Provided by: openseachest_23.03.1-1_amd64 
NAME
openSeaChest_Security - =drive utilities
DESCRIPTION
==========================================================================================
openSeaChest_Security - openSeaChest drive utilities - NVMe Enabled Copyright (c)
2014-2023 Seagate Technology LLC and/or its Affiliates, All Rights Reserved
openSeaChest_Security Version: 3.2.1-4_0_4 X86_64 Build Date: Mar 10 2023 Today:
Thu Mar 16 15:50:13 2023 User: tyler
==========================================================================================
Usage =====
openSeaChest_Security [-d <sg_device>] {arguments} {options}
Examples ========
openSeaChest_Security --scan openSeaChest_Security -d /dev/sg? -i
openSeaChest_Security -d /dev/sg? --SATInfo openSeaChest_Security -d /dev/sg?
--llInfo openSeaChest_Security -d /dev/sg? --ataSecurityInfo openSeaChest_Security
-d /dev/sg? --ataSecureErase enhanced openSeaChest_Security -d /dev/sg?
--ataSecureErase enhanced --ataSecPassword AutoATAWindowsString12345678901
--ataSecPassType user openSeaChest_Security -d /dev/sg? --disableATASecPW
--ataSecPassword AutoATAWindowsString12345678901 --ataSecPassType user
Return codes ============
Generic/Common exit codes 0 = No Error Found 1 = Error in command line options 2 =
Invalid Device Handle or Missing Device Handle 3 = Operation Failure 4 = Operation
not supported 5 = Operation Aborted 6 = File Path Not Found 7 = Cannot Open File 8
= File Already Exists 9 = Need Elevated Privileges Anything else = unknown error
Utility Options ===============
--echoCommandLine
Echo the command line entered into the utility on the screen.
--enableLegacyUSBPassthrough
Only use this option on old USB or IEEE1394 (Firewire) products that do not
otherwise work with the tool. This option will enable a trial and error method
that attempts sending various ATA Identify commands through vendor specific means.
Because of this, certain products that may respond in unintended ways since they
may interpret these commands differently than the bridge chip the command was
designed for.
--forceATA
Using this option will force the current drive to be treated as a ATA drive. Only
ATA commands will be used to talk to the drive.
--forceATADMA
(SATA Only)
Using this option will force the tool to issue SAT commands to ATA device using the
protocol set to DMA whenever possible (on DMA commands). This option can be
combined with --forceATA
--forceATAPIO
(SATA Only)
Using this option will force the tool to issue PIO commands to ATA device when
possible. This option can be combined with --forceATA
--forceATAUDMA
(SATA Only)
Using this option will force the tool to issue SAT commands to ATA device using the
protocol set to UDMA whenever possible (on DMA commands). This option can be
combined with --forceATA
--forceSCSI
Using this option will force the current drive to be treated as a SCSI drive. Only
SCSI commands will be used to talk to the drive.
-h, --help
Show utility options and example usage (this output you see now) Please report
bugs/suggestions to seaboard@seagate.com. Include the output of --version
information in the email.
--license
Display the Seagate End User License Agreement (EULA).
--modelMatch [model Number]
Use this option to run on all drives matching the provided model number. This
option will provide a closest match although an exact match is preferred. Ex: ST500
will match ST500LM0001
--noBanner
Use this option to suppress the text banner that displays each time openSeaChest is
run.
--onlyFW [firmware revision]
Use this option to run on all drives matching the provided firmware revision. This
option will only do an exact match.
--onlySeagate
Use this option to match only Seagate drives for the options provided
-q, --quiet
Run openSeaChest_Security in quiet mode. This is the same as -v 0 or --verbose 0
-v [0-4], --verbose [0 | 1 | 2 | 3 | 4]
Show verbose information. Verbosity levels are: 0 - quiet 1 - default 2 - command
descriptions 3 - command descriptions and values 4 - command descriptions, values,
and data buffers Example: -v 3 or --verbose 3
-V, --version
Show openSeaChest_Security version and copyright information & exit
Utility arguments =================
-d, --device [deviceHandle | all]
Use this option with most commands to specify the device handle on which to perform
an operation. Example: /dev/sg? To run across all devices detected in the system,
use the "all" argument instead of a device handle. Example: -d all
--displayLBA [LBA]
This option will read and display the contents of the specified LBA to the screen.
The display format is hexadecimal with an ASCII translation on the side (when
available).
-F, --scanFlags [option list]
Use this option to control the output from scan with the options listed below.
Multiple options can be combined.
ata - show only ATA (SATA) devices
usb - show only USB devices scsi - show only SCSI (SAS) devices nvme - show only
NVMe devices interfaceATA - show devices on an ATA interface interfaceUSB - show
devices on a USB interface interfaceSCSI - show devices on a SCSI or SAS interface
interfaceNVME = show devices on an NVMe interface sd - show sd device handles
sgtosd - show the sd and sg device handle mapping
-i, --deviceInfo
Show information and features for the storage device
--llInfo
Dump low-level information about the device to assist with debugging.
-s, --scan
Scan the system and list all storage devices with logical /dev/sg? assignments.
Shows model, serial and firmware numbers. If your device is not listed on a scan
immediately after booting, then wait 10 seconds and run it again.
-S, --Scan
This option is the same as --scan or -s, however it will also perform a low level
rescan to pick up other devices. This low level rescan may wake devices from low
power states and may cause the OS to re-enumerate them. Use this option when a
device is plugged in and not discovered in a normal scan. NOTE: A low-level rescan
may not be available on all interfaces or all OSs. The low-level rescan is not
guaranteed to find additional devices in the system when the device is unable to
come to a ready state.
--SATInfo
Displays SATA device information on any interface using both SCSI Inquiry / VPD /
Log reported data (translated according to SAT) and the ATA Identify / Log reported
data.
--testUnitReady
Issues a SCSI Test Unit Ready command and displays the status. If the drive is not
ready, the sense key, asc, ascq, and fru will be displayed and a human readable
translation from the SPC spec will be displayed if one is available.
--fastDiscovery
Use this option
to issue a fast scan on the specified drive.
SATA Only: ========= --ataSATsecurityProtocol [enable | disable] (SATA
only)
This option can be used to force enable or disable using the ATA security protocol
as specified in the SAT specification. By default, the tool will use this method
when it is supported to allow the SATL to understand and manage the security
commands being performed and prevent other issues.
--ataSecFreeze
(SATA only)
This option will send the ATA security freezelock command to a device. This command
prevents all other ATA security commands from being processed until the next reset
or power cycle.
--ataSecPassword ["ASCII password" | SeaChest | empty]
(SATA only)
Use this option to specify a password to use with an ATA security operation. If
specifying a password with spaces, quotes must be used. If SeaChest is given, the
default SeaChest password will be used. If empty is given, an empty password will
be used. Examples:
"This is a valid password" ThisIsAlsoValid "This password uses \"quotes\" "This
password is \/\/eird"
--ataSecPassType [user | master]
(SATA only)
Use this option to specify if the password being given with the --ataSecPassword
option is a user or a master password. If this option is not provided, user is
assumed.
--ataSecPWMod [byteswapped | zeropad | spacepad | fpad | leftAlign | rightAlign |
uppercase | lowercase | invertcase] (SATA Only)
Use this option to have the utility make modifications to the ATA security password
to attempt other various ways it may be sent by a system bios. These are not
guaranteed to work, but may help unlock a drive that was locked by a BIOS that
encoded the password in a unique way. This option can be presented multiple times
to select multiple modificaitons. EX: --ataSecPWMod byteswapped --ataSecPWMod
invertcase
byteswapped - byteswaps the password. EX: blah -> lbha zeropad - zero pads the
password if less than 32 characters spacepad - space pads the password if less than
32 characters fpad - pads the passwords with Fh (all 1's) if less than 32characters
leftAlign - left aligns the password in the buffer rightAlign - right aligns the
password in the buffer uppercase - sends the password as all uppercase lowercase -
sends the password as all lowercase invertcase - switches uppercase for lower, and
lowercase for upper
--ataSecurityInfo
(SATA only)
This option shows information about the ATA security feature on ATA devices. It
will show the security state and flags related to the state, Master password
capability & ID, time to perform a secure erase, whether user data is encrypted,
and whether sanitize can override ATA security to repurpose a drive.
--disableATASecPW
(SATA Only)
Use this option to disable an ATA security password. If the drive is in high
security mode, either user or master password may be provided. In maximum security
mode only the user password can be provided to unlock and disable the ATA security
password. The master may only be used to erase the drive in maximum security mode.
Use the --ataSecPassword option to provide the password to use and --ataSecPassType
to specify whether it is the user or master password. If a drive lost power during
an ATA Security Erase in openSeaChest_Security, then providing --ataSecPassword
SeaChest will use the default SeaChest password used during the erase.
To disable a password set by a BIOS, the BIOS must have set the
password in ASCII. A BIOS may choose to hash or modify the password typed in the
configuration however it chooses and this utility has no idea how to match what the
BIOS has done so it may not always work to remove a password set by something other
than this utility.
--unlockATASec
(SATA only)
Use this option along with the --ataSecPassword option and --ataSecPassType option
to unlock a drive with the provided password. If the drive is in maximum security
mode, only the user password may be used to unlock the device.
Data Destructive Commands (Seagate only) ========================================
SATA Only: ========= --ataSecureErase [normal | enhanced] (SATA only)
Use "normal" to start a standard ATA security erase or "enhanced" to start an
enhanced ATA security erase.
ATA Security Erase takes a very long time to complete at approximately three (3)
hours per Tera-byte (HDD). Some Seagate SED models will perform a quick
cryptographic erase in enhanced mode and the time for completion is reported as 2
minutes by the drive, but will take only seconds. This industry standard command
begins by locking the drive with a temporary password which is cleared at the end
of the erasure. Do not run this command unless you have ample time to allow it to
run through to the end. If the procedure is interrupted prior to completion, then
the drive will remain in a locked state and you must manually restart from the
beginning again. The tool will attempt to automatically clear the password that was
set upon failure. The default password used by the tool is "SeaChest", plain ASCII
letters without the quotes
* normal writes binary zeros (0) or ones (1) to all user data areas.
* enhanced will fill all user data areas and reallocated user data with a vendor
specific pattern. Some Seagate Instant Secure Erase will perform a cryptographic
erase instead of an overwrite.
openSeaChest_Security - openSeaChest drive utilities - NVMe Enabled Copyright (c)
2014-2023 Seagate Technology LLC and/or its Affiliates, All Rights Reserved
openSeaChest_Security Version: 3.2.1-4_0_4 X86_64 Build Date: Mar 10 2023 Today:
Thu Mar 16 15:50:13 2023 User: tyler
==========================================================================================
Version Info for openSeaChest_Security:
Utility Version: 3.2.1 opensea-common Version: 1.23.0 opensea-transport Version:
4.0.4 opensea-operations Version: 4.4.0 Build Date: Mar 10 2023 Compiled
Architecture: X86_64 Detected Endianness: Little Endian Compiler Used: GCC Compiler
Version: 11.3.0 Operating System Type: Linux Operating System Version: 5.19.0-35
Operating System Name: Ubuntu 22.04.2 LTS
openSeaChest_Security ======================March=2023===================OPENSEACHEST=SECURITY(8)===============