Go Back   AnandTech Forums > Hardware and Technology > Memory and Storage

Forums
· Hardware and Technology
· CPUs and Overclocking
· Motherboards
· Video Cards and Graphics
· Memory and Storage
· Power Supplies
· Cases & Cooling
· SFF, Notebooks, Pre-Built/Barebones PCs
· Networking
· Peripherals
· General Hardware
· Highly Technical
· Computer Help
· Home Theater PCs
· Consumer Electronics
· Digital and Video Cameras
· Mobile Devices & Gadgets
· Audio/Video & Home Theater
· Software
· Software for Windows
· All Things Apple
· *nix Software
· Operating Systems
· Programming
· PC Gaming
· Console Gaming
· Distributed Computing
· Security
· Social
· Off Topic
· Politics and News
· Discussion Club
· Love and Relationships
· The Garage
· Health and Fitness
· Home and Garden
· Merchandise and Shopping
· For Sale/Trade
· Hot Deals with Free Stuff/Contests
· Black Friday 2014
· Forum Issues
· Technical Forum Issues
· Personal Forum Issues
· Suggestion Box
· Moderator Resources
· Moderator Discussions
   

Reply
 
Thread Tools
Old 01-31-2014, 05:14 PM   #1
Jovec
Senior Member
 
Join Date: Feb 2008
Posts: 466
Default Solved: Secure Erasing 840 Evo E-Drive - can it be done?

Replaced a 840 Evo in a system that was using Bitlocker encryption. I want to re-purpose the 840 Evo but it seems I can no longer use the Secure Erase function from Magician, DOS, or ROG bios.

Any ideas?

Solved

Summary: Samsung's Evo SSDs with EXT0BB6Q firmware added support for TCG Opal and eDrive encryption. Enabling this is done through the Samsung Magician software. The default state looks like this:



Step 1: Set the drive state to "Ready to Enable"



Step 2: Install Windows 8. eDrive mode cannot be activated on an existing OS install. After a successful install, eDrive should be activated and look like this:



At this point, Bitlocker is not activated and the SSD is not user encrypted, however the drive no longer accepts standard security commands and as such, can no longer be Secure Erased. Should you wish to use Bitlocker with eDrive, this is the point to enable it in Windows.



The drive cannot be Secure Erased via Magician as a non-OS drive, via a Magician created USB boot stick, or via my Asus ROG BIOS.

Bitlocker can be turned on and off and used successfully with the Evo as an eDrive, but there a few things to point out here. It's best to think of Edrive mode and Bitlocker as two separate things even though they are meant to work together. One can enable eDrive without using Bitlocker (results in no encryption). One can use Bitlocker without enabling eDrive (results in software encryption). One can still create and delete partitions with eDrive mode Enabled and otherwise use the drive as normal.

In my case, I was specifically testing eDrive and Bitlocker and it took a user action to enable eDrive. If the user's Evo was unknowing in an "Ready to enable" eDrive state, then a Win8 install will change that state to Enabled automatically and silently (by default - you can change the registry during the install process to avoid this). Also, there can come a time when the Evo is no longer needed as an eDrive, and a Secure Erase is desired to restore performance prior to use in a different environment or even being sold.

Samsung's initial response was to have me contact Microsoft. Their second response wanted me to do a warranty replacement. I don't agree with either option. The Samsung Evo is a consumer level SSD using a feature on a consumer level OS. Samsung should provide a consumer level PSID revert utility.

It turns out they have one, but they don't make it public. Here is link to Samsung's PSID revert utility, with much thanks to Micrornd! Standard disclaimers apply. Use at your own risk. Note that using this tool will destroy any data on the Evo, so back up first.

https://dl.dropboxusercontent.com/u/...D%20Revert.zip

I am not sure why they won't release it. A PSID revert does not allow one to access the encrypted data. A PSID revert also assumes physical access to the drive. Using the tool linked here, I was able to do a successful PSID revert. I didn't screen cap it, but the process can be seen in the PDF manual in the zip file. To my mind, the instructions are incomplete. The PSID revert will leave the eDrive state in "Ready to enable."



This will allow the Evo to automatically enable eDrive mode on the next Win8 install. If this is not what is desired, press the Disable button (reboot first required) so it looks like:


Last edited by Jovec; 08-20-2014 at 01:32 AM.
Jovec is offline   Reply With Quote
Old 01-31-2014, 05:48 PM   #2
MoInSTL
Senior Member
 
MoInSTL's Avatar
 
Join Date: Jan 2012
Posts: 342
Default

Did you make a bootable flash drive with secure erase and make the change in the BIOS to boot from it? What happens? What OS?

Try disconnecting all other drives and then try it.
MoInSTL is offline   Reply With Quote
Old 01-31-2014, 06:26 PM   #3
VirtualLarry
Lifer
 
VirtualLarry's Avatar
 
Join Date: Aug 2001
Posts: 26,782
Default

Is the disk ATA-password locked in some way?
__________________
Rig(s) not listed, because I change computers, like some people change their socks.
ATX is for poor people. And 'gamers.' - phucheneh
haswell is bulldozer... - aigomorla
"DON'T BUY INTEL, they will send secret signals down the internet, which
will considerably slow down your computer". - SOFTengCOMPelec
VirtualLarry is online now   Reply With Quote
Old 01-31-2014, 06:42 PM   #4
john3850
Golden Member
 
john3850's Avatar
 
Join Date: Oct 2002
Location: To close to NYC
Posts: 1,103
Default

I have only done it with the 830 and 840 only.
To run Secure Erase via Windows, the Samsung SSD must be installed as a secondary disk in your system and use Samsung Magician which will put the needed files on a usb flash drive for you.
Next you unlock the drive and follow the directions.
Be sure which number drive your going to se.
__________________
WC-3770k-77 Extreme4-46k=1.301v-830-ST240-7970-2x8 VLP-1866 1.35v in a Haf932-Dell u2412m
2500k-47k-Z68 Pro3-4x4sniper-5870-840-Boot-wifes pc .
WC i7 930 200x21 1.31v-5870-M4-840ssd-bkup pc.
john3850 is offline   Reply With Quote
Old 01-31-2014, 07:04 PM   #5
MoInSTL
Senior Member
 
MoInSTL's Avatar
 
Join Date: Jan 2012
Posts: 342
Default

What do you mean that it must be installed as a secondary disk? I have used it on 830, 840 Pro and 840 EVO. In all cases, it was my C:/boot drive only attached to MB.
MoInSTL is offline   Reply With Quote
Old 01-31-2014, 07:05 PM   #6
john3850
Golden Member
 
john3850's Avatar
 
Join Date: Oct 2002
Location: To close to NYC
Posts: 1,103
Default

Sometimes it takes a few times to unlock the drive.
__________________
WC-3770k-77 Extreme4-46k=1.301v-830-ST240-7970-2x8 VLP-1866 1.35v in a Haf932-Dell u2412m
2500k-47k-Z68 Pro3-4x4sniper-5870-840-Boot-wifes pc .
WC i7 930 200x21 1.31v-5870-M4-840ssd-bkup pc.
john3850 is offline   Reply With Quote
Old 01-31-2014, 07:11 PM   #7
john3850
Golden Member
 
john3850's Avatar
 
Join Date: Oct 2002
Location: To close to NYC
Posts: 1,103
Default

Quote:
Originally Posted by MoInSTL View Post
What do you mean that it must be installed as a secondary disk? I have used it on 830, 840 Pro and 840 EVO. In all cases, it was my C:/boot drive only attached to MB.
Your using a usb flash with installed Samsung files as your 1rst boot so you c: is your secondary.
That came from the Samsung help file and I always had a few SSDs when I did one a single se.
__________________
WC-3770k-77 Extreme4-46k=1.301v-830-ST240-7970-2x8 VLP-1866 1.35v in a Haf932-Dell u2412m
2500k-47k-Z68 Pro3-4x4sniper-5870-840-Boot-wifes pc .
WC i7 930 200x21 1.31v-5870-M4-840ssd-bkup pc.

Last edited by john3850; 01-31-2014 at 07:21 PM.
john3850 is offline   Reply With Quote
Old 01-31-2014, 07:18 PM   #8
MoInSTL
Senior Member
 
MoInSTL's Avatar
 
Join Date: Jan 2012
Posts: 342
Default

Do you have a link to that? It seems kind of odd to me. (Edit: Just read your updated post. You are correct, the USB drive is the first drive. But the way I read it was it was installed as a secondary drive. My other SSD is my second drive).

OP: Make sure you are typing SEGUI0 (That's zero, not an O).

I have never had to try it a few times. I found out early on, it can take a minute or two when it's unplugged and then plug it back in and then enter the command

Last edited by MoInSTL; 01-31-2014 at 07:32 PM. Reason: typo
MoInSTL is offline   Reply With Quote
Old 01-31-2014, 07:51 PM   #9
john3850
Golden Member
 
john3850's Avatar
 
Join Date: Oct 2002
Location: To close to NYC
Posts: 1,103
Default

OP: Make sure you are typing SEGUI0 (That's zero, not an O).
I wasted 2 hours on that the 1rst time I tried.
__________________
WC-3770k-77 Extreme4-46k=1.301v-830-ST240-7970-2x8 VLP-1866 1.35v in a Haf932-Dell u2412m
2500k-47k-Z68 Pro3-4x4sniper-5870-840-Boot-wifes pc .
WC i7 930 200x21 1.31v-5870-M4-840ssd-bkup pc.
john3850 is offline   Reply With Quote
Old 01-31-2014, 08:03 PM   #10
schmuckley
Golden Member
 
Join Date: Aug 2011
Posts: 1,485
Default

Parted Magic
Dowload,burn ISO to USB or disc.
schmuckley is offline   Reply With Quote
Old 01-31-2014, 09:13 PM   #11
Jovec
Senior Member
 
Join Date: Feb 2008
Posts: 466
Default

I appreciate the comments. I have used Samsung's Secure Erase from the Magician software and from a USB boot stick before.

The issue is due to enabling E-drive on the Evo, as referenced here: http://www.anandtech.com/show/7572/s...ve-for-840-evo

Quote:
Back when the 840 EVO was launched, Samsung promised that support for Windows 8's eDrive (hardware based encryption, click here to read more) would be coming shortly after the release via firmware update. It took Samsung a bit longer than expected but firmware EXT0BB6Q is now available and it brings support for TCG Opal 2.0 and IEEE 1667 (the required standards for eDrive). The update is available through Samsung's SSD Magician software but if you prefer the good old ISO update method, click here to get the ISO file.
It appears that enabling this is irreversible. You can no longer change any of the drive's security options.



You can no longer secure erase.



There are two partitions I cannot erase via Disk Management (the 300MB and 100MB on Disk 1).



The drive still works however. Bitlocker is not enabled.

I'm debating trying to nuke the partitions from orbit (Linux), but I don't want to hose the drive.

Last edited by Jovec; 01-31-2014 at 09:36 PM.
Jovec is offline   Reply With Quote
Old 01-31-2014, 10:09 PM   #12
MoInSTL
Senior Member
 
MoInSTL's Avatar
 
Join Date: Jan 2012
Posts: 342
Default

Below is a link to an easy way to delete EFI partitions. (Using Diskpart) Assuming you want to nuke Disk1.

If you have never used Diskpart, you may want to temporarily disconnect your other drives. If not, then triple check you are selecting the correct drive to clean.
http://www.winability.com/delete-pro...isk-partition/

Short version
http://blogchampiondotcom.wordpress....ws-8-computer/

Last edited by MoInSTL; 01-31-2014 at 10:23 PM.
MoInSTL is offline   Reply With Quote
Old 02-01-2014, 12:04 AM   #13
Jovec
Senior Member
 
Join Date: Feb 2008
Posts: 466
Default

Quote:
Originally Posted by MoInSTL View Post
Below is a link to an easy way to delete EFI partitions. (Using Diskpart) Assuming you want to nuke Disk1.

If you have never used Diskpart, you may want to temporarily disconnect your other drives. If not, then triple check you are selecting the correct drive to clean.
http://www.winability.com/delete-pro...isk-partition/

Short version
http://blogchampiondotcom.wordpress....ws-8-computer/
I went ahead and deleted the EFI partitions but the result is the same.

To be clear this is an issue with the eDrive standard and/or how Samsung implements it. From Magician help:

Quote:
Note: Class 0, TCG Opal and Encrypted Drive cannot be enabled simultaneously. Only one mode can be enabled at a time and all other modes must be disabled. Secure Erase cannot be done on Encrypted Drive or TCG Opal enabled SSD.
I don't recall this warning during the process, though it's possible I missed it. If anything then this thread is a warning that you cannot revert from TCP Opal and eDrive modes on Samsung SSDs.

Last edited by Jovec; 02-01-2014 at 12:12 AM.
Jovec is offline   Reply With Quote
Old 02-01-2014, 12:14 AM   #14
Ig
Senior Member
 
Join Date: Mar 2001
Posts: 233
Default

http://answers.microsoft.com/en-us/w...4-d8d8d551981d

Looks like you need to contact Samsung.
Ig is offline   Reply With Quote
Old 02-01-2014, 12:22 AM   #15
Jovec
Senior Member
 
Join Date: Feb 2008
Posts: 466
Default

Quote:
Originally Posted by Ig View Post
http://answers.microsoft.com/en-us/w...4-d8d8d551981d

Looks like you need to contact Samsung.
Thanks. That's exactly the thing (my Google-fu sucks). Note that Magician says to contact Microsoft...
Jovec is offline   Reply With Quote
Old 02-01-2014, 02:39 AM   #16
Hellhammer
AnandTech SSD Editor
 
Hellhammer's Avatar
 
Join Date: Apr 2011
Location: Helsinki, Finland
Posts: 541
Default

Have you tried disabling encryption through Windows 8's BitLocker? There should be an option to disable BitLocker.
__________________
SSD Editor for AnandTech
Hellhammer is offline   Reply With Quote
Old 02-01-2014, 02:43 AM   #17
Jovec
Senior Member
 
Join Date: Feb 2008
Posts: 466
Default

Quote:
Originally Posted by Hellhammer View Post
Have you tried disabling encryption through Windows 8's BitLocker? There should be an option to disable BitLocker.
Yes, Bitlocker was disabled. In fact, I don't think Bitlocker was ever enabled on this drive (it was on another). eDrive mode on the drive gets enabled before the actual bitlocker encryption takes place. The rough process is as follows:

1) Use Magician to set Encrypted Drive mode to "Ready to Enable"
2) Install fresh Win8. At this point Encrypted Drive mode is set to Enable (see SS above) and cannot be reverted and secure erase no longer works.
3) Enable Bitlocker encryption.

Last edited by Jovec; 02-01-2014 at 02:52 AM.
Jovec is offline   Reply With Quote
Old 02-01-2014, 09:30 AM   #18
MoInSTL
Senior Member
 
MoInSTL's Avatar
 
Join Date: Jan 2012
Posts: 342
Default

So is the drive now showing as one partition? Are Disk Management options (format, delete volume) grayed out on that drive?

Look right below Step 10. It may or may not help.
http://www.eightforums.com/tutorials...-a.html?filter[1]=Security%20System%20Tools

Found a related thread on the Crucial site
http://forum.crucial.com/t5/Solid-St...se/td-p/137551
MoInSTL is offline   Reply With Quote
Old 02-01-2014, 01:18 PM   #19
PliotronX
Diamond Member
 
PliotronX's Avatar
 
Join Date: Oct 1999
Posts: 7,166
Default

Quote:
Originally Posted by schmuckley View Post
Parted Magic
Dowload,burn ISO to USB or disc.
+1 As soon as BitLocker is in the mix, headaches happen. You need to activate the SE function independently of the OS and Parted Magic will do it.
__________________
. <~~ Do not breathe on the dot.

"Remember when your mom shoved brussel sprouts down your throat regardless of how many times you told her you hated the things? Even when there was god damn corn right there in the fridge? Yeah, thats Microsoft." -shortylickens
PliotronX is online now   Reply With Quote
Old 02-01-2014, 01:49 PM   #20
Jovec
Senior Member
 
Join Date: Feb 2008
Posts: 466
Default

The drive works (and always did). I deleted the EFI partitions, but before that I could still manage the rest of the disk.

The issue is that enabling eDrive appears to be irreversible. Think of eDrive and Bitlocker as two separate things. eDrive mode on the SSD can be enabled whether or not you use Bitlocker, and of course Bitlocker can be used with or without eDrive. If I flipped the "switch" on an Evo, gave it to you, and you installed Win8 Pro, eDrive mode will be enabled even if you never planned to use Bitlocker. At that point, you can no longer SE the drive.

Or maybe you used the drive as a Bitlocker eDrive for a year or two, then replace it. You could disable Bitlocker and use the drive elsewhere, but you couldn't SE the drive anymore.

A PSID reset seems to be what's needed. You'd think it would be a utility built into Magician or a boot disc it could create, but no such luck. I'm trying to contact Samsung for a PSID tool. I'm assuming that PSID reset utilities are manufacturer specific.

I'll look into Parted Magic, but I strongly suspect that when eDrive is enabled the drive itself prevents access to whatever is needed to SE (presumably the keys). Recall that I cannot SE from Windows (as a non-OS drive), boot the Samsung boot disc, or even from my Asus Rog BIOS.

Last edited by Jovec; 02-01-2014 at 02:01 PM.
Jovec is offline   Reply With Quote
Old 02-02-2014, 12:21 AM   #21
Ig
Senior Member
 
Join Date: Mar 2001
Posts: 233
Default

You should contact some major tech sites (ones that review ssds and such; looking at you Hellhammer ) and see if you can get them to try and replicate the issue. Seems like this could be a problem when buying a used SSD off ebay or craigslist, get a locked drive and can't do a SE.

Seems to also prevent the use of all ATA security commands (Secure Erase/bios disk password). And Lenovo shipping out Win7 laptops with it already enabled.
https://forums.lenovo.com/t5/T400-T5...s/td-p/1354729

Apparently there are 3rd party tools, but from the looks of it they are all selling it as part of their security packages.
Ig is offline   Reply With Quote
Old 02-03-2014, 02:44 PM   #22
Jovec
Senior Member
 
Join Date: Feb 2008
Posts: 466
Default

Samsung's response:

Quote:
Thank you for contacting Samsung.

Please do allow us to clarify that the PSID is in place to protect the password of the SSD. As such, data content would be irretrievable in the event that the SSD security password is forgotten/lost.

We wish to further explain that the PSID protects your data on the specific drive by executing a cryptographic erase process which returns the same drive to its original factory status/settings. This feature allows users to prevent access of data to any unauthorised persons.

In the event of forgotten password to a PSID-applied drive, TCG/OPAL users may contact their software vendor whereas eDRIVE users would need to contact Microsoft directly. If Bios is being utilised, the user would need to perform a reformat of the drive as a reset of the password may not be done.

We hope the above clarifies and do thank you for writing in to us.
Jovec is offline   Reply With Quote
Old 04-26-2014, 03:07 PM   #23
Jovec
Senior Member
 
Join Date: Feb 2008
Posts: 466
Default

Since it's been 3 months, I hit up Samsung again, and got this response:

Quote:
Dear Customer,

Thank you for contacting Samsung Support regarding your concerns and inquiries. We apologize for any inconvenience this may be causing you. Unfortunately the only way to disable the E-drive using the PSID is by doing a warranty exchange with our support team. It can only be done in house. Please reply and provide a copy of your Receipt or Invoice along with the following information to support@totalts.com:


1)Company Name
2) Name (First, Last)
3) Full Address (PO box is NOT accepted)
4) Email
5) Phone
6) Product Number
7) Serial Number
8) Detailed Reason for Exchange

Thank you again for contacting Samsung Support and have a good day.
Still not what I am looking for, but in comes Micrornd to the rescue with a (unofficial) link to Samsung's PSID revert utility!

I will update and summarize in the first post.
Jovec is offline   Reply With Quote
Old 04-26-2014, 04:31 PM   #24
Ig
Senior Member
 
Join Date: Mar 2001
Posts: 233
Default

Wow, I'm suprised Lenovo support put out a public link to it considering how everyone seems to be trying to keep it a secret.
Ig is offline   Reply With Quote
Old 07-16-2014, 10:35 AM   #25
souldjer777
Junior Member
 
Join Date: Jul 2014
Posts: 1
Default Thank You!!! Samsung SSD 840 EVO PSID Reset TCG OPAL

I would like to personally thank you for fixing my issue 100%... This would have been the second Samsung SSD EVO that I bricked but you saved me with the Samsung TCG_Revert_Release.exe utility from the dropbox link above. I can now access my drive again... TCG Opal was locked - couldn't disable. Secure Erase was not even an available option in Samsung Magician. I tried everything from Active Data Studio, to Windows 7 Windows 8 format / delete partition / checkdisk / you name it... this was the ONLY thing that worked!

NOTE: You will need this utility to restore to factory settings and all data will be lost. But it's better than a paperweight!

First I downloaded the zip from the dropbox link above and extracted to my C: \temp\

Then I typed out the PSID of my Samsung SSD in notepad - the PSID label is on the ssd hard drive itself - PSID is extremely LONG - make sure you type it out correctly!

Next I connected my Samsung using BlacX by Termaltake via usb or esata connection and powered it up.

Finally - I ran the revert utility "tcg_revert_release.exe"

C: \Windows\system32>cd C: \

C: \>cd temp

C: \TEMP>tcg_revert_release.exe

Drive 0 - Primary Controller - - Master drive

Drive Model Number________________: [OCZ-AGILITY3]
Drive Serial Number_______________: [asdfasdfasdf]
Drive Firmware Revision Number____: [2.25]
Drive Type________________________: Fixed
Drive Size________________________: 90028302336 bytes
Drive 1 ID error

Drive 2 - Secondary Controller - - Master drive

Drive Model Number________________: [Samsung SSD 840 EVO 120GB]
Drive Serial Number_______________: [asdfasdfasdf]
Drive Firmware Revision Number____: [EXT0BB6Q]
Drive Type________________________: Fixed
Drive Size________________________: 120034123776 bytes
Drive 2 is TCG activated device.

Select a device you want to revert.(If you want to quit program, typing q.) : 2
TCG activate confirmed. And device is locked.
Please input a PSID : "YOUR PSID WILL GO HERE!!!"
Drive 2 : Revert success!

Drive 0 - Primary Controller - - Master drive

Drive Model Number________________: [OCZ-AGILITY3]
Drive Serial Number_______________: [asdfasdfasdf]
Drive Firmware Revision Number____: [2.25]
Drive Type________________________: Fixed
Drive Size________________________: 90028302336 bytes
Drive 1 ID error

Drive 2 - Secondary Controller - - Master drive

Drive Model Number________________: [Samsung SSD 840 EVO 120GB]
Drive Serial Number_______________: [asdfasdfasdf]
Drive Firmware Revision Number____: [EXT0BB6Q]
Drive Type________________________: Fixed
Drive Size________________________: 120034123776 bytes
Select a device you want to revert.(If you want to quit program, typing q.) : q

Now restart the Samsung Magician and you should see your SSD is now accessible!
souldjer777 is offline   Reply With Quote
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT -5. The time now is 02:55 PM.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.