2

I was playing around with the ATA security erase on my SSD using hdparm, and I noticed that it works with both user and master passwords. However, I also noticed that invoking a security erase removed the user password, but not the master password, even if I did the erase using the master password. Is there a way I can remove the master password? Don't worry, I didn't forget it; it's a.

Delan Azabani
  • 1,066
  • 1
  • 10
  • 17

2 Answers2

3

You cannot disable the master password. There is even one set when the drive is manufactured. You can at most set it to empty with NULL in hdparm (see man page for details), though you might not want to try because it can brick the drive.

DISPWD in MHDD does exactly what --security-disable in hdparm does, that is disabling the user password, which will be done after a successful security erase, as mentioned in the OP.

Tom Yan
  • 9,075
  • 2
  • 17
  • 36
  • I'm fairly certain that the `DISPWD` command works with either the user password or the master password. It's true that the manufacturer sets a default master password, but it can be changed. – Ben N Feb 06 '16 at 03:54
  • I think I understand why you THOUGHT that DISPWD can "disable" master password -- because it will ask you which kind of password you are going to enter. Truth is it does NOT mean which to DISABLE. Moreover, you won't be able to use the master password to get DISPWD working if your user password is set with maximum security. See 4.18.4 Master password capability of ACS-3 revision 5: http://www.t13.org/Documents/UploadedDocuments/docs2013/d2161r5-ATAATAPI_Command_Set_-_3.pdf – Tom Yan Feb 07 '16 at 09:25
  • When we say to "disable" user password, we actually mean to disable the security feature set, because once a user password is set, the security feature set is in effect. Master password is of a different nature. It is ALWAYS set (even when it's set to empty) and act as a last resort when you have forgotten your user password. – Tom Yan Feb 07 '16 at 09:34
  • And yes, master password can be changed (and there is no way to "automatically" revert it to factory default once it's changed, AFAIK). I am not sure whether MHDD implement that in its PWD command though, since I don't see that being documented; but hdparm (as of current version: 9.48) can change both user and master password. (Hey that's why the OP!) – Tom Yan Feb 07 '16 at 09:49
  • so if you forget master and user pw, with max security, you've bricked the drive? – jiggunjer Jan 12 '18 at 06:30
  • with max security as long as you forget user pw you've "bricked" the drive, as master pw will not help in that case. – Tom Yan Oct 29 '19 at 10:10
2

MHDD can do this with its DISPWD (disable password) command. You have to unlock it first with the UNLOCK command.

David Schwartz
  • 61,528
  • 7
  • 100
  • 149