0

I have three HDD's (Seagate ST4000NM0053) in a RAID5 set-up using firmware RAID (RSTe 4.0, Intel® C612 chipset) on Debian 8.4. They are SED, so I would like to set the ATA password. Unfortunately, my motherboard's (http://www.supermicro.com/products/motherboard/Xeon/C600/X10DRT-HIBF.cfm) BIOS does not support it. Instead, it does a "SECURITY FREEZE" on boot.

I have managed to un-freeze the drives by hot-swapping them, then I have tried to use hdparm to set the ATA password, but it doesn't seem to stick. I don't get any error messages either:

hdparm --user-master m --security-set-pass 'MyPassword' /dev/sdb

hdparm -I /dev/sdb

... shows that the disk is "not enabled".

Some people have managed to suspend the computer temporarily to achieve the same effect as hot swapping, but I could only suspend to "disk" or "freeze" with rtcwake, neither of which seemed to help.

Right now the RAID system is appearing as empty, even though I'm only trying to set the KEK, not the MEK. Using an Ubuntu Live CD as suggested by the following article did not work (suspending crashed the live OS): https://www.pugetsystems.com/labs/articles/Introduction-to-Self-Encrypting-Drives-SED-557/

Supermicro technical support says that "Customer will need to set up SED via software (not via BIOS)."

Does anyone else have experience from similar setups?

Jay
  • 199
  • 1
  • 9

1 Answers1

0

You've set the master password, which is not the normal hard drive password; rather it's used in only a few situations (e.g. when the normal user password is forgotten).

The password you want to set is the user password.

--user-master u

Keep in mind that if you set the password, but the system BIOS doesn't support hard drive passwords, you will be unable to boot from the disk, and won't be able to access it at all until the password is supplied to it.

Michael Hampton
  • 244,070
  • 43
  • 506
  • 972
  • Thanks for your quick answer! Not being able to boot isn't an issue. But I was wondering if it could interfere with the firmware raid? Also, it says "not enabled", doesn't that mean encryption isn't enabled? Shouldn't I be able to use the master password just like I would the user password when I unlock it? hdparm --user-master m --security-unlock 'MyPassword' /dev/sdb – Jay Apr 27 '16 at 21:54
  • Yes, you can use the master password to unlock the drive as well. But this isn't the normal way of doing things. Unlocking from the BIOS requires the user password, for instance. So it may come back to bite you later. – Michael Hampton Apr 27 '16 at 21:56
  • Followed your advice. "hdparm -I /dev/sdb" is now reporting that disk encryption is enabled. Soft reboot did not unfreeze the volumes, but a hard reboot did. Thanks! – Jay Apr 28 '16 at 01:48