search

Drive-Trust-Alliance / sedutil

DTA sedutil Self encrypting drive software
613 stars 237 forks source link

[HELP NEEDED] Locking disk cannot be unlocked. #474

Open yizhanglinux opened 4 months ago

yizhanglinux commented 4 months ago

Hi After I revertred my disk with PSID[1], listlockingrangs[1] shows only two Band0 and Band1 works, then I did setBandsEnabled[3] to set all the Bands enabled, but the disk still protected, then I tried initialSetup and --revertTPer[4][5] for the disk, but it reported NOT_AUTHORIZED, could anyone help check it, here are the steps I used, thanks.

Disk: Dell Seagate SAS SED 2.4T RPM 10K disk

[1]

sedutil-cli --yesIreallywanttoERASEALLmydatausingthePSID $PSID /dev/sdd

revertTper completed successfully [2]

./sedutil-cli --listLockingRanges "" /dev/sdd

Maximum ranges supported: 31 Band[0]: Name: Global_Range CommonName: Locking RangeStart: 0 RangeLength: 0 ReadLockEnabled: 0 WriteLockEnabled:0 ReadLocked: 0 WriteLocked: 0 LockOnReset: 1 Band[1]: Name: Band1 CommonName: Locking RangeStart: 0 RangeLength: 0 ReadLockEnabled: 0 WriteLockEnabled:0 ReadLocked: 0 WriteLocked: 0 LockOnReset: 1 Band[2]: Session Authenticate failed (response = false) could not establish session for row[2] Band[3]: Session Authenticate failed (response = false) could not establish session for row[3] --snip-- Band[31]: Session Authenticate failed (response = false) could not establish session for row[31]

[3]

./sedutil-cli --setBandsEnabled "" /dev/sdd

./sedutil-cli --listLockingRanges "" /dev/sdd

Maximum ranges supported: 31 Band[0]:     Name:            Global_Range     CommonName:      Locking     RangeStart:      0     RangeLength:     0     ReadLockEnabled: 0     WriteLockEnabled:0     ReadLocked:      0     WriteLocked:     0     LockOnReset:     1 Band[1]:     Name:            Band1     CommonName:      Locking     RangeStart:      0     RangeLength:     0     ReadLockEnabled: 0     WriteLockEnabled:0     ReadLocked:      0     WriteLocked:     0     LockOnReset:     1 Band[2]:     Name:            Band2     CommonName:      Locking     RangeStart:      0     RangeLength:     0     ReadLockEnabled: 0     WriteLockEnabled:0     ReadLocked:      0     WriteLocked:     0     LockOnReset:     1 Band[3]:     Name:            Band3     CommonName:      Locking     RangeStart:      0     RangeLength:     0     ReadLockEnabled: 0     WriteLockEnabled:0     ReadLocked:      0     WriteLocked:     0     LockOnReset:     1 --snip-- Band[31]:     Name:            Band31     CommonName:      Locking     RangeStart:      0     RangeLength:     0     ReadLockEnabled: 0     WriteLockEnabled:0     ReadLocked:      0     WriteLocked:     0     LockOnReset:     1 [4]

./sedutil-cli --initialSetup password  /dev/sdd

EraseMaster  password set Maximum ranges supported 31 BandMaster0 password set BandMaster1 password set --snip-- BandMaster31 password set takeOwnership complete Locking range Read/Write set 0 Locking range configured 3 Initial setup of TPer complete on /dev/sdd

./sedutil-cli --listLockingRanges password /dev/sdd

Maximum ranges supported: 31 Band[0]:     Name:            Global_Range     CommonName:      Locking     RangeStart:      0     RangeLength:     0     ReadLockEnabled: 1     WriteLockEnabled:1     ReadLocked:      0     WriteLocked:     0     LockOnReset:     1 Band[1]:     Name:            Band1     CommonName:      Locking     RangeStart:      0     RangeLength:     0     ReadLockEnabled: 0     WriteLockEnabled:0     ReadLocked:      0     WriteLocked:     0     LockOnReset:     1 --snip-- Band[31]:     Name:            Band31     CommonName:      Locking     RangeStart:      0     RangeLength:     0     ReadLockEnabled: 0     WriteLockEnabled:0     ReadLocked:      0     WriteLocked:     0     LockOnReset:     1

./sedutil-cli --disableLockingRange 0 password  /dev/sdd

Locking range configured 0

./sedutil-cli --listLockingRange 0 password /dev/sdd

Band[0]:     Name:            Global_Range     CommonName:      Locking     RangeStart:      0     RangeLength:     0     ReadLockEnabled: 0     WriteLockEnabled:0     ReadLocked:      0     WriteLocked:     0     LockOnReset:     1 [5]

./sedutil-cli -v --revertTPer  password /dev/sdd

Log level set to DBG sedutil version : 1.20.0-4-g3ddb986-dirty Unknown Feature in Discovery 0 response 4 Unknown Feature in Discovery 0 response 4 << IF_SEND >> 1 ( F8 ) Call 9 ( A8 ) 00 00 00 00 00 00 00 FF ("Session Manager UID") 9 ( A8 ) 00 00 00 00 00 00 FF 01 ("Session Properties Method UID") 1 ( F0 ) Start_List 1 ( F2 ) Start_Name 15 ( AE ) 48 6F 73 74 50 72 6F 70 65 72 74 69 65 73 ("HostProperties") 1 ( F0 ) Start_List 1 ( F2 ) Start_Name 18 ( D0 10 ) 4D 61 78 43 6F 6D 50 61 63 6B 65 74 53 69 7A 65 ("MaxComPacketSize") 3 ( 82 ) 2048 (800h) 1 ( F3 ) End_Name 1 ( F2 ) Start_Name 14 ( AD ) 4D 61 78 50 61 63 6B 65 74 53 69 7A 65 ("MaxPacketSize") 3 ( 82 ) 2028 (7ECh) 1 ( F3 ) End_Name 1 ( F2 ) Start_Name 16 ( AF ) 4D 61 78 49 6E 64 54 6F 6B 65 6E 53 69 7A 65 ("MaxIndTokenSize") 3 ( 82 ) 1992 (7C8h) 1 ( F3 ) End_Name 1 ( F2 ) Start_Name 11 ( AA ) 4D 61 78 50 61 63 6B 65 74 73 ("MaxPackets") 1 ( 01 ) 1 (1h) 1 ( F3 ) End_Name 1 ( F2 ) Start_Name 14 ( AD ) 4D 61 78 53 75 62 70 61 63 6B 65 74 73 ("MaxSubpackets") 1 ( 01 ) 1 (1h) 1 ( F3 ) End_Name 1 ( F2 ) Start_Name 11 ( AA ) 4D 61 78 4D 65 74 68 6F 64 73 ("MaxMethods") 1 ( 01 ) 1 (1h) 1 ( F3 ) End_Name 1 ( F1 ) End_List 1 ( F3 ) End_Name 1 ( F1 ) End_List 1 ( F9 ) End_of_Data 1 ( F0 ) Start_List 1 ( 00 ) 0 (0h) 1 ( 00 ) 0 (0h) 1 ( 00 ) 0 (0h) 1 ( F1 ) End_List << IF_RECV >> 1 ( F8 ) Call 9 ( A8 ) 00 00 00 00 00 00 00 FF ("Session Manager UID") 9 ( A8 ) 00 00 00 00 00 00 FF 01 ("Session Properties Method UID") 1 ( F0 ) Start_List 1 ( F0 ) Start_List 1 ( F2 ) Start_Name 11 ( AA ) 4D 61 78 4D 65 74 68 6F 64 73 ("MaxMethods") 1 ( 01 ) 1 (1h) 1 ( F3 ) End_Name 1 ( F2 ) Start_Name 14 ( AD ) 4D 61 78 53 75 62 70 61 63 6B 65 74 73 ("MaxSubpackets") 1 ( 01 ) 1 (1h) 1 ( F3 ) End_Name 1 ( F2 ) Start_Name 14 ( AD ) 4D 61 78 50 61 63 6B 65 74 53 69 7A 65 ("MaxPacketSize") 3 ( 82 ) 2028 (7ECh) 1 ( F3 ) End_Name 1 ( F2 ) Start_Name 11 ( AA ) 4D 61 78 50 61 63 6B 65 74 73 ("MaxPackets") 1 ( 01 ) 1 (1h) 1 ( F3 ) End_Name 1 ( F2 ) Start_Name 18 ( D0 10 ) 4D 61 78 43 6F 6D 50 61 63 6B 65 74 53 69 7A 65 ("MaxComPacketSize") 3 ( 82 ) 2048 (800h) 1 ( F3 ) End_Name 1 ( F2 ) Start_Name 26 ( D0 18 ) 4D 61 78 52 65 73 70 6F 6E 73 65 43 6F 6D 50 61 63 6B 65 74 53 69 7A 65 ("MaxResponseComPacketSize") 3 ( 82 ) 2048 (800h) 1 ( F3 ) End_Name 1 ( F2 ) Start_Name 12 ( AB ) 4D 61 78 53 65 73 73 69 6F 6E 73 ("MaxSessions") 1 ( 01 ) 1 (1h) 1 ( F3 ) End_Name 1 ( F2 ) Start_Name 16 ( AF ) 4D 61 78 49 6E 64 54 6F 6B 65 6E 53 69 7A 65 ("MaxIndTokenSize") 3 ( 82 ) 1992 (7C8h) 1 ( F3 ) End_Name 1 ( F2 ) Start_Name 20 ( D0 12 ) 4D 61 78 41 75 74 68 65 6E 74 69 63 61 74 69 6F 6E 73 ("MaxAuthentications") 1 ( 24 ) 36 (24h) 1 ( F3 ) End_Name 1 ( F2 ) Start_Name 21 ( D0 13 ) 4D 61 78 54 72 61 6E 73 61 63 74 69 6F 6E 4C 69 6D 69 74 ("MaxTransactionLimit") 1 ( 01 ) 1 (1h) 1 ( F3 ) End_Name 1 ( F2 ) Start_Name 19 ( D0 11 ) 44 65 66 53 65 73 73 69 6F 6E 54 69 6D 65 6F 75 74 ("DefSessionTimeout") 1 ( 00 ) 0 (0h) 1 ( F3 ) End_Name 1 ( F2 ) Start_Name 19 ( D0 11 ) 4D 61 78 53 65 73 73 69 6F 6E 54 69 6D 65 6F 75 74 ("MaxSessionTimeout") 1 ( 00 ) 0 (0h) 1 ( F3 ) End_Name 1 ( F2 ) Start_Name 19 ( D0 11 ) 4D 69 6E 53 65 73 73 69 6F 6E 54 69 6D 65 6F 75 74 ("MinSessionTimeout") 1 ( 00 ) 0 (0h) 1 ( F3 ) End_Name 1 ( F2 ) Start_Name 16 ( AF ) 44 65 66 54 72 61 6E 73 54 69 6D 65 6F 75 74 ("DefTransTimeout") 1 ( 00 ) 0 (0h) 1 ( F3 ) End_Name 1 ( F2 ) Start_Name 16 ( AF ) 4D 61 78 54 72 61 6E 73 54 69 6D 65 6F 75 74 ("MaxTransTimeout") 1 ( 00 ) 0 (0h) 1 ( F3 ) End_Name 1 ( F2 ) Start_Name 16 ( AF ) 4D 69 6E 54 72 61 6E 73 54 69 6D 65 6F 75 74 ("MinTransTimeout") 1 ( 00 ) 0 (0h) 1 ( F3 ) End_Name 1 ( F2 ) Start_Name 13 ( AC ) 4D 61 78 43 6F 6D 49 44 54 69 6D 65 ("MaxComIDTime") 1 ( 00 ) 0 (0h) 1 ( F3 ) End_Name 1 ( F2 ) Start_Name 12 ( AB ) 4D 61 78 43 6F 6D 49 44 43 4D 44 ("MaxComIDCMD") 1 ( 00 ) 0 (0h) 1 ( F3 ) End_Name 1 ( F2 ) Start_Name 14 ( AD ) 52 65 61 6C 54 69 6D 65 43 6C 6F 63 6B ("RealTimeClock") 1 ( 00 ) 0 (0h) 1 ( F3 ) End_Name 1 ( F1 ) End_List 1 ( F2 ) Start_Name 15 ( AE ) 48 6F 73 74 50 72 6F 70 65 72 74 69 65 73 ("HostProperties") 1 ( F0 ) Start_List 1 ( F2 ) Start_Name 18 ( D0 10 ) 4D 61 78 43 6F 6D 50 61 63 6B 65 74 53 69 7A 65 ("MaxComPacketSize") 3 ( 82 ) 2048 (800h) 1 ( F3 ) End_Name 1 ( F2 ) Start_Name 14 ( AD ) 4D 61 78 50 61 63 6B 65 74 53 69 7A 65 ("MaxPacketSize") 3 ( 82 ) 2028 (7ECh) 1 ( F3 ) End_Name 1 ( F2 ) Start_Name 16 ( AF ) 4D 61 78 49 6E 64 54 6F 6B 65 6E 53 69 7A 65 ("MaxIndTokenSize") 3 ( 82 ) 1992 (7C8h) 1 ( F3 ) End_Name 1 ( F2 ) Start_Name 11 ( AA ) 4D 61 78 50 61 63 6B 65 74 73 ("MaxPackets") 1 ( 01 ) 1 (1h) 1 ( F3 ) End_Name 1 ( F2 ) Start_Name 14 ( AD ) 4D 61 78 53 75 62 70 61 63 6B 65 74 73 ("MaxSubpackets") 1 ( 01 ) 1 (1h) 1 ( F3 ) End_Name 1 ( F1 ) End_List 1 ( F3 ) End_Name 1 ( F1 ) End_List 1 ( F9 ) End_of_Data 1 ( F0 ) Start_List 1 ( 00 ) 0 (0h) 1 ( 00 ) 0 (0h) 1 ( 00 ) 0 (0h) 1 ( F1 ) End_List Performing revertTPer on /dev/sdd << IF_SEND >> 1 ( F8 ) Call 9 ( A8 ) 00 00 00 00 00 00 00 FF ("Session Manager UID") 9 ( A8 ) 00 00 00 00 00 00 FF 02 ("StartSessionMethod") 1 ( F0 ) Start_List 2 ( 81 ) 105 (69h) 9 ( A8 ) 00 00 02 05 00 00 00 01 ("SP Admin") 1 ( 01 ) 1 (1h) 1 ( F2 ) Start_Name 15 ( AE ) 53 65 73 73 69 6F 6E 54 69 6D 65 6F 75 74 ("SessionTimeout") 3 ( 82 ) 60000 (EA60h) 1 ( F3 ) End_Name 1 ( F1 ) End_List 1 ( F9 ) End_of_Data 1 ( F0 ) Start_List 1 ( 00 ) 0 (0h) 1 ( 00 ) 0 (0h) 1 ( 00 ) 0 (0h) 1 ( F1 ) End_List << IF_RECV >> 1 ( F8 ) Call 9 ( A8 ) 00 00 00 00 00 00 00 FF ("Session Manager UID") 9 ( A8 ) 00 00 00 00 00 00 FF 03 ("SyncSession Method UID") 1 ( F0 ) Start_List 2 ( 81 ) 105 (69h) 3 ( 82 ) 4275 (10B3h) 1 ( F1 ) End_List 1 ( F9 ) End_of_Data 1 ( F0 ) Start_List 1 ( 00 ) 0 (0h) 1 ( 00 ) 0 (0h) 1 ( 00 ) 0 (0h) 1 ( F1 ) End_List << IF_SEND >> 1 ( F8 ) Call 9 ( A8 ) 00 00 00 00 00 00 00 01 ("ThisSP") 9 ( A8 ) 00 00 00 06 00 00 00 0C ("Enterprise Authenticate") 1 ( F0 ) Start_List 9 ( A8 ) 00 00 00 09 00 00 00 06 ("SID") 1 ( F2 ) Start_Name 10 ( A9 ) 43 68 61 6C 6C 65 6E 67 65 ("Challenge") 34 ( D0 20 ) 59 7B 0C 6A 13 EF 03 22 61 9F 1A 09 D6 C6 66 69 6C 27 24 3B ED A3 B8 7F DB F8 8E 4F BD F8 8F 26 ("Y{.j..."a.....fil'$;.......O...&") 1 ( F3 ) End_Name 1 ( F1 ) End_List 1 ( F9 ) End_of_Data 1 ( F0 ) Start_List 1 ( 00 ) 0 (0h) 1 ( 00 ) 0 (0h) 1 ( 00 ) 0 (0h) 1 ( F1 ) End_List << IF_RECV >> 1 ( F0 ) Start_List 1 ( 01 ) 1 (1h) 1 ( F1 ) End_List 1 ( F9 ) End_of_Data 1 ( F0 ) Start_List 1 ( 00 ) 0 (0h) 1 ( 00 ) 0 (0h) 1 ( 00 ) 0 (0h) 1 ( F1 ) End_List << IF_SEND >> 1 ( F8 ) Call 9 ( A8 ) 00 00 00 00 00 00 00 01 ("ThisSP") 9 ( A8 ) 00 00 00 06 00 00 00 11 ("RevertSP") 1 ( F0 ) Start_List 1 ( F1 ) End_List 1 ( F9 ) End_of_Data 1 ( F0 ) Start_List 1 ( 00 ) 0 (0h) 1 ( 00 ) 0 (0h) 1 ( 00 ) 0 (0h) 1 ( F1 ) End_List << IF_RECV >> 1 ( F0 ) Start_List 1 ( F1 ) End_List 1 ( F9 ) End_of_Data 1 ( F0 ) Start_List 1 ( 01 ) 1 (1h) 1 ( 00 ) 0 (0h) 1 ( 00 ) 0 (0h) 1 ( F1 ) End_List method status code NOT_AUTHORIZED

./sedutil-cli --revertNoErase password  /dev/sdd

method status code NOT_AUTHORIZED

fdisk -l /dev/sdd

fdisk: cannot open /dev/sdd: Input/output error

yizhanglinux commented 4 months ago

@JaBoMa Do you have a chance to check this issue? Thanks in advance.

yizhanglinux commented 4 months ago

BTW, the default sedutil supported 15 lockranges, but the disk I used has 31 lockranges, I added one commit to support more lockranges: https://github.com/yizhanglinux/sedutil/commit/3cd0ee8cf7e8c98a9c8a632e2667e527ba4643cf

JaBoMa commented 4 months ago

Where did you get the procedure that instructs you to execute disableLockingRange right after initialSetup, or reverTPer before revertNoErase? I really don't understand what are you going to do. I also have no experience with the Dell Seagate SAS SED 2.4T RPM 10K drive, which I am completely unfamiliar with. My modest knowledge about DTA Sedutil comes from this discussion forum (I recommend the search function), from the DTA Sedutil Wiki (I recommend reading it), and from my personal experience with my own SSD drives, which certainly meet the requirements of the T.C.G. Opal specification. I only use the software available at https://github.com/Drive-Trust-Alliance/exec, and - optionally - at https://github.com/ChubbyAnt/sedutil/releases. I by no means consider myself an expert on sedutil, SSD, or T.C.G. Opal. On this forum I am looking for information rather than providing it. And I start my search by using the "search" function: hasn't anyone asked about this before? (This brings better results than doing something not very sensible (e.g. taking the soufflé out of the oven halfway through baking) and asking everyone on the forum: "Oh, my soufflé fell! Does anyone know what I should do now?") I only give advice in exceptional situations when I have already experienced them myself and know what actions helped me then. So - I'm very sorry - I can't help in your case. ATB JBM

yizhanglinux commented 4 months ago

Yeah, I saw ReadLockEnabled/WriteLockEnabled were enabled, then I tried disableLockingRange to disable them. And I got the cmd reverTPer and revertNoErase from [1], from the manual, seems it can set the disk to factory defaults, but it doesn't work on the disk, thanks for the info, I will try to reach out to DELL if they can give suggestion to recover it. [1] https://www.mankier.com/8/sedutil-cli

Thanks.

youk commented 4 months ago

First thing, it doesn't seem to me like TCG Opal drive, but TCG Enterprise one.