Subject: Re: CVS commit: src/sbin/atactl
To: Takahiro Kambe <taca@back-street.net>
From: Matthias Drochner <M.Drochner@fz-juelich.de>
List: source-changes
Date: 04/13/2005 21:16:21
taca@back-street.net said:
> Do you have any plan to support the SECURITY ERASE UNIT command
> support?

Would't be hard to add, but I don't have that much time atm.

> It is dangerous but very useful for destroy contents of the
> disk.

Would be nice to be able to delete a disk completely with just
one command. As I understand the spec, it is not that easy
however:
- It cannot be done with security frozen. Modern BIOSes
  leave the disks in frozen state. One might find a workaround,
  eg hot-plug or an IDE RAID controller, but then it is
  not convenient anymore.
- One needs to set a password before to get the disk into the
  "security enabled" state. I might be able to set this in the
  BIOS, and perhaps the BIOS will even leave the disk un-frozen
  if I don't enter the right password on boot. What I don't
  know is whether the BIOS passes the password as-is to the disk.
  My laptop allows for 8 character passwords, while the ATA
  spec has room for 32 bytes. There might be some translation,
  hashing, secrets...
  (no, I'm not going to try it out:-)

best regards
Matthias