STB Suite

November 2013

In this Issue:

   

Where do you get your information? (four quick question survey – $500 voucher/coupon!)

Information surveyWe’re curious to know where our valued customers are getting their information on new products, services and industry news.

Take this very brief media poll (four questions) and you’ll receive a $500 voucher/coupon that can be redemed for any online purchase at STBSuite.com before 12/31/2013.

Thank you for being an STBSuite newsletter subscriber!

*Complete the short survey and receive a $500 voucher/coupon code redemable on anything at STBSuite.com before 12/31/2013. Yes, even Performa – WOW!

SATA SECURE ERASE

Introduction

The SATA SECURE ERASE command functionality was proposed/designed to be an answer to the problem of “how can we completely erase all data on a SATA disk drive in a known and approved fashion”. Another goal that this command was supposed to meet was to execute this erase process in the shortest amount of time possible.

Background

Early SATA drives had a FEATURE set know as Host Protected Area (HPA) that allowed the drive to be securely partitioned into multiple volumes. Access to these volumes could be limited to “protect” data or programs on the various partitions.

Because these HPA partitions were protected they could not be erased unless you knew the password to unlock them. This meant that generic erase or purge programs could not access and erase these HPA partitions.

Also, SATA drives manage defective and spare blocks (LBAs) on their own, apart from any user intervention. This makes purging or erasing defect LBAs a problem.

The SECURE ERASE command was designed to erase ALL the drive, including any HPA partitions and including any bad remapped LBAs.

What exactly does it do? It does one complete overwrite pass of the entire drive, writing either all zeros or all ones on every LBA in all HPAs and including any defective blocks.

Remember this “one complete write pass” when you read below about just how long this process can take! For now we will just say that the process is thorough, but it’s not any faster than writing a full pass to the drive…

Who (in our marketplace) wants to do Secure Erase?

Your customers read news articles about how wonderful Secure Erase is. They read how it is consistent and recommend if not endorsed by government agencies. So they ask you “do you use Secure Erase? It’s the best you know…”

That’s the clincher – you can run a government/end-user approved method of drive erasure and not have to worry about how many passes, what data pattern, etc.
If you run Secure Erase you are good to go!

Tell your customers “yes, we use the SECURE ERASE command to wipe your disk drives” and everything is good.

If only it were as simple as that…

a SATA drive connected to a SATA mobo port

This all sounds wonderful! A consistent, easy, proven method to completely erase an entire SATA disk drive!

But for a moment let’s consider this from the dark side…

If you were someone with evil intent, this command could give you a easy and quick was to destroy data on disk drives. Send a few commands (there are three commands needed to start the SECURE ERASE process) and POW – you’ve nuked the disk.

Enter BIOS “protection”

To prevent this from happening most all motherboard manufacturers created a system whereby as soon as a SATA drive was powered up and recognized by the BIOS it would be SECURITY FROZEN.

Security Freeze and Un-Freeze

This SATA feature does as its name implies – it “freezes” any SECURITY ERASE commands from working.

So, you go to erase your old disk drive before you donate it to your favorite charity and BOOM – your brand new Security Erase enabled purge utility won’t erase your drive  because it’s frozen from doing so.

How do you “unfreeze” a drive? Simple (sort of) – you just power-cycle the drive once the BIOS has frozen it.

Simple – not!

To do this you must boot your system, then quickly pull only the power connector off the back of your SATA drive, then quickly plug the power back in.

You should think “that sounds like a dangerous thing to do – couldn’t I damage something doing this?” and you’d be absolutely correct!

It can be done, but that doesn’t mean it should be done.

We at SCSI Toolbox do NOT recommend doing this!

Yes, you can purchase specialized dedicated hardware that will take care of this for you. More hardware that can only do one thing, at a premium price. It’s up to you…

It would certainly be better if you could do Secure Erase and all the other testing functionality of the STB Suite.

And so we go on a journey to provide this functionality to you.

A SATA drive connected to a SAS HBA

See how to perform SECURE ERASE on a SATA drive attached to an SAS HBA and read the rest of the article here.

Free LIVE training for the STBSuite

LIVE Online Meeting with STB

Let us show you!

You can’t beat free, right? Maybe, you have an old license of the Toolbox (1996 ring a bell, possibly 2006, maybe run a couple versions ago?). Possibly, you’ve been thinking about using the Suite for years but haven’t allocated the resources. Why not take 30-60 minutes of your time and see if the Suite could help with your Peripheral testing, screening, etc? We’ll tailor the training to your specific needs and be sure to cover all of your testing needs, answer questions and see if the STBSuite is right for you.

The STBSuite is constantly changing and we’re adding new tests, features, protocol support, logging options, and test parameters all the time. So, if you’ve been running that older version let us show you what’s changed! If you’ve been running the Toolbox for years, let us review your procedures and see if we can help cut down your testing times and increase your testing thoroughness. What have you got to lose?

Request your free training online here.

Ask Dr. SCSI – Having problems with Windows DEP?

The Real Dr. SCSI

Q. “Dear Dr. SCSI – I’m getting an Error, ‘Your DEP setting is incorrect and will cause SCSIToolbox to malfunction. Please contact support…’”

A. “Data Execution Prevention (DEP) is a security feature that is indented to prevent viruses or malicious exploits from corrupting files on your computer system. There are hardware-enforced DEP methods and software-enforced DEP.

The STB Suite requires certain device drivers be installed on the target test system. This is the type of activity that makes DEP “nervous”, and so it is required that DEP be set to a mode that will allow our drivers to be installed.

This DEP setting must be correctly set before installing the STB Suite. If not set correctly the STB Suite installation will abort.

The correct DEP setting is “Turn on DEP for essential Windows programs and services only

The incorrect DEP setting is “Turn on DEP for all programs and services…”

Chkinstall.exe

You will find the executable chkinstall.exe in your install folder. Run this program to check the integrity of your installation package and to check your DEP settings.

Note:

With most 64-bit versions of operating systems it is not possible for a program like chkinstall.exe to determine the systems DEP settings. In this case you will see a warning to that effect and you should follow the instructions below to be certain that DEP is set correctly.

Windows 7 and Server 2003/2008

These operating systems make setting DEP relatively easy. Here are the steps to check and/or set DEP before installing the STB Suite:

  1. Press the Start + Break keys to enter Control Panel System
  2. On the left of the System screen click “Advanced system settings” to bring up the System Properties page
  3. Click on the Data Execution Prevention tab
  4. Check to make sure that the top radio button is chosen as shown above
  5. If the top choice is not picked then pick it now, then click Apply
  6. Reboot your system now. DEP setting changes will not take effect until you have rebooted.

Server 2012, and some other 64-bit OS’s

These OS’s seem to have an option that will disallow the above DEP check/change process from being run. This is set as a security option, and the results will be that the DEP options described above will be grayed-out and cannot be changed.

There is information available on the web that would lead you to believe that you could achieve the proper DEP settings by using bcdedit via the command
bcdedit/set nx AlwaysOff

However, this does not actually work!

What you must do is follow these steps to first enable the System Properties->DEP dialog

  1. Open an elevated command prompt window. This can be done by pressing Start and opening All Programs->Accessories.
  2. Right-click on  Command Prompt and choose Run As Administrator. This will open a command prompt window
  3. Now enter bcdedit /set {current} ns OptOut
  4. Reboot your system
  5. Follow steps 1-6 above
  6. Reboot one last time
  7. Now you can install STB Suite

Read the full DEP article online here.

SCSI Toolbox, LLC on LinkedIn

SCSI Toolbox, LLC on LinkedInWe’ve recently added a LinkedIn company page.

If you would like to add to your skillset the STBSuite knowledge or testing skills please feel free to add a link to our product page or we would love your endorsement on what SCSI Toolbox has done for you.

Our LinkedIn product page can be viewed here!