0

Note that this is a different case from similar question asked 7 years ago, here: hparm -I /dev/sda does not report a Security section - should I be concerned?

In my case the SSD (part number: ct2000mx500ssd1) should support hardware AES encryption by specification, here: CRUCIAL® MX500SOLID STATE DRIVE

Running hdparm -I /dev/sda returns following:


/dev/sda:

ATA device, with non-removable media
    Model Number:       CT2000MX500SSD1                         
    Serial Number:      1752E1091E21        
    Firmware Revision:  M3CR010 
    Transport:          Serial, ATA8-AST, SATA 1.0a, SATA II Extensions, SATA Rev 2.5, SATA Rev 2.6, SATA Rev 3.0
Standards:
    Used: unknown (minor revision code 0x006d) 
    Supported: 10 9 8 7 6 5 
    Likely used: 10
Configuration:
    Logical     max current
    cylinders   16383   0
    heads       16  0
    sectors/track   63  0
    --
    LBA    user addressable sectors:   268435455
    LBA48  user addressable sectors:  3907029168
    Logical  Sector size:                   512 bytes
    Physical Sector size:                   512 bytes
    Logical Sector-0 offset:                  0 bytes
    device size with M = 1024*1024:     1907729 MBytes
    device size with M = 1000*1000:     2000398 MBytes (2000 GB)
    cache/buffer size  = unknown
    Form Factor: 2.5 inch
    Nominal Media Rotation Rate: Solid State Device
Capabilities:
    LBA, IORDY(can be disabled)
    Queue depth: 32
    Standby timer values: spec'd by Standard, with device specific minimum
    R/W multiple sector transfer: Max = 1   Current = 1
    Advanced power management level: 254
    DMA: mdma0 mdma1 mdma2 udma0 udma1 udma2 udma3 udma4 udma5 *udma6 
         Cycle time: min=120ns recommended=120ns
    PIO: pio0 pio1 pio2 pio3 pio4 
         Cycle time: no flow control=120ns  IORDY flow control=120ns
Commands/features:
    Enabled Supported:
       *    SMART feature set
       *    Power Management feature set
       *    Write cache
       *    Look-ahead
       *    WRITE_BUFFER command
       *    READ_BUFFER command
       *    NOP cmd
       *    DOWNLOAD_MICROCODE
       *    Advanced Power Management feature set
       *    48-bit Address feature set
       *    Mandatory FLUSH_CACHE
       *    FLUSH_CACHE_EXT
       *    SMART error logging
       *    SMART self-test
       *    General Purpose Logging feature set
       *    WRITE_{DMA|MULTIPLE}_FUA_EXT
       *    64-bit World wide name
       *    WRITE_UNCORRECTABLE_EXT command
       *    {READ,WRITE}_DMA_EXT_GPL commands
       *    Segmented DOWNLOAD_MICROCODE
            unknown 119[8]
       *    Gen1 signaling speed (1.5Gb/s)
       *    Gen2 signaling speed (3.0Gb/s)
       *    Gen3 signaling speed (6.0Gb/s)
       *    Native Command Queueing (NCQ)
       *    Phy event counters
       *    READ_LOG_DMA_EXT equivalent to READ_LOG_EXT
       *    DMA Setup Auto-Activate optimization
            Device-initiated interface power management
       *    Software settings preservation
            Device Sleep (DEVSLP)
       *    SMART Command Transport (SCT) feature set
       *    SCT Features Control (AC4)
       *    SCT Data Tables (AC5)
       *    SANITIZE_ANTIFREEZE_LOCK_EXT command
       *    SANITIZE feature set
       *    CRYPTO_SCRAMBLE_EXT command
       *    BLOCK_ERASE_EXT command
       *    reserved 69[3]
       *    reserved 69[4]
       *    reserved 69[7]
       *    DOWNLOAD MICROCODE DMA command
       *    WRITE BUFFER DMA command
       *    READ BUFFER DMA command
       *    Data Set Management TRIM supported (limit 8 blocks)
Logical Unit WWN Device Identifier: 500a0751e1091e21
    NAA     : 5
    IEEE OUI    : 00a075
    Unique ID   : 1e1091e21
Device Sleep:
    DEVSLP Exit Timeout (DETO): 100 ms (drive)
    Minimum DEVSLP Assertion Time (MDAT): 10 ms (drive)
Checksum: correct

hdparm version is 9.58, from live Linux Mint 20.2 Uma CD. Tested on two PCs, same result. Seriously, should I be concerned?

kalabic
  • 3
  • 1

1 Answers1

1

The security section is not for SED, it is for ATA Security. These are two different technologies. SED provides transparent encryption of the drive and some offload of cryptographic processing. ATA Security is a method of locking the drive with a password, which is unrelated to encryption.

hdparm is not the correct tool for managing SED. You should look at sedutil instead. You can find guidance on managing SED in Linux here.

Polynomial
  • 132,208
  • 43
  • 298
  • 379
  • Thank you. And to add to confusion, I found that some users said that the ATA security section was back after the PSID reset; case of Crucial SSD MX100, here: [Crucial MX100 "lost" the security features?](https://forums.anandtech.com/threads/crucial-mx100-lost-the-security-features.2482065/) – kalabic Sep 13 '21 at 12:21
  • Yeah, unfortunately disk security stuff is notoriously flaky in terms of implementation, and it can be a total pain to configure and manage. I recommend using FDE on top of the disk regardless of whether or not you end up using SED. – Polynomial Sep 13 '21 at 12:24