Lead Image © braverabbit, 123RF.com

Using the ATA security features of modern hard disks and SSDs

In the Vault

Article from ADMIN 19/2014

By Oliver Tennert

Modern ATA hard drives and SSDs offer security options that help you control access and reliably destroy data if necessary.

The range of ATA security features are well defined, however, you will be hard pressed to find an operating system with a tightly-integrated tool chain that consistently leverages the benefits of ATA.

The hdparm tool, which is included with almost all Linux distributions, at least lets you control the ATA security features by scripting or manual commands. On many laptops, ATA security is integrated into the BIOS. This article describes how you can control access to your disk data through ATA security.

A Little Theory

When you buy an HDD or SSD today, all the security features are initially disabled. A query with hdparm as the root user provides ATA security information (Listing 1).

Listing 1

hdparm Info

# hdparm -I /dev/sdb
/dev/sda:
ATA device, with non-removable media
        Model Number:       INTEL SSDSC2CW240A3
        Serial Number:      XXXXXXXXXXXXXXXXXX
        Firmware Revision:  400i
        Transport:          Serial, ATA8-AST, SATA 1.0a, SATA II
[...]
Commands/features:
        Enabled Supported:
           *    SMART feature set
                Security Mode feature set
           *    Power Management feature set
           *    Write cache
                Look-ahead
           *    Host Protected Area feature set
[...]
Security:
        Master password revision code = 65534
                supported
        not     enabled
        not     locked
        not     frozen
        not     expired: security count
                supported: enhanced erase
        4min for SECURITY ERASE UNIT. 2min for ENHANCED SECURITY ERASE UNIT.
[...]

Listing 1 shows

...

Use Express-Checkout link below to read the full article (PDF).