How to secure erase all data on a SSD and avoid the error about SG_IO: bad/missing sense data.
The secure erase feature of SSDs is brilliant when you want to wipe a disk to sell or rebuild or whatever because it takes seconds to nuke the entire disk compared to hours doing a zero wipe on a spinning hard drive. For example, zero wiping a 2TB drive takes me roughly 26 hours compared to roughly 5 seconds for a SSD.
That said I did get into some issues recently when using hdparm to erase an SSD
which I had connected via the cheapest USB3 caddy I could find on eBay. I’m not
sure if it was totally the caddy’s fault or if it was me doing something wrong
but anyway, here’s how to wipe a SSD and how to fix the error about bad/missing
sense data.
Once you’ve found the name of the device (/dev/sdb in this case), run the
command below to see a load of info about the drive. Towards the bottom is a
section about Security. We need it to be not frozen and to support enhanced
erase. If your drive is frozen and you’re using a laptop you can try out the
unfreeze laptop drive
trick
which simply involves suspending the laptop with sudo systemctl suspend then
waking it up. I’ve found I’ve had to do this if the drive I’m trying to wipe is
in the machine’s main SATA port and I’m using a bootable USB to perform the
wipe.
roast@mint:~# sudo hdparm -I /dev/sdb
Security:
Master password revision code = 65534
supported
not enabled
not locked
not frozen
not expired: security count
supported: enhanced erase
Setting a password for the drive will enable the security option so
roast@mint:~# sudo hdparm --user-master u --security-set-pass your-password-here /dev/sdb
If you now run hdparm -I /dev/sdb again you should see the ‘enabled’ option
has been activated meaning the drive cannot be used without the password.
Final step is to perform the secure erase using your new password:
roast@mint:~# sudo hdparm --user-master u --security-erase your-password-here /dev/sdb
I say it’s the final step but for me this is where shit started to go wrong. I’ve successfully wiped SSDs this way before but this time something freaked out the drive and it refused to behave.
Whenever I tried to perform the secure erase or set the password I got the same
error about SG_IO: bad/missing sense data and nothing I did seemed to fix it:
I had an optical drive to HDD adapter for this machine which allowed me to boot normally and fix the issue:
sudo hdparm -I /dev/sdb which revealed the drive was in fact frozenI’ve read somewhere that using USB to SATA adapters can cause issues when using hdparm because certain commands don’t get passed through the adapter’s hardware to the SSD properly, and thinking back to all those times I’ve successfully used hdparm I was using a desktop so would have been connecting SSDs directly to the motherboard instead.
The frustrating part of all this was that while the SSD was connected via USB it didn’t show as being frozen. It’s also frustrating (and surprising) that my Thinkpad forced me to boot from a locked drive even after disabling in the bios. And why didn’t the password work? I still have questions to be answered but hey it was a learning experience and it still took way less than 26 hours to figure out.