search

Drive-Trust-Alliance / sedutil

DTA sedutil Self encrypting drive software
611 stars 236 forks source link

Seagate ST4000NM0053 #440

Closed Af0x closed 1 year ago

Af0x commented 1 year ago

I have a Seagate ST4000NM0053 drive and a lot of issues making it work. I can´t create a partition with a filesystem (e.g. ext4) on it using Fedora 38. After resetting it with sedutil-cli --yesIreallywanttoERASEALLmydatausingthePSID <PSID> /dev/sdc it says revertTper completed successfully

Querying the drive afterwards gives me

sedutil-cli --query /dev/sdc
/dev/sdc ATA ST4000NM0053                             G00A
TPer function (0x0001)
    ACKNAK = N, ASYNC = N. BufferManagement = N, comIDManagement  = N, Streaming = Y, SYNC = Y
Locking function (0x0002)
    Locked = N, LockingEnabled = Y, LockingSupported = Y, MBRDone = N, MBREnabled = N, MediaEncrypt = Y
Geometry function (0x0003)
    Align = N, Alignment Granularity = 1 (512), Logical Block size = 512, Lowest Aligned LBA = 0
Enterprise function (0x0100)
    Range crossing = Y, Base comID = 0x07fe, comIDs = 2

TPer Properties: 
  MaxMethods = 1  MaxSubpackets = 1
  MaxPacketSize = 2028  MaxPackets = 1  MaxComPacketSize = 2048
  MaxResponseComPacketSize = 2048  MaxSessions = 1  MaxIndTokenSize = 1992
  MaxAuthentications = 20  MaxTransactionLimit = 1  DefSessionTimeout = 0
  MaxSessionTimeout = 0  MinSessionTimeout = 0  DefTransTimeout = 0
  MaxTransTimeout = 0  MinTransTimeout = 0  MaxComIDTime = 0
  MaxComIDCMD = 0  RealTimeClock = 0
Host Properties: 
  MaxComPacketSize = 2048  MaxPacketSize = 2028
  MaxIndTokenSize = 1992  MaxPackets = 1  MaxSubpackets = 1

I can run the initial setup like so 

sedutil-cli --initialsetup <Password> /dev/sdc
EraseMaster  password set
Maximum ranges supported 15
BandMaster0 password set
BandMaster1 password set
Session Authenticate failed (response = false)
Session Authenticate failed (response = false)
Session Authenticate failed (response = false)
Session Authenticate failed (response = false)
Session Authenticate failed (response = false)
Session Authenticate failed (response = false)
Session Authenticate failed (response = false)
Session Authenticate failed (response = false)
Session Authenticate failed (response = false)
Session Authenticate failed (response = false)
Session Authenticate failed (response = false)
Session Authenticate failed (response = false)
Session Authenticate failed (response = false)
Session Authenticate failed (response = false)
takeOwnership complete
Locking range Read/Write set 0
Locking range configured 3
Initial setup of TPer complete on /dev/sdc

Interestingly it set 2 Bands that look like this

sedutil-cli --listlockingranges <Password> /dev/sdc
Maximum ranges supported: 15
Band[0]:
    Name:            Global_Range
    CommonName:      Locking
    RangeStart:      0
    RangeLength:     0
    ReadLockEnabled: 1
    WriteLockEnabled:1
    ReadLocked:      0
    WriteLocked:     0
    LockOnReset:     1
Band[1]:
    Name:            Band1
    CommonName:      Locking
    RangeStart:      0
    RangeLength:     0
    ReadLockEnabled: 0
    WriteLockEnabled:0
    ReadLocked:      1
    WriteLocked:     1
    LockOnReset:     1

There is no length in any of these. I can erase the second band but I can´t set a length on the first one. Setting a length on the second Band is possible:

sedutil-cli --setuplockingrange 1 0 7814037168 <Password> /dev/sdc

Band[1]:
    Name:            Band1
    CommonName:      Locking
    RangeStart:      0
    RangeLength:     7814037168
    ReadLockEnabled: 0
    WriteLockEnabled:0
    ReadLocked:      0
    WriteLocked:     0
    LockOnReset:     0

Another thing is that I can´t issue the reverttper command

sedutil-cli --revertTPer <Password> /dev/sdc
method status code NOT_AUTHORIZED

and I also can´t change the SID Password or the Admin1 Password

sedutil-cli --setSIDPassword <Password> <newPassword> /dev/sdc
Session Authenticate failed (response = false)

sedutil-cli --setAdmin1Pwd <Password> <Admin1Password> /dev/sdc
Invalid Userid Admin1

I also can´t set any MBR related commands because it gives me for example

sedutil-cli --setMBREnable off <Password> /dev/sdc
MBR shadowing is optional in the Enterprise SSC and not supported

Lastly the drive seems to accumulate Current Pending Sector Count and Uncorrectable Sector Count in the SMART Data (both have the same, increasing value but there are no reallocated sectors).

Af0x commented 1 year ago

I need to disable read and write caching because my SMART values get cluttered with errors corresponding to failing reads and writes (primarily the Read Error Rate value is increasing strongly).

I/O error, dev sdc, sector xxxx op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
Buffer I/O error on dev sdc1, logical block 9, async page read

I can´t issue a mkfs command because it is failing with input/output errors

sudo mkfs.ext4  /dev/sdc1
mke2fs 1.46.5 (30-Dec-2021)
Creating filesystem with 976754176 4k blocks and 244195328 inodes
Filesystem UUID: 123456789
Superblock backups stored on blocks: 
    ### RandomBlocks - Removed by OP###

Allocating group tables: done                            
Writing inode tables: done                            
Creating journal (262144 blocks): done
Writing superblocks and filesystem accounting information: mkfs.ext4: Input/output error while writing out and closing file system

Creating the partition table with GPT worked though. I was also able to disable the Write-Cache with SeaChest like so SeaChest_Configure -d /dev/sg1 --sctWriteCache disable

But for the rest I´m pretty clueless because I thought the OS would not use READ BUFFER READ LONG WRITE BUFFER or WRITE LONG commands as they have been removed from the SED´s repertoire, see Page 10 of this source.

Af0x commented 1 year ago

I solved this issue by doing an ATA Secure Erase to low level format the drive.