Created date | Updated date | Affects version | Fix version |
---|---|---|---|
| 7.6.0 and older | 7.7.0 |
Description
When a drive shows "TCG LOCKED" in the Drive Eraser user interface the previous user or owner has enabled the TCG feature and Drive Eraser can not access the drive to perform an erasure. The drive has to be manually unlocked via a separate tool To unlock the drive follow the steps listed below.
Manual steps to unlock the drive
- Download RESCUE64.img.gz image from the sedutil page
- Decompress the Rescue system
- Linux: gunzip RESCUE64.img.gz
- Windows: Use 7-Zip
- Transfer the Rescue image to the USB stick
- Linux: dd if=RESCUE64.img of=/dev/sdX
- Windows: Use Win32DiskImager to write the image to the USB stick
- Boot the USB stick.
- You will see the login prompt, enter "root" there is no password and you will get a root shell prompt
Check for TCG Enterprise compliant drives using
sedutil-cli --scan
Output will look like this
Scanning for Opal compliant disks /dev/sda E SAS ST600MP0015 NT03
Check Locking status of the drive using
sedutil-cli --query
Output will look like this
/dev/sda SAS ST600MP0015 NT03 SEAGATE TPer function (0x0001) ACKNAK = N, ASYNC = N. BufferManagement = N, comIDManagement = N, Streaming = Y, SYNC = Y Locking function (0x0002) Locked = Y, LockingEnabled = Y, LockingSupported = Y, MBRDone = N, MBREnabled = N, MediaEncrypt = Y Geometry function (0x0003) Align = N, Alignment Granularity = 1 (528), Logical Block size = 528, Lowest Aligned LBA = 0 Enterprise function (0x0100) Range crossing = Y, Base comID = 0x07fe, comIDs = 2
If output shows "Locked = Y" then this drive shall be unlocked
- Note PSID on the drive label
Note that every drive has its own unique PSID!
- With the matching PSID the drive can be unlocked with following command, replace "sda" with the matching "sdX" number of the drive you want to unlock
- For HGST and Western Digital drives
For TCG Enterprise drives
sedutil-cli --PSIDrevertAdminSP PSIDpasswordPrintedOnLabel /dev/sda
For TCG Opal/Pyrite/Ruby drives
sedutil-cli –-yesIreallywanttoERASEALLmydatausingthePSID PSIDpasswordPrintedOnLabel /dev/sda
For Seagate drives
sedutil-cli –-yesIreallywanttoERASEALLmydatausingthePSID PSIDpasswordPrintedOnLabel /dev/sdX
- For HGST and Western Digital drives
If multiple drives are used and to find the matching "sdX" and disk serial use following command
find -L /sys/class/block -maxdepth 4 -name vpd_pg80 -exec cat {} \; -exec echo {} \;
This will show a list of all connected drives, including the "sdX" and disk serial
W461R3VJ /sys/class/block/sde/device/vpd_pg80
- Repeat these steps with all drives which need to be unlocked.