Why is ATA Secure Erase strongly discouraged for USB SATA adapters?
Posted by koreth@reddit | linuxadmin | View on Reddit | 10 comments
I was looking for the best way to zero out some external SSDs. They're all SATA SSDs in enclosures with USB 3.1 adapters that support the UASP spec.
There is a quick way to zero out an SSD using the ATA Secure Erase command, but several of the resources I found advised very strongly against ever using it on a USB-connected SSD. Usually in red, just to make it more emphatic.
But none of the web pages I've found so far say why it doesn't work. I can't tell whether the warning is, "It can never work properly because of some fundamental, unavoidable aspect of bridging SATA to USB," or, "It should work, but some adapters have firmware bugs that cause it to blow up, so we are going to just give a blanket warning to keep people out of trouble."
What's the story here?
RipperTux@reddit
I found a technical answer here linking here. The text is copied below:
rizsamron@reddit
So my SSD is totally gone? The first time I tried secure erase because I was curious and it broke my SSD. Luckily it's just a 120GB SSD 😄
I used an enclosure when I did it. The thing is, after it failed, I was still able to copy partitions to it via gparted but then trying to boot from it, the drive is broken LOL
devilschocolate@reddit
dude you got the right answer. should be on top
hwertz10@reddit
Two notes here --
1) Interestingly, the 5TB external I have (once I got it passing commands -- see next point), the secure erase is supposed to take 818 minutes, the "extended" secure erase lists 2 minutes and really finishes in a second or two. It's spinning rust, but with SMR drives (which have to read in like 256MB, modify it, and write it back out to write out some blocks), to avoid the "read/modify" part they support TRIM, so apparently the extended erase is just doing a full-disk trim (like it would do on SSDs for the secure erase that just takes a second or two.)
2) usb-storage supports passing through SATA commands and such (this was used in USB 1 and 2); uas (used for USB 3 drives) does not. In Linux, you must blacklist your drive from uas (so it uses usb-storage). usb-storage is a bit slower than uas but doesn't drop it to USB2 speeds or anything; it does let smart, hdparm, etc. work to mess with the drive.
In my case, I didn't feel like waiting 15 hours to do a secure erase, the extended secure erase "zeroed" the disk in like 2 seconds. Very nice!
vegansgetsick@reddit
Very old post but it's just for confirmation and tips : it's because the Secure Erase command takes HOURS and the disk will not respond to anything during that time. The USB controller will think the drive is Kaputt and will reset the link, interrupting the Secure Erase and setting the drive in locked mode, unusable... (until unlock command is sent).
People recommend to do it with SATA, but this timeout can ALSO occur with sata ! It happened to me twice, and after 20min exactly 🙄
That's why the SAFE way to do a secure erase is to FIRST lock the drive manually (then maybe disconnect/reconnect the drive). Once the drive is locked, the OS, controller, or whatever, wont try to reset it (or cant). And then you can execute the secure erase on it for hours. No more timeout.
RandomLurkerName@reddit
I remember when SSDs first came out, there was a case where zeroing out a certain drive actually zeroed out the firmware for the drive's controller to, making a nice brick.
webtroter@reddit
Like when ubuntu was mounting the EFI firmware partition RW in the system.
rm -rf /
was a whole new joke. Delete everything, even the BIOS. That's a nice paperweight now.Sintarsintar@reddit
The system still would boot just any non standard hardware wouldn't work it created the oddest issues
Splask@reddit
I use hdparm to do this frequently and the ATA data for the secure erase doesn't get passed over usb. Bought extended sata cables to run outside the computer for this purpose.
WeekendNew7276@reddit
This ☝️. I don't believe the ata secure erase command can be issued without a direct sata connection.