Closed darkbasic closed 3 years ago
The data you wrote in before you enable SED are plain data. So after a PSID revert, you still can get your plain data
Doesn't it use some kind of default password out of the box? Otherwise why do I get NOT_AUTHORIZED?
That is impossible. when you first set up your SSD via the command: initialSetup, you will open an session with SSD via SID, The SID is the same as MSID which you can use the command: printdefaultpassword to get it. initial setup has some steps: take owner ship; active LockingSP ... Set MBR table enable which step's result is NOT AUTHORIZED
if you still can get your data, it is must be the firmware's bug. when user revert whole TPer, firmware shall erase all the media encryption keys(MEKs) and when you enable SED again, it shall generate a new MEK. So your data before will gone
this is against the original intention of the tcg spec but it is possble some implementations do this unfortunately
On Fri, Nov 23, 2018 at 8:51 AM LITTENg notifications@github.com wrote:
The data you wrote in before you enable SED are plain data. So after a PSID revert, you still can get your plain data
— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/Drive-Trust-Alliance/sedutil/issues/267#issuecomment-441246180, or mute the thread https://github.com/notifications/unsubscribe-auth/APuplBGR0JiQ55ac3lGuVIKs4FrPUjEdks5ux_1dgaJpZM4YvEJ4 .
-- regards,
Bob Thibadeau 412 370 1245
The Samsung 970 Pro also exhibits this behavior, where a fresh 970 Pro will refuse any command without having been reset using the psid revert. The revert did not actually wipe any data either. I suppose this is a bug in Samsung's firmware, where the keys are not initialized and have to be (re-)seeded using the revert.
We also thought we had the same issue with PSID revert, we tested with two scenarios:
dd
can recover data.Upon reflection, we realized that in both those scenarios, the drive was either unencrypted or unlocked. This runs against the original intention of the PSID revert command, which is intended for users who lost the password but still want to make use of the hardware. In that use case, the drive should be both encrypted and locked.
We tested the drive with this scenario by using the Rescue USB drive to perform the PSID revert command on an encrypted drive, after that, we did string search with dd
, testdisk and foremost and can confirm that all the data is erased for the Samsung 970 Pro and also the Micron 2200.
We tested the drive with this scenario by using the Rescue USB drive to perform the PSID revert command on an encrypted drive, after that, we did string search with
dd
, testdisk and foremost and can confirm that all the data is erased for the Samsung 970 Pro and also the Micron 2200.
Thank you for reporting on your testing. I can confirm the same behavior on a 970 EVO Plus 2TB.
A revert will only erase the data in locking range 0 (initially covers the entire drive) if the Locking SP is active. I believe Samsung has started shipping their drives in this state to prevent malware from using OPAL encryption in a ransomeware attack.
Hi, I have a brand new Samsung 970 EVO 256GB. I installed the OS and then I wanted to enable SED on the drive. Unfortunately I got NOT_AUTHORIZED (see https://github.com/Drive-Trust-Alliance/sedutil/issues/232), so I decide to try a PSID Revert as adviced. Everything worked and I managed to enable encryption, BUT after unlocking the drive with my brand new passphrase I notice that it didn't delete any data!!!! This is pure madness, what's the point of encryption if everyone can just do a PSID Revert to get the clear data?