Why is ATA Secure Erase strongly discouraged for USB SATA adapters?
Posted by koreth@reddit | linuxadmin | View on Reddit | 8 comments
I was looking for the best way to zero out some external SSDs. They're all SATA SSDs in enclosures with USB 3.1 adapters that support the UASP spec.
There is a quick way to zero out an SSD using the ATA Secure Erase command, but several of the resources I found advised very strongly against ever using it on a USB-connected SSD. Usually in red, just to make it more emphatic.
But none of the web pages I've found so far say why it doesn't work. I can't tell whether the warning is, "It can never work properly because of some fundamental, unavoidable aspect of bridging SATA to USB," or, "It should work, but some adapters have firmware bugs that cause it to blow up, so we are going to just give a blanket warning to keep people out of trouble."
What's the story here?
RipperTux@reddit
I found a technical answer here linking here. The text is copied below:
devilschocolate@reddit
dude you got the right answer. should be on top
hwertz10@reddit
Two notes here --
1) Interestingly, the 5TB external I have (once I got it passing commands -- see next point), the secure erase is supposed to take 818 minutes, the "extended" secure erase lists 2 minutes and really finishes in a second or two. It's spinning rust, but with SMR drives (which have to read in like 256MB, modify it, and write it back out to write out some blocks), to avoid the "read/modify" part they support TRIM, so apparently the extended erase is just doing a full-disk trim (like it would do on SSDs for the secure erase that just takes a second or two.)
2) usb-storage supports passing through SATA commands and such (this was used in USB 1 and 2); uas (used for USB 3 drives) does not. In Linux, you must blacklist your drive from uas (so it uses usb-storage). usb-storage is a bit slower than uas but doesn't drop it to USB2 speeds or anything; it does let smart, hdparm, etc. work to mess with the drive.
In my case, I didn't feel like waiting 15 hours to do a secure erase, the extended secure erase "zeroed" the disk in like 2 seconds. Very nice!
RandomLurkerName@reddit
I remember when SSDs first came out, there was a case where zeroing out a certain drive actually zeroed out the firmware for the drive's controller to, making a nice brick.
webtroter@reddit
Like when ubuntu was mounting the EFI firmware partition RW in the system.
rm -rf /was a whole new joke. Delete everything, even the BIOS. That's a nice paperweight now.Sintarsintar@reddit
The system still would boot just any non standard hardware wouldn't work it created the oddest issues
Splask@reddit
I use hdparm to do this frequently and the ATA data for the secure erase doesn't get passed over usb. Bought extended sata cables to run outside the computer for this purpose.
WeekendNew7276@reddit
This ☝️. I don't believe the ata secure erase command can be issued without a direct sata connection.