-
Notifications
You must be signed in to change notification settings - Fork 2
/
hd-secure-erase
executable file
·94 lines (76 loc) · 2.12 KB
/
hd-secure-erase
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
#!/bin/bash
# (c) 2020 Leif Sawyer
# License: GPL 3.0 (see https://github.com/akhepcat/)
# Permanent home: https://github.com/akhepcat/Miscellaneous/
# Direct download: https://raw.githubusercontent.com/akhepcat/Miscellaneous/master/hd-secure-erase
#
CWD=$(pwd)
PROG="${0##*/}"
trap cleanup SIGINT SIGTERM SIGKILL SIGQUIT SIGABRT SIGSTOP SIGSEGV
cleanup() {
if [ ${STATUS:-0} -eq 474 ]
then
hdparm --security-disable ${SECPASS} ${DISK}
# we aborted, so the above should unlock the drive
fi
echo -e "\n\n"
exit 0
}
if [ -z "$(which hdparm)" ]
then
echo "missing hdparm"
exit 1
elif [ -z "$(which blkid)" ]
then
echo "missing blkid"
exit 1
elif [ -z "$(which lsblk)" ]
then
echo "missing lsblk"
exit 1
fi
DISK=${1}
SECPASS="password1"
NOW=$(date "+%s")
if [ -z "${DISK}" -o ! -b "${DISK}" ]
then
echo "which disk to secure erase?"
exit 1
fi
ISDISK=$(lsblk -d -o TYPE -n "${DISK}" 2>&1 | grep disk)
if [ "${ISDISK}" != "disk" ]
then
echo "device ${DISK} is not a disk"
exit 1
fi
frozen=$(hdparm -I ${DISK} 2>&1 | grep -Ei 'not.*frozen|failed')
if [ -z "${FORCE}" ]
then
if [ -n "${frozen}" -a -z "${frozen##*failed*}" ]
then
echo "invalid device type for ${DISK}"
exit 1
elif [ -n "${frozen}" -a -z "${frozen##*frozen*}" ]
then
echo "You must suspend/resume to memory and try again:"
echo 'echo -n mem > /sys/power/state'
exit 1
fi
fi
echo "THIS IS DESTRUCTIVE. YOU MAY BRICK YOUR DRIVE. YOU HAVE BEEN WARNED"
#echo "using security password: ${SECPASS}"
STATUS=474
hdparm --user-master u --security-set-pass ${SECPASS} ${DISK}
# Show the status, steal the duration with redirection!
DUR=$(hdparm -I ${DISK} 2>&1 | grep -A 20 '^Security:' | tee /dev/stderr | grep 'ENHANCED SECURITY ERASE UNIT' | cut -f2 -d. | awk '{print $1}' )
DUR=${DUR//min/}
DUR=$(( $NOW + ($DUR * 60) ))
COMPLETE=$(date --date="@${DUR}")
echo "next step will erase disk, and will complete on: ${COMPLETE}"
echo "ctrl-c to abort now, or wait 5 seconds to continue"
sleep 5
time hdparm --user-master u --security-erase ${SECPASS} ${DISK}
STATUS=0
echo "Drive ${DISK} is now securely erased"
hdparm -I ${DISK} 2>&1 | grep -A 20 '^Security:'
cleanup