Secure Erasing 840 Evo E-Drive - can it be done?

Toggle sidebar Toggle sidebar
J

Jovec

Senior member
Feb 24, 2008
579
2
81
Replaced a 840 Evo in a system that was using Bitlocker encryption. I want to re-purpose the 840 Evo but it seems I can no longer use the Secure Erase function from Magician, DOS, or ROG bios.

Any ideas?

Solved

Summary: Samsung's Evo SSDs with EXT0BB6Q firmware added support for TCG Opal and eDrive encryption. Enabling this is done through the Samsung Magician software. The default state looks like this:



Step 1: Set the drive state to "Ready to Enable"



Step 2: Install Windows 8. eDrive mode cannot be activated on an existing OS install. After a successful install, eDrive should be activated and look like this:



At this point, Bitlocker is not activated and the SSD is not user encrypted, however the drive no longer accepts standard security commands and as such, can no longer be Secure Erased. Should you wish to use Bitlocker with eDrive, this is the point to enable it in Windows.



The drive cannot be Secure Erased via Magician as a non-OS drive, via a Magician created USB boot stick, or via my Asus ROG BIOS.

Bitlocker can be turned on and off and used successfully with the Evo as an eDrive, but there a few things to point out here. It's best to think of Edrive mode and Bitlocker as two separate things even though they are meant to work together. One can enable eDrive without using Bitlocker (results in no encryption). One can use Bitlocker without enabling eDrive (results in software encryption). One can still create and delete partitions with eDrive mode Enabled and otherwise use the drive as normal.

In my case, I was specifically testing eDrive and Bitlocker and it took a user action to enable eDrive. If the user's Evo was unknowing in an "Ready to enable" eDrive state, then a Win8 install will change that state to Enabled automatically and silently (by default - you can change the registry during the install process to avoid this). Also, there can come a time when the Evo is no longer needed as an eDrive, and a Secure Erase is desired to restore performance prior to use in a different environment or even being sold.

Samsung's initial response was to have me contact Microsoft. Their second response wanted me to do a warranty replacement. I don't agree with either option. The Samsung Evo is a consumer level SSD using a feature on a consumer level OS. Samsung should provide a consumer level PSID revert utility.

It turns out they have one, but they don't make it public. Here is link to Samsung's PSID revert utility, with much thanks to Micrornd! Standard disclaimers apply. Use at your own risk. Note that using this tool will destroy any data on the Evo, so back up first.

https://dl.dropboxusercontent.com/u/62276273/Samsung PSID Revert.zip

I am not sure why they won't release it. A PSID revert does not allow one to access the encrypted data. A PSID revert also assumes physical access to the drive. Using the tool linked here, I was able to do a successful PSID revert. I didn't screen cap it, but the process can be seen in the PDF manual in the zip file. To my mind, the instructions are incomplete. The PSID revert will leave the eDrive state in "Ready to enable."



This will allow the Evo to automatically enable eDrive mode on the next Win8 install. If this is not what is desired, press the Disable button (reboot first required) so it looks like:

 
Last edited:

MoInSTL

Senior member
Jan 2, 2012
392
0
76
Did you make a bootable flash drive with secure erase and make the change in the BIOS to boot from it? What happens? What OS?

Try disconnecting all other drives and then try it.
 
J

john3850

Golden Member
Oct 19, 2002
1,436
21
81
I have only done it with the 830 and 840 only.
To run Secure Erase via Windows, the Samsung SSD must be installed as a secondary disk in your system and use Samsung Magician which will put the needed files on a usb flash drive for you.
Next you unlock the drive and follow the directions.
Be sure which number drive your going to se.
 

MoInSTL

Senior member
Jan 2, 2012
392
0
76
What do you mean that it must be installed as a secondary disk? I have used it on 830, 840 Pro and 840 EVO. In all cases, it was my C:/boot drive only attached to MB.
 
J

john3850

Golden Member
Oct 19, 2002
1,436
21
81
MoInSTL said:
What do you mean that it must be installed as a secondary disk? I have used it on 830, 840 Pro and 840 EVO. In all cases, it was my C:/boot drive only attached to MB.
Click to expand...

Your using a usb flash with installed Samsung files as your 1rst boot so you c: is your secondary.
That came from the Samsung help file and I always had a few SSDs when I did one a single se.
 
Last edited:

MoInSTL

Senior member
Jan 2, 2012
392
0
76
Do you have a link to that? It seems kind of odd to me. (Edit: Just read your updated post. You are correct, the USB drive is the first drive. But the way I read it was it was installed as a secondary drive. My other SSD is my second drive).

OP: Make sure you are typing SEGUI0 (That's zero, not an O).

I have never had to try it a few times. I found out early on, it can take a minute or two when it's unplugged and then plug it back in and then enter the command
 
Last edited:
J

john3850

Golden Member
Oct 19, 2002
1,436
21
81
OP: Make sure you are typing SEGUI0 (That's zero, not an O).
I wasted 2 hours on that the 1rst time I tried.
 
J

Jovec

Senior member
Feb 24, 2008
579
2
81
I appreciate the comments. I have used Samsung's Secure Erase from the Magician software and from a USB boot stick before.

The issue is due to enabling E-drive on the Evo, as referenced here: http://www.anandtech.com/show/7572/...vo-msata-rapid-for-840-pro-edrive-for-840-evo

Back when the 840 EVO was launched, Samsung promised that support for Windows 8's eDrive (hardware based encryption, click here to read more) would be coming shortly after the release via firmware update. It took Samsung a bit longer than expected but firmware EXT0BB6Q is now available and it brings support for TCG Opal 2.0 and IEEE 1667 (the required standards for eDrive). The update is available through Samsung's SSD Magician software but if you prefer the good old ISO update method, click here to get the ISO file.
Click to expand...

It appears that enabling this is irreversible. You can no longer change any of the drive's security options.



You can no longer secure erase.



There are two partitions I cannot erase via Disk Management (the 300MB and 100MB on Disk 1).



The drive still works however. Bitlocker is not enabled.

I'm debating trying to nuke the partitions from orbit (Linux), but I don't want to hose the drive.
 
Last edited:

MoInSTL

Senior member
Jan 2, 2012
392
0
76
Last edited:
J

Jovec

Senior member
Feb 24, 2008
579
2
81
MoInSTL said:
Below is a link to an easy way to delete EFI partitions. (Using Diskpart) Assuming you want to nuke Disk1.

If you have never used Diskpart, you may want to temporarily disconnect your other drives. If not, then triple check you are selecting the correct drive to clean.
http://www.winability.com/delete-protected-efi-disk-partition/

Short version
http://blogchampiondotcom.wordpress...rtition-on-a-drive-from-a-windows-8-computer/
Click to expand...

I went ahead and deleted the EFI partitions but the result is the same.

To be clear this is an issue with the eDrive standard and/or how Samsung implements it. From Magician help:

Note: Class 0, TCG Opal and Encrypted Drive cannot be enabled simultaneously. Only one mode can be enabled at a time and all other modes must be disabled. Secure Erase cannot be done on Encrypted Drive or TCG Opal enabled SSD.
Click to expand...

I don't recall this warning during the process, though it's possible I missed it. If anything then this thread is a warning that you cannot revert from TCP Opal and eDrive modes on Samsung SSDs.
 
Last edited:

Hellhammer

AnandTech Emeritus
Apr 25, 2011
701
4
81
Have you tried disabling encryption through Windows 8's BitLocker? There should be an option to disable BitLocker.
 
J

Jovec

Senior member
Feb 24, 2008
579
2
81
Hellhammer said:
Have you tried disabling encryption through Windows 8's BitLocker? There should be an option to disable BitLocker.
Click to expand...

Yes, Bitlocker was disabled. In fact, I don't think Bitlocker was ever enabled on this drive (it was on another). eDrive mode on the drive gets enabled before the actual bitlocker encryption takes place. The rough process is as follows:

1) Use Magician to set Encrypted Drive mode to "Ready to Enable"
2) Install fresh Win8. At this point Encrypted Drive mode is set to Enable (see SS above) and cannot be reverted and secure erase no longer works.
3) Enable Bitlocker encryption.
 
Last edited:
J

Jovec

Senior member
Feb 24, 2008
579
2
81
The drive works (and always did). I deleted the EFI partitions, but before that I could still manage the rest of the disk.

The issue is that enabling eDrive appears to be irreversible. Think of eDrive and Bitlocker as two separate things. eDrive mode on the SSD can be enabled whether or not you use Bitlocker, and of course Bitlocker can be used with or without eDrive. If I flipped the "switch" on an Evo, gave it to you, and you installed Win8 Pro, eDrive mode will be enabled even if you never planned to use Bitlocker. At that point, you can no longer SE the drive.

Or maybe you used the drive as a Bitlocker eDrive for a year or two, then replace it. You could disable Bitlocker and use the drive elsewhere, but you couldn't SE the drive anymore.

A PSID reset seems to be what's needed. You'd think it would be a utility built into Magician or a boot disc it could create, but no such luck. I'm trying to contact Samsung for a PSID tool. I'm assuming that PSID reset utilities are manufacturer specific.

I'll look into Parted Magic, but I strongly suspect that when eDrive is enabled the drive itself prevents access to whatever is needed to SE (presumably the keys). Recall that I cannot SE from Windows (as a non-OS drive), boot the Samsung boot disc, or even from my Asus Rog BIOS.
 
Last edited:
I

Ig

Senior member
Mar 29, 2001
236
0
0
You should contact some major tech sites (ones that review ssds and such; looking at you Hellhammer ) and see if you can get them to try and replicate the issue. Seems like this could be a problem when buying a used SSD off ebay or craigslist, get a locked drive and can't do a SE.

Seems to also prevent the use of all ATA security commands (Secure Erase/bios disk password). And Lenovo shipping out Win7 laptops with it already enabled.
https://forums.lenovo.com/t5/T400-T...k-Password-cannot-be-set-in-Bios/td-p/1354729

Apparently there are 3rd party tools, but from the looks of it they are all selling it as part of their security packages.
 
J

Jovec

Senior member
Feb 24, 2008
579
2
81
Samsung's response:

Thank you for contacting Samsung.

Please do allow us to clarify that the PSID is in place to protect the password of the SSD. As such, data content would be irretrievable in the event that the SSD security password is forgotten/lost.

We wish to further explain that the PSID protects your data on the specific drive by executing a cryptographic erase process which returns the same drive to its original factory status/settings. This feature allows users to prevent access of data to any unauthorised persons.

In the event of forgotten password to a PSID-applied drive, TCG/OPAL users may contact their software vendor whereas eDRIVE users would need to contact Microsoft directly. If Bios is being utilised, the user would need to perform a reformat of the drive as a reset of the password may not be done.

We hope the above clarifies and do thank you for writing in to us.
Click to expand...
 
J

Jovec

Senior member
Feb 24, 2008
579
2
81
Since it's been 3 months, I hit up Samsung again, and got this response:

Dear Customer,

Thank you for contacting Samsung Support regarding your concerns and inquiries. We apologize for any inconvenience this may be causing you. Unfortunately the only way to disable the E-drive using the PSID is by doing a warranty exchange with our support team. It can only be done in house. Please reply and provide a copy of your Receipt or Invoice along with the following information to support@totalts.com:


1)Company Name
2) Name (First, Last)
3) Full Address (PO box is NOT accepted)
4) Email
5) Phone
6) Product Number
7) Serial Number
8) Detailed Reason for Exchange

Thank you again for contacting Samsung Support and have a good day.
Click to expand...

Still not what I am looking for, but in comes Micrornd to the rescue with a (unofficial) link to Samsung's PSID revert utility!

I will update and summarize in the first post.
 
I

Ig

Senior member
Mar 29, 2001
236
0
0
Wow, I'm suprised Lenovo support put out a public link to it considering how everyone seems to be trying to keep it a secret.
 
S

souldjer777

Junior Member
Jul 16, 2014
1
0
0
I would like to personally thank you for fixing my issue 100%... This would have been the second Samsung SSD EVO that I bricked but you saved me with the Samsung TCG_Revert_Release.exe utility from the dropbox link above. I can now access my drive again... TCG Opal was locked - couldn't disable. Secure Erase was not even an available option in Samsung Magician. I tried everything from Active Data Studio, to Windows 7 Windows 8 format / delete partition / checkdisk / you name it... this was the ONLY thing that worked!

NOTE: You will need this utility to restore to factory settings and all data will be lost. But it's better than a paperweight!

First I downloaded the zip from the dropbox link above and extracted to my C: \temp\

Then I typed out the PSID of my Samsung SSD in notepad - the PSID label is on the ssd hard drive itself - PSID is extremely LONG - make sure you type it out correctly!

Next I connected my Samsung using BlacX by Termaltake via usb or esata connection and powered it up.

Finally - I ran the revert utility "tcg_revert_release.exe"

C: \Windows\system32>cd C: \

C: \>cd temp

C: \TEMP>tcg_revert_release.exe

Drive 0 - Primary Controller - - Master drive

Drive Model Number________________: [OCZ-AGILITY3]
Drive Serial Number_______________: [asdfasdfasdf]
Drive Firmware Revision Number____: [2.25]
Drive Type________________________: Fixed
Drive Size________________________: 90028302336 bytes
Drive 1 ID error

Drive 2 - Secondary Controller - - Master drive

Drive Model Number________________: [Samsung SSD 840 EVO 120GB]
Drive Serial Number_______________: [asdfasdfasdf]
Drive Firmware Revision Number____: [EXT0BB6Q]
Drive Type________________________: Fixed
Drive Size________________________: 120034123776 bytes
Drive 2 is TCG activated device.

Select a device you want to revert.(If you want to quit program, typing q.) : 2
TCG activate confirmed. And device is locked.
Please input a PSID : "YOUR PSID WILL GO HERE!!!"
Drive 2 : Revert success!

Drive 0 - Primary Controller - - Master drive

Drive Model Number________________: [OCZ-AGILITY3]
Drive Serial Number_______________: [asdfasdfasdf]
Drive Firmware Revision Number____: [2.25]
Drive Type________________________: Fixed
Drive Size________________________: 90028302336 bytes
Drive 1 ID error

Drive 2 - Secondary Controller - - Master drive

Drive Model Number________________: [Samsung SSD 840 EVO 120GB]
Drive Serial Number_______________: [asdfasdfasdf]
Drive Firmware Revision Number____: [EXT0BB6Q]
Drive Type________________________: Fixed
Drive Size________________________: 120034123776 bytes
Select a device you want to revert.(If you want to quit program, typing q.) : q

Now restart the Samsung Magician and you should see your SSD is now accessible!
 
You must log in or register to reply here.

TRENDING THREADS

COMPANY
RESOURCES
FOLLOW
Top Bottom
sale-70-410-exam    | Exam-200-125-pdf    | we-sale-70-410-exam    | hot-sale-70-410-exam    | Latest-exam-700-603-Dumps    | Dumps-98-363-exams-date    | Certs-200-125-date    | Dumps-300-075-exams-date    | hot-sale-book-C8010-726-book    | Hot-Sale-200-310-Exam    | Exam-Description-200-310-dumps?    | hot-sale-book-200-125-book    | Latest-Updated-300-209-Exam    | Dumps-210-260-exams-date    | Download-200-125-Exam-PDF    | Exam-Description-300-101-dumps    | Certs-300-101-date    | Hot-Sale-300-075-Exam    | Latest-exam-200-125-Dumps    | Exam-Description-200-125-dumps    | Latest-Updated-300-075-Exam    | hot-sale-book-210-260-book    | Dumps-200-901-exams-date    | Certs-200-901-date    | Latest-exam-1Z0-062-Dumps    | Hot-Sale-1Z0-062-Exam    | Certs-CSSLP-date    | 100%-Pass-70-383-Exams    | Latest-JN0-360-real-exam-questions    | 100%-Pass-4A0-100-Real-Exam-Questions    | Dumps-300-135-exams-date    | Passed-200-105-Tech-Exams    | Latest-Updated-200-310-Exam    | Download-300-070-Exam-PDF    | Hot-Sale-JN0-360-Exam    | 100%-Pass-JN0-360-Exams    | 100%-Pass-JN0-360-Real-Exam-Questions    | Dumps-JN0-360-exams-date    | Exam-Description-1Z0-876-dumps    | Latest-exam-1Z0-876-Dumps    | Dumps-HPE0-Y53-exams-date    | 2017-Latest-HPE0-Y53-Exam    | 100%-Pass-HPE0-Y53-Real-Exam-Questions    | Pass-4A0-100-Exam    | Latest-4A0-100-Questions    | Dumps-98-365-exams-date    | 2017-Latest-98-365-Exam    | 100%-Pass-VCS-254-Exams    | 2017-Latest-VCS-273-Exam    | Dumps-200-355-exams-date    | 2017-Latest-300-320-Exam    | Pass-300-101-Exam    | 100%-Pass-300-115-Exams    |
http://www.portvapes.co.uk/    | http://www.portvapes.co.uk/    |