VERSION(8) System Administration Utilities VERSION(8)

Version - =drive utilities

==========================================================================================

openSeaChest_Security - openSeaChest drive utilities - NVMe Enabled Copyright (c) 2014-2023 Seagate Technology LLC and/or its Affiliates, All Rights Reserved openSeaChest_Security Version: 3.3.0-6_2_0 X86_64 Build Date: Dec 1 2023 Today: Fri Dec 1 15:18:14 2023 User: current user

========================================================================================== Usage =====

openSeaChest_Security [-d <sg_device>] {arguments} {options}

Examples ========

openSeaChest_Security --scan openSeaChest_Security -d /dev/sg<#> -i openSeaChest_Security -d /dev/sg<#> --SATInfo openSeaChest_Security -d /dev/sg<#> --llInfo openSeaChest_Security -d /dev/sg<#> --ataSecurityInfo openSeaChest_Security -d /dev/sg<#> --ataSecureErase enhanced openSeaChest_Security -d /dev/sg<#> --ataSecureErase enhanced --ataSecPassword AutoATAWindowsString12345678901 --ataSecPassType user openSeaChest_Security -d /dev/sg<#> --disableATASecPW --ataSecPassword AutoATAWindowsString12345678901 --ataSecPassType user

Return codes ============

Generic/Common exit codes 0 = No Error Found 1 = Error in command line options 2 = Invalid Device Handle or Missing Device Handle 3 = Operation Failure 4 = Operation not supported 5 = Operation Aborted 6 = File Path Not Found 7 = Cannot Open File 8 = File Already Exists 9 = Need Elevated Privileges ---openSeaChest_Security specific exit codes--- 32 = Zero Validation Failure Anything else = unknown error

Utility Options ===============

--echoCommandLine

Echo the command line entered into the utility on the screen.

--enableLegacyUSBPassthrough

Only use this option on old USB or IEEE1394 (Firewire) products that do not otherwise work with the tool. This option will enable a trial and error method that attempts sending various ATA Identify commands through vendor specific means. Because of this, certain products that may respond in unintended ways since they may interpret these commands differently than the bridge chip the command was designed for.

--forceATA

Using this option will force the current drive to be treated as a ATA drive. Only ATA commands will be used to talk to the drive.
(SATA Only)
Using this option will force the tool to issue SAT commands to ATA device using the protocol set to DMA whenever possible (on DMA commands). This option can be combined with --forceATA
(SATA Only)
Using this option will force the tool to issue PIO commands to ATA device when possible. This option can be combined with --forceATA
(SATA Only)
Using this option will force the tool to issue SAT commands to ATA device using the protocol set to UDMA whenever possible (on DMA commands). This option can be combined with --forceATA

--forceSCSI

Using this option will force the current drive to be treated as a SCSI drive. Only SCSI commands will be used to talk to the drive.

-h, --help

Show utility options and example usage (this output you see now) Please report bugs/suggestions to seaboard@seagate.com. Include the output of --version information in the email.

--license

Display the Seagate End User License Agreement (EULA).

--modelMatch [model Number]

Use this option to run on all drives matching the provided model number. This option will provide a closest match although an exact match is preferred. Ex: ST500 will match ST500LM0001

--noBanner

Use this option to suppress the text banner that displays each time openSeaChest is run.

--onlyFW [firmware revision]

Use this option to run on all drives matching the provided firmware revision. This option will only do an exact match.

--onlySeagate

Use this option to match only Seagate drives for the options provided

-q, --quiet

Run openSeaChest_Security in quiet mode. This is the same as -v 0 or --verbose 0

-v [0-4], --verbose [0 | 1 | 2 | 3 | 4]

Show verbose information. Verbosity levels are: 0 - quiet 1 - default 2 - command descriptions 3 - command descriptions and values 4 - command descriptions, values, and data buffers Example: -v 3 or --verbose 3

-V, --version

Show openSeaChest_Security version and copyright information & exit

Utility arguments =================

-d, --device [deviceHandle | all]

Use this option with most commands to specify the device handle on which to perform an operation. Example: /dev/sg<#> To run across all devices detected in the system, use the "all" argument instead of a device handle. Example: -d all NOTE: The "all" argument is handled by running the
OS sequentially. For parallel operations, please use a script opening a separate instance for each device handle.

--displayLBA [LBA]

This option will read and display the contents of the specified LBA to the screen. The display format is hexadecimal with an ASCII translation on the side (when available).

-F, --scanFlags [option list]

Use this option to control the output from scan with the options listed below. Multiple options can be combined.
usb - show only USB devices scsi - show only SCSI (SAS) devices nvme - show only NVMe devices interfaceATA - show devices on an ATA interface interfaceUSB - show devices on a USB interface interfaceSCSI - show devices on a SCSI or SAS interface interfaceNVME = show devices on an NVMe interface sd - show sd device handles sgtosd - show the sd and sg device handle mapping

-i, --deviceInfo

Show information and features for the storage device

--llInfo

Dump low-level information about the device to assist with debugging.

-s, --scan

Scan the system and list all storage devices with logical /dev/sg<#> assignments. Shows model, serial and firmware numbers. If your device is not listed on a scan immediately after booting, then wait 10 seconds and run it again.

-S, --Scan

This option is the same as --scan or -s, however it will also perform a low level rescan to pick up other devices. This low level rescan may wake devices from low power states and may cause the OS to re-enumerate them. Use this option when a device is plugged in and not discovered in a normal scan. NOTE: A low-level rescan may not be available on all interfaces or all OSs. The low-level rescan is not guaranteed to find additional devices in the system when the device is unable to come to a ready state.

--SATInfo

Displays SATA device information on any interface using both SCSI Inquiry / VPD / Log reported data (translated according to SAT) and the ATA Identify / Log reported data.

--testUnitReady

Issues a SCSI Test Unit Ready command and displays the status. If the drive is not ready, the sense key, asc, ascq, and fru will be displayed and a human readable translation from the SPC spec will be displayed if one is available.

--fastDiscovery

to issue a fast scan on the specified drive.

--zeroVerify [full | quick]

Use this option to verify drive content, whether it's set to zero or not. This operation will read user accessible address and validate if content at that address is zero or not. Validation modes:
full - Complete drive will be scanned for verification. quick - 0.1% of total capacity will be scanned for ID and OD validation along with
2 random addresses from 10000 equal size sections each.
SATA Only: ========= --ataSATsecurityProtocol [enable | disable] (SATA only)
This option can be used to force enable or disable using the ATA security protocol as specified in the SAT specification. By default, the tool will use this method when it is supported to allow the SATL to understand and manage the security commands being performed and prevent other issues.
(SATA only)
This option will send the ATA security freezelock command to a device. This command prevents all other ATA security commands from being processed until the next reset or power cycle.
(SATA only)
Use this option to specify a password to use with an ATA security operation. If specifying a password with spaces, quotes must be used. If SeaChest is given, the default SeaChest password will be used. If empty is given, an empty password will be used. Examples:
"This is a valid password" ThisIsAlsoValid "This password uses \"quotes\" "This password is \/\/eird"
(SATA only)
Use this option to specify if the password being given with the --ataSecPassword option is a user or a master password. If this option is not provided, user is assumed.

--ataSecPWMod [byteswapped | zeropad | spacepad | fpad | leftAlign | rightAlign | uppercase | lowercase | invertcase] (SATA Only)

Use this option to have the utility make modifications to the ATA security password to attempt other various ways it may be sent by a system bios. These are not guaranteed to work, but may help unlock a drive that was locked by a BIOS that encoded the password in a unique way. This option can be presented multiple times to select multiple modificaitons. EX: --ataSecPWMod byteswapped --ataSecPWMod invertcase
byteswapped - byteswaps the password. EX: blah -> lbha zeropad - zero pads the password if less than 32 characters spacepad - space pads the password if less than 32 characters fpad - pads the passwords with Fh (all 1's) if less than 32characters leftAlign - left aligns the password in the buffer rightAlign - right aligns the password in the buffer uppercase - sends the password as all uppercase lowercase - sends the password as all lowercase invertcase - switches uppercase for lower, and lowercase for upper
(SATA only)
This option shows information about the ATA security feature on ATA devices. It will show the security state and flags related to the state, Master password capability & ID, time to perform a secure erase, whether user data is encrypted, and whether sanitize can override ATA security to repurpose a drive.
(SATA Only)
Use this option to disable an ATA security password. If the drive is in high security mode, either user or master password may be provided. In maximum security mode only the user password can be provided to unlock and disable the ATA security password. The master may only be used to erase the drive in maximum security mode. Use the --ataSecPassword option to provide the password to use and --ataSecPassType to specify whether it is the user or master password. If a drive lost power during an ATA Security Erase in openSeaChest_Security, then providing --ataSecPassword SeaChest will use the default SeaChest password used during the erase.
To disable a password set by a BIOS, the BIOS must have set the
password in ASCII. A BIOS may choose to hash or modify the password typed in the configuration however it chooses and this utility has no idea how to match what the BIOS has done so it may not always work to remove a password set by something other than this utility.
(SATA only)
Use this option along with the --ataSecPassword option and --ataSecPassType option to unlock a drive with the provided password. If the drive is in maximum security mode, only the user password may be used to unlock the device.

Data Destructive Commands (Seagate only) ========================================

SATA Only: ========= --ataSecureErase [normal | enhanced] (SATA only) (Clear | Purge)
Use "normal" to start a standard ATA security erase (Clear) or "enhanced" to start an enhanced ATA security erase (Purge).
ATA Security Erase takes a very long time to complete at approximately three (3) hours per Tera-byte (HDD). Some Seagate SED models will perform a quick cryptographic erase in enhanced mode and the time for completion is reported as 2 minutes by the drive, but will take only seconds. This industry standard command begins by locking the drive with a temporary password which is cleared at the end of the erasure. Do not run this command unless you have ample time to allow it to run through to the end. If the procedure is interrupted prior to completion, then the drive will remain in a locked state and you must manually restart from the beginning again. The tool will attempt to automatically clear the password that was set upon failure. The default password used by the tool is "SeaChest", plain ASCII letters without the quotes
* normal writes binary zeros (0) or ones (1) to all user data areas.
* enhanced will fill all user data areas and reallocated user data with a vendor specific pattern. Some Seagate Instant Secure Erase will perform a cryptographic erase instead of an overwrite.
Utility Version: 3.3.0 opensea-common Version: 2.0.0 opensea-transport Version: 6.2.0 opensea-operations Version: 5.1.1 Build Date: Dec 1 2023 Compiled Architecture: X86_64 Detected Endianness: Little Endian Compiler Used: GCC Compiler Version: 7.5.0 Operating System Type: Linux Operating System Version: 4.15.0-211 Operating System Name: Ubuntu 18.04.6 LTS
December 2023 Version Info for openSeaChest_Security: