These switches are
DANGEROUS
to experiment with, and might not work with some kernels.
USE AT YOUR OWN RISK.
- --security-help
-
Display terse usage info for all of the --security-* options.
- --security-freeze
-
Freeze the drive's security settings.
The drive does not accept any security commands until next power-on reset.
Use this function in combination with --security-unlock to protect drive
from any attempt to set a new password. Can be used standalone, too.
No other options are permitted on the command line with this one.
- --security-unlock PWD
-
Unlock the drive, using password PWD.
Password is given as an ASCII string and is padded with NULs to reach 32 bytes.
The applicable drive password is selected with the --user-master switch
(default is "user" password).
No other options are permitted on the command line with this one.
- --security-set-pass PWD
-
Lock the drive, using password PWD (Set Password)
(DANGEROUS).
Password is given as an ASCII string and is padded with NULs to reach 32 bytes.
Use the special password
NULL
to set an empty password.
The applicable drive password is selected with the --user-master switch
(default is "user" password)
and the applicable security mode with the --security-mode switch.
No other options are permitted on the command line with this one.
- --security-disable PWD
-
Disable drive locking, using password PWD.
Password is given as an ASCII string and is padded with NULs to reach 32 bytes.
The applicable drive password is selected with the --user-master switch
(default is "user" password).
No other options are permitted on the command line with this one.
- --security-erase PWD
-
Erase (locked) drive, using password PWD
(DANGEROUS).
Password is given as an ASCII string and is padded with NULs to reach 32 bytes.
Use the special password
NULL
to represent an empty password.
The applicable drive password is selected with the --user-master switch
(default is "user" password).
No other options are permitted on the command line with this one.
- --security-erase-enhanced PWD
-
Enhanced erase (locked) drive, using password PWD
(DANGEROUS).
Password is given as an ASCII string and is padded with NULs to reach 32 bytes.
The applicable drive password is selected with the --user-master switch
(default is "user" password).
No other options are permitted on the command line with this one.
- --user-master USER
-
Specifies which password (user/master) to select.
Defaults to user password.
Only useful in combination with --security-unlock, --security-set-pass,
--security-disable, --security-erase or --security-erase-enhanced.
u user password
m master password
- --security-mode MODE
-
Specifies which security mode (high/maximum) to set.
Defaults to high.
Only useful in combination with --security-set-pass.
h high security
m maximum security
THIS FEATURE IS EXPERIMENTAL AND NOT WELL TESTED. USE AT YOUR OWN RISK.
FILES
/etc/hdparm.conf
BUGS
As noted above, the
-m sectcount
and
-u 1
options should be used with caution at first, preferably on a
read-only filesystem. Most drives work well with these features, but
a few drive/controller combinations are not 100% compatible. Filesystem
corruption may result. Backup everything before experimenting!
Some options (e.g. -r for SCSI) may not work with old kernels as
necessary ioctl()'s were not supported.
Although this utility is intended primarily for use with SATA/IDE hard disk
devices, several of the options are also valid (and permitted) for use with
SCSI hard disk devices and MFM/RLL hard disks with XT interfaces.
The Linux kernel up until 2.6.12 (and probably later) doesn't handle the
security unlock and disable commands gracefully and will segfault and in some
cases even panic. The security commands however might indeed have been executed
by the drive. This poor kernel behaviour makes the PIO data security commands
rather useless at the moment.
Note that the "security erase" and "security disable" commands have been
implemented as two consecutive PIO data commands and will not succeed on a
locked drive because the second command will not be issued after the segfault.
See the code for hints how patch it to work around this problem. Despite the
segfault it is often still possible to run two instances of hdparm
consecutively and issue the two necessary commands that way.
AUTHOR
hdparm
has been written by Mark Lord <mlord@pobox.com>, the original primary
developer and maintainer of the (E)IDE driver for Linux, and current contributer
to the libata subsystem, along with suggestions and patches from many netfolk.
The disable Seagate auto-powersaving code
is courtesy of Tomi Leppikangas(tomilepp@paju.oulu.fi).
Security freeze command by Benjamin Benz, 2005.
PIO data out security commands by Leonard den Ottolander, 2005.
Some other parts by Benjamin Benz and others.
SEE ALSO
http://www.t13.org/
Technical Committee T13 AT Attachment (ATA/ATAPI) Interface.
http://www.serialata.org/
Serial ATA International Organization.
http://www.compactflash.org/
CompactFlash Association.
Index
- NAME
-
- SYNOPSIS
-
- DESCRIPTION
-
- OPTIONS
-
- ATA Security Feature Set
-
- FILES
-
- BUGS
-
- AUTHOR
-
- SEE ALSO
-
This document was created by
man2html,
using the manual pages.
Time: 19:49:30 GMT, April 27, 2011