oracular (8) openSeaChest_Security.8.gz

Provided by: openseachest_23.12-2_amd64 bug

NAME

       Version - =drive utilities

DESCRIPTION

       ==========================================================================================

              openSeaChest_Security  -  openSeaChest drive utilities - NVMe Enabled Copyright (c)
              2014-2023 Seagate  Technology  LLC  and/or  its  Affiliates,  All  Rights  Reserved
              openSeaChest_Security  Version:  3.3.0-6_2_0  X86_64 Build Date: Dec  1 2023 Today:
              Fri Dec  1 15:18:14 2023        User: current user

       ==========================================================================================
       Usage =====

              openSeaChest_Security [-d <sg_device>] {arguments} {options}

       Examples ========

              openSeaChest_Security     --scan    openSeaChest_Security    -d    /dev/sg<#>    -i
              openSeaChest_Security -d /dev/sg<#> --SATInfo openSeaChest_Security  -d  /dev/sg<#>
              --llInfo       openSeaChest_Security      -d      /dev/sg<#>      --ataSecurityInfo
              openSeaChest_Security -d /dev/sg<#> --ataSecureErase enhanced openSeaChest_Security
              -d        /dev/sg<#>        --ataSecureErase        enhanced       --ataSecPassword
              AutoATAWindowsString12345678901  --ataSecPassType  user  openSeaChest_Security   -d
              /dev/sg<#>   --disableATASecPW   --ataSecPassword   AutoATAWindowsString12345678901
              --ataSecPassType user

       Return codes ============

              Generic/Common exit codes 0 = No Error Found 1 = Error in command line options 2  =
              Invalid  Device Handle or Missing Device Handle 3 = Operation Failure 4 = Operation
              not supported 5 = Operation Aborted 6 = File Path Not Found 7 = Cannot Open File  8
              =  File  Already  Exists  9  =  Need  Elevated  Privileges ---openSeaChest_Security
              specific exit codes--- 32 = Zero Validation Failure Anything else = unknown error

       Utility Options ===============

       --echoCommandLine

              Echo the command line entered into the utility on the screen.

       --enableLegacyUSBPassthrough

              Only use this option on old  USB  or  IEEE1394  (Firewire)  products  that  do  not
              otherwise  work  with  the  tool.  This option will enable a trial and error method
              that attempts sending various ATA Identify commands through vendor specific  means.
              Because  of  this,  certain products that may respond in unintended ways since they
              may interpret these commands differently than  the  bridge  chip  the  command  was
              designed for.

       --forceATA

              Using  this  option will force the current drive to be treated as a ATA drive. Only
              ATA commands will be used to talk to the drive.

       --forceATADMA
              (SATA Only)

              Using this option will force the tool to issue SAT commands to ATA device using the
              protocol  set  to  DMA  whenever  possible  (on  DMA commands).  This option can be
              combined with --forceATA

       --forceATAPIO
              (SATA Only)

              Using this option will force the tool to issue PIO  commands  to  ATA  device  when
              possible. This option can be combined with --forceATA

       --forceATAUDMA
              (SATA Only)

              Using this option will force the tool to issue SAT commands to ATA device using the
              protocol set to UDMA whenever possible (on  DMA  commands).   This  option  can  be
              combined with --forceATA

       --forceSCSI

              Using  this option will force the current drive to be treated as a SCSI drive. Only
              SCSI commands will be used to talk to the drive.

       -h, --help

              Show utility options and example usage (this output  you  see  now)  Please  report
              bugs/suggestions   to   seaboard@seagate.com.   Include  the  output  of  --version
              information in the email.

       --license

              Display the Seagate End User License Agreement (EULA).

       --modelMatch [model Number]

              Use this option to run on all drives  matching  the  provided  model  number.  This
              option will provide a closest match although an exact match is preferred. Ex: ST500
              will match ST500LM0001

       --noBanner

              Use this option to suppress the text banner that displays each time openSeaChest is
              run.

       --onlyFW [firmware revision]

              Use  this option to run on all drives matching the provided firmware revision. This
              option will only do an exact match.

       --onlySeagate

              Use this option to match only Seagate drives for the options provided

       -q, --quiet

              Run openSeaChest_Security in quiet mode. This is the same as -v 0 or --verbose 0

       -v [0-4], --verbose [0 | 1 | 2 | 3 | 4]

              Show verbose information. Verbosity levels are: 0 - quiet 1 - default 2  -  command
              descriptions  3 - command descriptions and values 4 - command descriptions, values,
              and data buffers Example: -v 3 or --verbose 3

       -V, --version

              Show openSeaChest_Security version and copyright information & exit

       Utility arguments =================

       -d, --device [deviceHandle | all]

              Use this option with most commands to specify the device handle on which to perform
              an operation. Example: /dev/sg<#> To run across all devices detected in the system,
              use the "all" argument instead of a device handle.  Example: -d all NOTE: The "all"
              argument is handled by running the

       specified options on each drive detected in the
              OS  sequentially.  For  parallel operations, please use a script opening a separate
              instance for each device handle.

       --displayLBA [LBA]

              This option will read and display the contents of the specified LBA to the  screen.
              The  display  format  is  hexadecimal  with  an ASCII translation on the side (when
              available).

       -F, --scanFlags [option list]

              Use this option to control the output from scan  with  the  options  listed  below.
              Multiple options can be combined.

       ata - show only ATA (SATA) devices
              usb  -  show  only USB devices scsi - show only SCSI (SAS) devices nvme - show only
              NVMe devices interfaceATA - show devices on an ATA interface  interfaceUSB  -  show
              devices  on a USB interface interfaceSCSI - show devices on a SCSI or SAS interface
              interfaceNVME = show devices on an NVMe interface  sd  -  show  sd  device  handles
              sgtosd - show the sd and sg device handle mapping

       -i, --deviceInfo

              Show information and features for the storage device

       --llInfo

              Dump low-level information about the device to assist with debugging.

       -s, --scan

              Scan  the  system and list all storage devices with logical /dev/sg<#> assignments.
              Shows model, serial and firmware numbers.  If your device is not listed on  a  scan
              immediately after booting, then wait 10 seconds and run it again.

       -S, --Scan

              This  option  is the same as --scan or -s, however it will also perform a low level
              rescan to pick up other devices. This low level rescan may wake  devices  from  low
              power  states  and  may  cause the OS to re-enumerate them.  Use this option when a
              device is plugged in and not discovered in a normal scan.  NOTE: A low-level rescan
              may  not  be  available  on  all interfaces or all OSs. The low-level rescan is not
              guaranteed to find additional devices in the system when the device  is  unable  to
              come to a ready state.

       --SATInfo

              Displays  SATA  device information on any interface using both SCSI Inquiry / VPD /
              Log reported data (translated according to SAT) and the ATA Identify / Log reported
              data.

       --testUnitReady

              Issues  a SCSI Test Unit Ready command and displays the status. If the drive is not
              ready, the sense key, asc, ascq, and fru will be displayed  and  a  human  readable
              translation from the SPC spec will be displayed if one is available.

       --fastDiscovery

       Use this option
              to issue a fast scan on the specified drive.

       --zeroVerify [full | quick]

              Use  this  option  to  verify drive content, whether it's set to zero or not.  This
              operation will read user accessible address and validate if content at that address
              is zero or not.  Validation modes:

              full  -  Complete  drive  will  be scanned for verification.  quick - 0.1% of total
              capacity will be scanned for ID and OD validation along with

              2 random addresses from 10000 equal size sections each.

              SATA Only: ========= --ataSATsecurityProtocol [enable | disable]              (SATA
              only)

              This  option can be used to force enable or disable using the ATA security protocol
              as specified in the SAT specification.  By default, the tool will use  this  method
              when  it  is  supported  to  allow  the  SATL to understand and manage the security
              commands being performed and prevent other issues.

       --ataSecFreeze
              (SATA only)

              This option will send the ATA security freezelock command to a device. This command
              prevents  all other ATA security commands from being processed until the next reset
              or power cycle.

       --ataSecPassword ["ASCII password" | SeaChest | empty]
              (SATA only)

              Use this option to specify a password to use with an  ATA  security  operation.  If
              specifying  a password with spaces, quotes must be used.  If SeaChest is given, the
              default SeaChest password will be used.  If empty is given, an empty password  will
              be used.  Examples:

              "This  is  a  valid  password" ThisIsAlsoValid "This password uses \"quotes\" "This
              password is \/\/eird"

       --ataSecPassType [user | master]
              (SATA only)

              Use this option to specify if the password being given  with  the  --ataSecPassword
              option  is  a  user  or a master password.  If this option is not provided, user is
              assumed.

       --ataSecPWMod [byteswapped | zeropad  |  spacepad  |  fpad  |  leftAlign  |  rightAlign  |
              uppercase | lowercase | invertcase] (SATA Only)

              Use this option to have the utility make modifications to the ATA security password
              to attempt other various ways it may be sent  by  a  system  bios.  These  are  not
              guaranteed  to  work,  but  may  help unlock a drive that was locked by a BIOS that
              encoded the password in a unique way.  This option can be presented multiple  times
              to  select  multiple  modificaitons.   EX:  --ataSecPWMod byteswapped --ataSecPWMod
              invertcase

              byteswapped - byteswaps the password. EX: blah -> lbha  zeropad  -  zero  pads  the
              password if less than 32 characters spacepad - space pads the password if less than
              32 characters fpad - pads the passwords with Fh (all 1's) if less than 32characters
              leftAlign  -  left  aligns the password in the buffer rightAlign - right aligns the
              password in the buffer uppercase - sends the password as all uppercase lowercase  -
              sends  the password as all lowercase invertcase - switches uppercase for lower, and
              lowercase for upper

       --ataSecurityInfo
              (SATA only)

              This option shows information about the ATA security feature  on  ATA  devices.  It
              will  show  the  security  state  and  flags  related to the state, Master password
              capability & ID, time to perform a secure erase, whether user  data  is  encrypted,
              and whether sanitize can override ATA security to repurpose a drive.

       --disableATASecPW
              (SATA Only)

              Use  this  option  to  disable  an  ATA security password.  If the drive is in high
              security mode, either user or master password may be provided. In maximum  security
              mode  only the user password can be provided to unlock and disable the ATA security
              password. The master may only be used to erase the drive in maximum security  mode.
              Use the --ataSecPassword option to provide the password to use and --ataSecPassType
              to specify whether it is the user or master password.  If a drive lost power during
              an  ATA  Security  Erase  in openSeaChest_Security, then providing --ataSecPassword
              SeaChest will use the default SeaChest password used during the erase.

              To disable a password set by a BIOS, the BIOS must have set the

              password in ASCII. A BIOS may choose to hash or modify the password  typed  in  the
              configuration however it chooses and this utility has no idea how to match what the
              BIOS has done so it may not always work to remove a password set by something other
              than this utility.

       --unlockATASec
              (SATA only)

              Use  this option along with the --ataSecPassword option and --ataSecPassType option
              to unlock a drive with the provided password.  If the drive is in maximum  security
              mode, only the user password may be used to unlock the device.

       Data Destructive Commands (Seagate only) ========================================

              SATA Only: ========= --ataSecureErase [normal | enhanced]    (SATA only)     (Clear
              | Purge)

              Use "normal" to start a standard ATA security erase (Clear) or "enhanced" to  start
              an enhanced ATA security erase (Purge).

              ATA  Security  Erase  takes a very long time to complete at approximately three (3)
              hours  per  Tera-byte  (HDD).  Some  Seagate  SED  models  will  perform  a   quick
              cryptographic  erase  in enhanced mode and the time for completion is reported as 2
              minutes by the drive, but will take only seconds. This  industry  standard  command
              begins  by  locking the drive with a temporary password which is cleared at the end
              of the erasure. Do not run this command unless you have ample time to allow  it  to
              run  through  to the end. If the procedure is interrupted prior to completion, then
              the drive will remain in a locked state and you  must  manually  restart  from  the
              beginning again. The tool will attempt to automatically clear the password that was
              set upon failure. The default password used by the tool is "SeaChest", plain  ASCII
              letters without the quotes

              * normal writes binary zeros (0) or ones (1) to all user data areas.

              *  enhanced  will  fill all user data areas and reallocated user data with a vendor
              specific pattern. Some Seagate Instant Secure Erase will  perform  a  cryptographic
              erase instead of an overwrite.

              Utility  Version:  3.3.0  opensea-common  Version: 2.0.0 opensea-transport Version:
              6.2.0  opensea-operations  Version:  5.1.1  Build  Date:  Dec   1   2023   Compiled
              Architecture: X86_64 Detected Endianness: Little Endian Compiler Used: GCC Compiler
              Version: 7.5.0 Operating System Type: Linux Operating  System  Version:  4.15.0-211
              Operating System Name: Ubuntu 18.04.6 LTS