All times are UTC - 5 hours [ DST ]




Post new topic Reply to topic  [ 3 posts ] 
Author Message
 Post subject: Seagate Momentus FDE.1 - ATA/secure erase errors
PostPosted: May 29th, 2017, 17:38 
Offline

Joined: May 29th, 2017, 15:48
Posts: 3
Location: Midwest, USA
I have an older Seagate Momentus FDE.1 HDD (model ST9250424ASG) in an old Dell Latitude D820 which was set up with Wave Embassy Security Center from Dell. The FDE.1 offers full disk encryption, though runs Seagate's security feature called DriveTrust. DriveTrust security must be enabled by 3rd party software like Wave Embassy Security Center or WinMagic SecureDoc. You can also use regular ATA security on it.

Anyways, here is the problem. The OS that was on it (Windows 7 Ultimate 64-bit) was having some issues after a few Windows updates so I decided to restore the system back to a previous state using Macrium Reflect Home edition. I used my password to log into Wave Embassy Security Center's Trusted Drive control panel and un-initialized the drive and reverted the system back about 6 hours before the updates were installed. The problem now is that for some reason, after the system was reverted, it shows that the drive's DriveTrust security was somehow initialized again. No big deal, right? Just use your password and log in to Wave Embassy Security Center and un-initialize it again. Well now it tells me either my username or password are incorrect and they're not incorrect. Even the FDE's backup file shows they're the same as before.

The Seagate FDE.1 has a SID printed on the front of the drive (not a PSID), and the SID is set default as the drive's master password. This can then be used to do a crypto-erase. Unfortunately, no crypto-erase will succeed. I have tried Seagate's SeaTools for DOS, Parted Magic and even straight hdparm via Linux terminal. I am unable to set a user password for the drive and security on the drive is shown to NOT be enabled. Seagate's SeaTools is suppose to use the SID for a crypto-erase but even that fails, and tells me to check in the BIOS to see if drive passwords can be disabled. This hard drive has never had an ATA password set and its master password has never been changed. I have swapped the drive around to multiple systems thinking perhaps it was an issue with the IDE/SATA controller used but no matter what laptop I use - even my new business laptops - I'm unable to issue a secure erase/enhanced secure erase command that's successful. Enhanced Secure Erase on a FDE/SED acts as a crypto-erase, too, per Seagate's manual.

So there's no ATA security enabled on this drive, yet crypto-erase fails. If I try to set a hard drive password in the BIOS, I get an error message "The password is unacceptable!" Trying to set a password using hdparm returns an error of:

Quote:
SG_IO: bad/missing sense data, sb[]: 70 00 05 00 00 00 00 0a 00 00 00 00 24 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00


hdparm -N /dev/sda shows the HPC as being disabled. Running sudo smartctl -a /dev/sda will show all the correct drive information, but will also show a "DCO Checksum Failed."

So I'm convinced that the Drive Trust security was re-enabled when the system was reverted somehow which renders ATA security commands useless.

Next to being unable to use any drive security, the drive still acts just like a regular hard drive. I am not locked out of it and can still access it and install anything on it I want.

This is an old laptop and I have 2 brand new business laptops with dual Opal 2 Intel SSDs in each that I just bought, so this FDE.1 is not crucial to anything; however, I've decided to sell the Dell D820 and want to include this FDE.1 with it. I have other older FDE drives (FDE.2-4) but this is the drive I ordered with the D820 back in 2006.

If anyone has any ideas on further options, I'd appreciate it. In the meantime I will continue to try various things and also report back if I have any success for anyone else down the road with the same issue. Thank you.


Top
 Profile  
 
 Post subject: Re: Seagate Momentus FDE.1 - ATA/secure erase errors
PostPosted: May 31st, 2017, 18:17 
Offline

Joined: May 29th, 2017, 15:48
Posts: 3
Location: Midwest, USA
Well I exhausted all options on resetting the device using software/DOS/Linux. No mainboard with drive ATA security features successfully worked, either.

So in the end, to fix it, I accessed the drive's inline crypto engine on the chipset itself.


Top
 Profile  
 
 Post subject: Re: Seagate Momentus FDE.1 - ATA/secure erase errors
PostPosted: June 9th, 2017, 19:04 
Offline

Joined: May 29th, 2017, 15:48
Posts: 3
Location: Midwest, USA
Spildit wrote:
GodHand wrote:
Well I exhausted all options on resetting the device using software/DOS/Linux. No mainboard with drive ATA security features successfully worked, either.

So in the end, to fix it, I accessed the drive's inline crypto engine on the chipset itself.


Can you provide more details on how you did fix this drive at the end ?

Did you use some sort of TTL commands to reset the encryption function of the drive ?

Thanks.


In short, I sent raw VSC (VSC = Vendor Specific Commands) after putting the drive in SCSI mode using a USB bridge (there are a few USB-to-SATA cables out there that put a drive in SCSI mode). In this mode, and with the ability to use VSC, I flashed a special firmware I tweaked in order to set the drive into USB-to-SATA direct bridge mode allowing me to output the raw encrypting disk sectors.

From there it was simply about identifying the DEK blob and the sector (not hard to locate if you know the starting ASCII bytes you're looking for, but this varies between manufacturers). Then I just removed the DEK blob after dumping it but kept my firmware on the drive and put it back into the direct SATA connection in the laptop (the D820 is really a PATA-to-SATA, so no AHCI support, just IDE). I then used sudo hdparm in Linux to set a master password which I set as the drive's actual SID that's printed on the top of the drive, as well as a user password. At this point I flashed the latest official firmware to the drive and used SeaTools to back up the FDE master and user password (which were master and user passwords I set using hdparm). I was then able to issue a crypto-erase after putting the drive in my Lenovo ThinkPad T470 laptop using an enhanced storage bay, setting a user password directly in its UEFI BIOS' security section, and using its UEFI BIOS security feature that allows for one to crypto-erase a SED or secure erase a SSD directly from the UEFI BIOS and without having to actually boot into DOS software or Linux/Parted Magic. It asked for the drive's password and successfully performed a crypto-erase thus returning the drive back to OEM specifications (no security and no passwords other than the drive's OEM SID).

I tossed it back into the Dell, did a fresh install of Windows 7 Ultimate 64-bit, re-installed Wave Embassy and low and behold, it showed the drive as uninitialized which allowed me to initialize the drive again and set up its PBA (pre-boot authorization), which I made sure worked by shutting the device down and booting it again. Though after checking all this to make sure the drive truly was working properly, I uninitialized the drive, removed that junk software known as Wave Embassy, and deployed WinMagic key management to the laptop using my enterprise server running SecureDoc Enterprise, which backs up SED authorization data to prevent any types of lockouts, and can issue remote commands to uninitialize or crypto-erase a drive without knowing the username/password on the connected device. I use this on all of my devices that have Opal 2 SSC self-encrypting drives, and even my SAS SEDs that are in the server itself, but never figured I'd have to with an old-ass FDE.1 with its ancient DriveTrust API.


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 3 posts ] 

All times are UTC - 5 hours [ DST ]


Who is online

Users browsing this forum: No registered users and 71 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group