bwDraco/secure-erase.sh

## secure-erase.sh
#!/bin/bash

# SPDX-License-Identifier: Apache-2.0

################################################################################
# secure-erase.sh
# Copyright 2018-2023 bwDraco - Brian Wong
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#    http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
################################################################################

# Print header
echo "secure-erase.sh - Simple script for secure-erasing SATA devices."
echo "Copyright 2018-2023 bwDraco - Brian Wong."
echo "Licensed under the Apache License 2.0. There is NO WARRANTY."
echo

# Print usage information if no arguments were supplied.
if [ $# -eq 0 ]; then
    echo "Usage: $0 DEVICE"
    echo
    echo "This is a simple script to secure-erase drives, based on the procedure at"
    echo "<https://ata.wiki.kernel.org/index.php/ATA_Secure_Erase>."
    echo
    echo "It is your responsibility to ensure that you are erasing the correct device."
    echo "Although this script tries to check for a valid drive model name, it does not"
    echo "prevent you from operating on an arbitrary block device. Attempting to run this"
    echo "script on block devices other than SATA hard drives or SSDs that support the"
    echo "Secure Erase command and are either connected directly or through certain USB"
    echo "bridges (such as drive enclosures or external hard drives) can produce"
    echo "unpredictable results, including possible device malfunction or failure."
    echo "Note that this script does NOT support NVMe-based drives."
    echo
    echo "This script requires hdparm to function. It also uses smartctl to fetch the"
    echo "drive model name if possible; although not strictly necessary, an error message"
    echo "will be printed if smartctl could not be executed or returns an error."
    echo
    echo "I am not responsible for data loss, hardware failure, or other problems if you"
    echo "misuse this script!"
    exit 1
fi

# Print an error and exit if the file specified isn't valid.
if [ ! -b $1 ]; then
    echo "ERROR: The file $1 does not exist or is not a block device."
    echo "Run without arguments for usage information."
    exit 1
fi

# This script needs root, so print an error and exit if not running as root.
if [[ $EUID -ne 0 ]]; then
    echo "ERROR: This script requires root permissions."
    echo "Run without arguments for usage information."
    exit 1
fi

# Print an error and exit if we can't find hdparm.
if [[ $(command -v hdparm) == "" ]]; then
    echo "ERROR: Could not find hdparm in PATH."
    echo "Run without arguments for usage information."
    exit 1
fi

# Print warning and prompt for confirmation.
# If possible, fetch drive model from smartctl; print an error if this fails.
echo "WARNING: You are about to secure-erase $1."
echo "If you continue, all data on the device will be lost and cannot be recovered."
echo "You will need to repartition and reformat the device to use it again."
echo "Make sure you have specified the correct device before you proceed."
echo
if [[ $(command -v smartctl) == "" ]]; then
    echo "ERROR: Could not find smartctl in PATH. Drive model name cannot be retrieved."
else
    smartctl -i $1 | grep "Device Model"
    if [[ $? -ne 0 ]]; then
        echo "ERROR: smartctl did not return a valid drive model name."
        echo "You may have selected the wrong device. Proceed with caution."
    fi
fi
echo
read -p "Are you sure you want to continue? [y/N] " yn

# If confirmed, proceed with the operation.
case $yn in
    [Yy]* )
        echo "Erasing disk..."
        hdparm --user-master u --security-set-pass foo $1 && hdparm --user-master u --security-erase foo $1;;
    * ) exit;;
esac
	#!/bin/bash

	# SPDX-License-Identifier: Apache-2.0

	################################################################################
	# secure-erase.sh
	# Copyright 2018-2023 bwDraco - Brian Wong
	#
	# Licensed under the Apache License, Version 2.0 (the "License");
	# you may not use this file except in compliance with the License.
	# You may obtain a copy of the License at
	#
	# http://www.apache.org/licenses/LICENSE-2.0
	#
	# Unless required by applicable law or agreed to in writing, software
	# distributed under the License is distributed on an "AS IS" BASIS,
	# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	# See the License for the specific language governing permissions and
	# limitations under the License.
	################################################################################

	# Print header
	echo "secure-erase.sh - Simple script for secure-erasing SATA devices."
	echo "Copyright 2018-2023 bwDraco - Brian Wong."
	echo "Licensed under the Apache License 2.0. There is NO WARRANTY."
	echo

	# Print usage information if no arguments were supplied.
	if [ $# -eq 0 ]; then
	echo "Usage: $0 DEVICE"
	echo
	echo "This is a simple script to secure-erase drives, based on the procedure at"
	echo "<https://ata.wiki.kernel.org/index.php/ATA_Secure_Erase>."
	echo
	echo "It is your responsibility to ensure that you are erasing the correct device."
	echo "Although this script tries to check for a valid drive model name, it does not"
	echo "prevent you from operating on an arbitrary block device. Attempting to run this"
	echo "script on block devices other than SATA hard drives or SSDs that support the"
	echo "Secure Erase command and are either connected directly or through certain USB"
	echo "bridges (such as drive enclosures or external hard drives) can produce"
	echo "unpredictable results, including possible device malfunction or failure."
	echo "Note that this script does NOT support NVMe-based drives."
	echo
	echo "This script requires hdparm to function. It also uses smartctl to fetch the"
	echo "drive model name if possible; although not strictly necessary, an error message"
	echo "will be printed if smartctl could not be executed or returns an error."
	echo
	echo "I am not responsible for data loss, hardware failure, or other problems if you"
	echo "misuse this script!"
	exit 1
	fi

	# Print an error and exit if the file specified isn't valid.
	if [ ! -b $1 ]; then
	echo "ERROR: The file $1 does not exist or is not a block device."
	echo "Run without arguments for usage information."
	exit 1
	fi

	# This script needs root, so print an error and exit if not running as root.
	if [[ $EUID -ne 0 ]]; then
	echo "ERROR: This script requires root permissions."
	echo "Run without arguments for usage information."
	exit 1
	fi

	# Print an error and exit if we can't find hdparm.
	if [[ $(command -v hdparm) == "" ]]; then
	echo "ERROR: Could not find hdparm in PATH."
	echo "Run without arguments for usage information."
	exit 1
	fi

	# Print warning and prompt for confirmation.
	# If possible, fetch drive model from smartctl; print an error if this fails.
	echo "WARNING: You are about to secure-erase $1."
	echo "If you continue, all data on the device will be lost and cannot be recovered."
	echo "You will need to repartition and reformat the device to use it again."
	echo "Make sure you have specified the correct device before you proceed."
	echo
	if [[ $(command -v smartctl) == "" ]]; then
	echo "ERROR: Could not find smartctl in PATH. Drive model name cannot be retrieved."
	else
	smartctl -i $1 \| grep "Device Model"
	if [[ $? -ne 0 ]]; then
	echo "ERROR: smartctl did not return a valid drive model name."
	echo "You may have selected the wrong device. Proceed with caution."
	fi
	fi
	echo
	read -p "Are you sure you want to continue? [y/N] " yn

	# If confirmed, proceed with the operation.
	case $yn in
	[Yy]* )
	echo "Erasing disk..."
	hdparm --user-master u --security-set-pass foo $1 && hdparm --user-master u --security-erase foo $1;;
	* ) exit;;
	esac