep on it.
-
Thanks for answering to my problem, but I have a simple task and I can`t find documentation on T13 Secure Erase :((
36. When you surround an army, leave an outlet free. ... Do not press a desperate foe too hard. SUN-TZU - Art of War
I had a look at the t13.org website and they allow you download documents if you register and login. :)
"It's true that hard work never killed anyone. But I figure, why take the chance." - Ronald Reagan That's what machines are for. Got a problem? Sleep on it.
-
I had a look at the t13.org website and they allow you download documents if you register and login. :)
"It's true that hard work never killed anyone. But I figure, why take the chance." - Ronald Reagan That's what machines are for. Got a problem? Sleep on it.
-
Thanks again. I searched the site before. Actually I need something like an API or SDK. :(
VII. 36. When you surround an army, leave an outlet free. Do not press a desperate foe too hard. SUN-TZU - Art of War
Hi, Everything you need is in the ATA specifications. I believe the first ATA spec that contained the secure erase command was in ATA3 from 1997. However not all hard drive manufacturers implemented this until around 2001. http://www.stanford.edu/~ouster/cgi-bin/cs140-winter13/pintos/specs/ata-3-std.pdf[^] The latest version is ATA-8: http://www.t13.org/documents/UploadedDocuments/docs2006/D1699r2b-ATA8-ACS_CB.pdf[^] If I remember correctly you will need to set the ATA password first with command 0xF1. You will then need to issue ATA command 0xF3 followed by an 0xF4. If you are doing this in Microsoft Windows... you will need to implement this as a device driver. You cannot issue ATA commands from a usermode application. Good Luck, -David Delaune
-
Hi, Everything you need is in the ATA specifications. I believe the first ATA spec that contained the secure erase command was in ATA3 from 1997. However not all hard drive manufacturers implemented this until around 2001. http://www.stanford.edu/~ouster/cgi-bin/cs140-winter13/pintos/specs/ata-3-std.pdf[^] The latest version is ATA-8: http://www.t13.org/documents/UploadedDocuments/docs2006/D1699r2b-ATA8-ACS_CB.pdf[^] If I remember correctly you will need to set the ATA password first with command 0xF1. You will then need to issue ATA command 0xF3 followed by an 0xF4. If you are doing this in Microsoft Windows... you will need to implement this as a device driver. You cannot issue ATA commands from a usermode application. Good Luck, -David Delaune
-
Hi, Everything you need is in the ATA specifications. I believe the first ATA spec that contained the secure erase command was in ATA3 from 1997. However not all hard drive manufacturers implemented this until around 2001. http://www.stanford.edu/~ouster/cgi-bin/cs140-winter13/pintos/specs/ata-3-std.pdf[^] The latest version is ATA-8: http://www.t13.org/documents/UploadedDocuments/docs2006/D1699r2b-ATA8-ACS_CB.pdf[^] If I remember correctly you will need to set the ATA password first with command 0xF1. You will then need to issue ATA command 0xF3 followed by an 0xF4. If you are doing this in Microsoft Windows... you will need to implement this as a device driver. You cannot issue ATA commands from a usermode application. Good Luck, -David Delaune
David's pointing you to the spec is an excellent answer. A few things I will add to the mix: * You will need multiple commands ( SECURITY ERASE PREPARE, SECURITY ERASE UNIT, and possibly other SECURITY commands ) from the spec in order to accomplish a secure erase. * Sending (single-sector) ATA passthru commands from uesr mode applications is possible on Windows (XP SP2 and newer, IIRC), assuming you have Admin privileges on the system. You will need do some Googling on IOCTL_ATA_PASSTHRU_DIRECT in order to find relevant information. * That being said, you will still be at the mercy of the system BIOS and possibly the O/S. Once a SECURITY FREEZE LOCK is sent to the drive, it is *generally* difficult or impossible to send SECURITY ERASE to the drive. Some motherboard BIOSs send the SECURITY FREEZE LOCK prior to start of boot just to ensure a drive is not accidentally or maliciously erased. All of this is from my memory, which is several years old at this point.