UniversalSuperBox/wipe.sh

## wipe.sh
#!/bin/bash

# Script to wipe all of the SATA storage media in a computer
# Absolutely, positively, do not run this script unless you want all of your data
# to be gone.

# Copyright 2019 Dalton Durst
#
# Permission is hereby granted, free of charge, to any person obtaining a copy
# of this software and associated documentation files (the "Software"), to deal
# in the Software without restriction, including without limitation the rights
# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
# copies of the Software, and to permit persons to whom the Software is
# furnished to do so, subject to the following conditions:
#
# The above copyright notice and this permission notice shall be included in all
# copies or substantial portions of the Software.
#
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
# SOFTWARE.

trap interrupt INT

BOLD='\e[1m'
RED='\e[91m'
NORMAL='\e[0m'
RED_BACKGROUND='\e[101m'
GREEN_BACKGROUND='\e[42m'
YELLOW_BACKGROUND='\e[43m'

# Holds the drives which were not able to be wiped
FAILED=''

# Holds the drives which may be wiped via SANITIZE operations
SANITIZE_DISKS=''

# Holds the drives which may be wiped via SECURE ERASE
SECURE_ERASE_DISKS=''

interrupt() {
    echo -e "${RED_BACKGROUND}                                                                                ${NORMAL}"
    echo 'Canceled. Press Enter to power down.'
    enter_to_off
}

success() {
    echo -e 'Done! Press Enter to power down.'
    enter_to_off
}

enter_to_off() {
    read
    sudo poweroff
}

wait_for_idle() {
    GO=true
    while $GO; do
        sudo hdparm --sanitize-status "$1" |grep State
        if [[ `sudo hdparm --sanitize-status "$1"` =~ 'SD0' ]]; then
            GO=false
        fi
        sleep 1
    done
}

add_failure() {
    FAILED="$FAILED $1"
}

get_features() {
    sudo hdparm -I "$1"
}

show_specs() {
    sudo fdisk -l "$1"
    sudo hdparm -i "$1" | grep Model
}

echo "The following drives are installed in the system:"
lsblk -lbd -o NAME,SIZE
echo ''

while read DISK; do
    eval "$DISK"
    SUPPORTED_FEATURES=`get_features $NAME`
    if [ $SIZE -gt 50000000000 ]; then

        if [[ ! $SUPPORTED_FEATURES =~ 'SANITIZE' ]]; then
            echo -e "${RED}${NAME} does not support the SANITIZE feature set.${NORMAL}"
            SECURE_ERASE_DISKS="$SECURE_ERASE_DISKS $NAME"
            continue
        fi

        SANITIZE_DISKS="$SANITIZE_DISKS $NAME"
    fi
done < <(lsblk -bdnpP -o NAME,SIZE)

if [[ -z $SANITIZE_DISKS ]] && [[ -z $SECURE_ERASE_DISKS ]]; then
    echo -e "${RED}No disks selected for wiping.${NORMAL}"
    interrupt || exit
fi

echo ''
echo 'The following disks will be erased:'
echo ''
echo 'With SANITIZE operations:'
for DISK in $SANITIZE_DISKS; do
    show_specs "$DISK"
done
echo ''
echo 'With SECURE ERASE operations:'
for DISK in $SECURE_ERASE_DISKS; do
    show_specs "$DISK"
done

echo ''
echo "Press Control-C within the next 30 seconds to cancel, or press Enter to continue"
read -t 30
echo ''

SUCCESSFUL=''
FAILED=''

for DISK in $SANITIZE_DISKS; do
    ADD_DISK=false
    SUPPORTED_FEATURES=`get_features $DISK`

    if [[ $SUPPORTED_FEATURES =~ 'CRYPTO_SCRAMBLE_EXT' ]]; then
        echo "Erasing $DISK with SANITIZE CRYPTOGRAPHIC SCRAMBLE"
        sudo hdparm --yes-i-know-what-i-am-doing --sanitize-crypto-scramble "$DISK" && ADD_DISK=true
        wait_for_idle "$DISK"
        ADD_DISK=true
    fi

    if [[ $SUPPORTED_FEATURES =~ 'BLOCK_ERASE_EXT' ]]; then
        echo "Erasing $DISK with SANITIZE BLOCK ERASE"
        sudo hdparm --yes-i-know-what-i-am-doing --sanitize-block-erase "$DISK" && ADD_DISK=true
        wait_for_idle "$DISK"
    fi

    if $ADD_DISK; then
        echo "Successfully wiped $DISK"
        SUCCESSFUL="$SUCCESSFUL $DISK"
    else
        echo -e "${RED}${BOLD}Did not find a suitable method to wipe ${DISK}${NORMAL}"
        add_failure $DISK
    fi
done

for DISK in $SECURE_ERASE_DISKS; do
    if [[ ! `get_features $DISK | grep frozen` =~ 'not' ]]; then
        # Disk is frozen
        echo -e "${YELLOW_BACKGROUND}                                                                                ${NORMAL}\n"
        echo "$DISK is frozen. We will now suspend the PC to attempt to unfreeze it."
        echo "After the PC is suspended, please wake it up yourself then press Enter again."
        echo "Press Enter now to suspend the PC."
        read && sudo systemctl suspend
        sleep 10
        echo "Waiting for you to press Enter again..."
        read || interrupt

        if [[ ! `get_features $DISK | grep frozen` =~ 'not' ]]; then
            echo "${RED}Disk is still frozen. I will not be able to wipe this disk.${NORMAL}"
            add_failure $DISK
            continue
        fi
    fi

    echo "Setting security password on $DISK to 'Eins'"
    if [[ ! `sudo hdparm --user-master u --security-set-pass Eins $DISK` ]]; then
        echo -e "${YELLOW_BACKGROUND}FAILED TO SET DRIVE PASSWORD ON DISK ${DISK}${NORMAL}"
        add_failure $DISK
        continue
    fi
    echo "Wiping $DISK with SATA Secure Erase"
    if [[ ! `sudo hdparm --user-master u --security-erase Eins $DISK` ]]; then
        add_failure $DISK
        echo -e "${YELLOW_BACKGROUND}FAILED TO SECURE ERASE ${DISK}${NORMAL}"
        echo "The drive password is currently 'Eins', you will need to reset it."
        echo "Press Enter to continue."
        read
        continue
    fi

    echo "Successfully wiped $DISK"
    SUCCESSFUL="$SUCCESSFUL $DISK"
done

echo "Wiped the following disks: $SUCCESSFUL"

if [[ -n "$FAILED" ]]; then
    echo -e "${RED_BACKGROUND}                                                                                ${NORMAL}"
    echo -e "${RED}I WAS UNABLE TO WIPE THE FOLLOWING DISKS${NORMAL}"
    echo "$FAILED"
else
    echo -e "${GREEN_BACKGROUND}                                                                                ${NORMAL}"
fi

success

[[ -n $SANITIZE_DISKS ]] && echo "The PC may fail to power off automatically. If so, you may force power off."
	#!/bin/bash

	# Script to wipe all of the SATA storage media in a computer
	# Absolutely, positively, do not run this script unless you want all of your data
	# to be gone.

	# Copyright 2019 Dalton Durst
	#
	# Permission is hereby granted, free of charge, to any person obtaining a copy
	# of this software and associated documentation files (the "Software"), to deal
	# in the Software without restriction, including without limitation the rights
	# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
	# copies of the Software, and to permit persons to whom the Software is
	# furnished to do so, subject to the following conditions:
	#
	# The above copyright notice and this permission notice shall be included in all
	# copies or substantial portions of the Software.
	#
	# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
	# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
	# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
	# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
	# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
	# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
	# SOFTWARE.

	trap interrupt INT

	BOLD='\e[1m'
	RED='\e[91m'
	NORMAL='\e[0m'
	RED_BACKGROUND='\e[101m'
	GREEN_BACKGROUND='\e[42m'
	YELLOW_BACKGROUND='\e[43m'

	# Holds the drives which were not able to be wiped
	FAILED=''

	# Holds the drives which may be wiped via SANITIZE operations
	SANITIZE_DISKS=''

	# Holds the drives which may be wiped via SECURE ERASE
	SECURE_ERASE_DISKS=''

	interrupt() {
	echo -e "${RED_BACKGROUND} ${NORMAL}"
	echo 'Canceled. Press Enter to power down.'
	enter_to_off
	}

	success() {
	echo -e 'Done! Press Enter to power down.'
	enter_to_off
	}

	enter_to_off() {
	read
	sudo poweroff
	}

	wait_for_idle() {
	GO=true
	while $GO; do
	sudo hdparm --sanitize-status "$1" \|grep State
	if [[ `sudo hdparm --sanitize-status "$1"` =~ 'SD0' ]]; then
	GO=false
	fi
	sleep 1
	done
	}

	add_failure() {
	FAILED="$FAILED $1"
	}

	get_features() {
	sudo hdparm -I "$1"
	}

	show_specs() {
	sudo fdisk -l "$1"
	sudo hdparm -i "$1" \| grep Model
	}

	echo "The following drives are installed in the system:"
	lsblk -lbd -o NAME,SIZE
	echo ''

	while read DISK; do
	eval "$DISK"
	SUPPORTED_FEATURES=`get_features $NAME`
	if [ $SIZE -gt 50000000000 ]; then

	if [[ ! $SUPPORTED_FEATURES =~ 'SANITIZE' ]]; then
	echo -e "${RED}${NAME} does not support the SANITIZE feature set.${NORMAL}"
	SECURE_ERASE_DISKS="$SECURE_ERASE_DISKS $NAME"
	continue
	fi

	SANITIZE_DISKS="$SANITIZE_DISKS $NAME"
	fi
	done < <(lsblk -bdnpP -o NAME,SIZE)

	if [[ -z $SANITIZE_DISKS ]] && [[ -z $SECURE_ERASE_DISKS ]]; then
	echo -e "${RED}No disks selected for wiping.${NORMAL}"
	interrupt \|\| exit
	fi

	echo ''
	echo 'The following disks will be erased:'
	echo ''
	echo 'With SANITIZE operations:'
	for DISK in $SANITIZE_DISKS; do
	show_specs "$DISK"
	done
	echo ''
	echo 'With SECURE ERASE operations:'
	for DISK in $SECURE_ERASE_DISKS; do
	show_specs "$DISK"
	done

	echo ''
	echo "Press Control-C within the next 30 seconds to cancel, or press Enter to continue"
	read -t 30
	echo ''

	SUCCESSFUL=''
	FAILED=''

	for DISK in $SANITIZE_DISKS; do
	ADD_DISK=false
	SUPPORTED_FEATURES=`get_features $DISK`

	if [[ $SUPPORTED_FEATURES =~ 'CRYPTO_SCRAMBLE_EXT' ]]; then
	echo "Erasing $DISK with SANITIZE CRYPTOGRAPHIC SCRAMBLE"
	sudo hdparm --yes-i-know-what-i-am-doing --sanitize-crypto-scramble "$DISK" && ADD_DISK=true
	wait_for_idle "$DISK"
	ADD_DISK=true
	fi

	if [[ $SUPPORTED_FEATURES =~ 'BLOCK_ERASE_EXT' ]]; then
	echo "Erasing $DISK with SANITIZE BLOCK ERASE"
	sudo hdparm --yes-i-know-what-i-am-doing --sanitize-block-erase "$DISK" && ADD_DISK=true
	wait_for_idle "$DISK"
	fi

	if $ADD_DISK; then
	echo "Successfully wiped $DISK"
	SUCCESSFUL="$SUCCESSFUL $DISK"
	else
	echo -e "${RED}${BOLD}Did not find a suitable method to wipe ${DISK}${NORMAL}"
	add_failure $DISK
	fi
	done

	for DISK in $SECURE_ERASE_DISKS; do
	if [[ ! `get_features $DISK \| grep frozen` =~ 'not' ]]; then
	# Disk is frozen
	echo -e "${YELLOW_BACKGROUND} ${NORMAL}\n"
	echo "$DISK is frozen. We will now suspend the PC to attempt to unfreeze it."
	echo "After the PC is suspended, please wake it up yourself then press Enter again."
	echo "Press Enter now to suspend the PC."
	read && sudo systemctl suspend
	sleep 10
	echo "Waiting for you to press Enter again..."
	read \|\| interrupt

	if [[ ! `get_features $DISK \| grep frozen` =~ 'not' ]]; then
	echo "${RED}Disk is still frozen. I will not be able to wipe this disk.${NORMAL}"
	add_failure $DISK
	continue
	fi
	fi

	echo "Setting security password on $DISK to 'Eins'"
	if [[ ! `sudo hdparm --user-master u --security-set-pass Eins $DISK` ]]; then
	echo -e "${YELLOW_BACKGROUND}FAILED TO SET DRIVE PASSWORD ON DISK ${DISK}${NORMAL}"
	add_failure $DISK
	continue
	fi
	echo "Wiping $DISK with SATA Secure Erase"
	if [[ ! `sudo hdparm --user-master u --security-erase Eins $DISK` ]]; then
	add_failure $DISK
	echo -e "${YELLOW_BACKGROUND}FAILED TO SECURE ERASE ${DISK}${NORMAL}"
	echo "The drive password is currently 'Eins', you will need to reset it."
	echo "Press Enter to continue."
	read
	continue
	fi

	echo "Successfully wiped $DISK"
	SUCCESSFUL="$SUCCESSFUL $DISK"
	done

	echo "Wiped the following disks: $SUCCESSFUL"

	if [[ -n "$FAILED" ]]; then
	echo -e "${RED_BACKGROUND} ${NORMAL}"
	echo -e "${RED}I WAS UNABLE TO WIPE THE FOLLOWING DISKS${NORMAL}"
	echo "$FAILED"
	else
	echo -e "${GREEN_BACKGROUND} ${NORMAL}"
	fi

	success

	[[ -n $SANITIZE_DISKS ]] && echo "The PC may fail to power off automatically. If so, you may force power off."