HDD的ATA security erase功能验证

在固太硬盘使用过程中会产生很多碎片，随着碎片的增加固态硬盘的性能也会大大降低，我们可以通过hdparm命令发送ATA Secure Erase 指令将固态硬盘恢复到初始状态来提高硬盘的性能。
使用注意：
1.该操作会擦除硬盘中所有数据且不能恢复，重要数据请提前备份。
2.每次操作为一次P/E，固态硬盘的P/E次数有限，过多执行此操作会影响固态硬盘寿命。
3.操作有风险，如果遇到系统或固态硬盘的bug，可能产生不可逆转的影响。

Step 1 - Make sure the drive Security is not frozen:

Issue the following command, where "X" matches your device (eg. sda).

hdparm -I /dev/X

Step 1a - Ensure the drive is not frozen:

Security:        Master password revision code = 65534               supported       not     enabled       not     locked       not     frozen       not     expired: security count               supported: enhanced erase       2min for SECURITY ERASE UNIT. 2min for ENHANCED SECURITY ERASE UNIT.

If the command output shows "frozen" (instead of "not frozen") then you cannot continue to the next step.

Many BIOSes will protect your drives if you have a password set (security enabled) by issuing a SECURITY FREEZE command before booting an operating system. If your drive is frozen, and it has a password enabled, try removing the password using the BIOS and powering down the system to see if that disables the freeze. Otherwise you may need to use a different motherboard (with a different BIOS).

A possible solution for SATA drives is hot-(re)plug the data cable (this might crash your kernel). If hot-(re)pluging the SATA data cable crashes the kernel try letting the operating system fully boot up, then quickly hot-(re)plug both the SATA power and data cables.

• It has been reported that hooking up the drive to an eSATA SIIG ExpressCard/54 with an eSATA enclosure will leave the drive security state to "not frozen".

• Placing my system into "sleep" (suspend to RAM) worked too---and this may reset other drives to "not frozen" as well. This has worked on PCs from various manufacturers including Dell, Lenovo, and Clevo. Many Live distributions can be suspended to RAM for this purpose:

 echo -n mem > /sys/power/state

• Users have also reported that IDE Drives may be unfreezed by plugging in an IDE cable to a CD-ROM first, booting your system and then moving the IDE cable to the drive in question. This will allow you to bypass "SECURITY FREEZE" commands sent by BIOS and your OS. BE AWARE, that IDE cables are not hot-pluggable and this technique possesses even higher risks; under no circumstances should you connect/disconnect/swap power cables of an HDD or CD-ROM, when your PC is on.

Step 2 - Enable security by setting a user password:

WARNING: When the user password is set the drive will be locked after next power cycle (the drive will deny normal access until unlocked with the correct password).

Step 2a - Set a User Password:

Any password will do, as this should only be temporary. After the secure erase the password will be set back to NULL. For this procedure we'll use the password "Eins".

hdparm --user-master u --security-set-pass Eins /dev/X

Step 2a - Command Output:

security_password="Eins"/dev/sdd:Issuing SECURITY_SET_PASS command, password="Eins", user=user, mode=high

Step 2b - Make sure it succeeded, execute:

hdparm -I /dev/X

Step 2b - Command Output (should display "enabled"):

Security:        Master password revision code = 65534               supported               enabled       not     locked       not     frozen       not     expired: security count               supported: enhanced erase       Security level high       2min for SECURITY ERASE UNIT. 2min for ENHANCED SECURITY ERASE UNIT.

Step 3 - Issue the ATA Secure Erase command:

time hdparm --user-master u --security-erase Eins /dev/X

Step 3 Command Output:

Wait until the command completes. This example output shows it took about 40 seconds for an Intel X25-M 80GB SSD, for a 1TB hard disk it might take 3 hours or more!

security_password="Eins" /dev/sdd:Issuing SECURITY_ERASE command, password="Eins", user=user0.000u 0.000s 0:39.71 0.0%      0+0k 0+0io 0pf+0w

Step 4 - The drive is now erased! Verify security is disabled:

After a successful erasure the drive security should automatically be set to disabled (thus no longer requiring a password for access). Verify this by running the following command:

hdparm -I /dev/X

Step 4 - Command Output (should display "not enabled"):

Security:        Master password revision code = 65534               supported       not     enabled       not     locked       not     frozen       not     expired: security count               supported: enhanced erase       2min for SECURITY ERASE UNIT. 2min for ENHANCED SECURITY ERASE UNIT.