Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/bin/bash
- # Script to wipe all of the SATA storage media in a computer
- # Absolutely, positively, do not run this script unless you want all of your data
- # to be gone.
- # Copyright 2019 Dalton Durst
- #
- # Permission is hereby granted, free of charge, to any person obtaining a copy
- # of this software and associated documentation files (the "Software"), to deal
- # in the Software without restriction, including without limitation the rights
- # to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
- # copies of the Software, and to permit persons to whom the Software is
- # furnished to do so, subject to the following conditions:
- #
- # The above copyright notice and this permission notice shall be included in all
- # copies or substantial portions of the Software.
- #
- # THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- # IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- # FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
- # AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- # LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- # OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
- # SOFTWARE.
- trap interrupt INT
- BOLD='\e[1m'
- RED='\e[91m'
- NORMAL='\e[0m'
- RED_BACKGROUND='\e[101m'
- GREEN_BACKGROUND='\e[42m'
- YELLOW_BACKGROUND='\e[43m'
- # Holds the drives which were not able to be wiped
- FAILED=''
- # Holds the drives which may be wiped via SANITIZE operations
- SANITIZE_DISKS=''
- # Holds the drives which may be wiped via SECURE ERASE
- SECURE_ERASE_DISKS=''
- interrupt() {
- echo -e "${RED_BACKGROUND} ${NORMAL}"
- echo 'Canceled. Press Enter to power down.'
- enter_to_off
- }
- success() {
- echo -e "${GREEN_BACKGROUND} ${NORMAL}"
- echo -e 'Done! Press Enter to power down.'
- enter_to_off
- }
- enter_to_off() {
- read
- sudo poweroff
- }
- wait_for_idle() {
- GO=true
- while $GO; do
- sudo hdparm --sanitize-status "$1" |grep State
- if [[ `sudo hdparm --sanitize-status "$1"` =~ 'SD0' ]]; then
- GO=false
- fi
- sleep 1
- done
- }
- add_failure() {
- FAILED="$FAILED $1"
- }
- get_features() {
- sudo hdparm -I "$1"
- }
- show_specs() {
- sudo fdisk -l "$1"
- sudo hdparm -i "$1" | grep Model
- }
- echo "The following drives are installed in the system:"
- lsblk -lbd -o NAME,SIZE
- echo ''
- while read DISK; do
- eval "$DISK"
- SUPPORTED_FEATURES=`get_features $NAME`
- if [ $SIZE -gt 50000000000 ]; then
- if [[ ! $SUPPORTED_FEATURES =~ 'SANITIZE' ]]; then
- echo -e "${RED}${NAME} does not support the SANITIZE feature set.${NORMAL}"
- SECURE_ERASE_DISKS="$SECURE_ERASE_DISKS $NAME"
- continue
- fi
- SANITIZE_DISKS="$SANITIZE_DISKS $NAME"
- fi
- done < <(lsblk -bdnpP -o NAME,SIZE)
- if [[ -z $SANITIZE_DISKS ]] && [[ -z $SECURE_ERASE_DISKS ]]; then
- echo -e "${RED}No disks selected for wiping.${NORMAL}"
- interrupt || exit
- fi
- echo ''
- echo 'The following disks will be erased:'
- echo ''
- echo 'With SANITIZE operations:'
- for DISK in $SANITIZE_DISKS; do
- show_specs "$DISK"
- done
- echo ''
- echo 'With SECURE ERASE operations:'
- for DISK in $SECURE_ERASE_DISKS; do
- show_specs "$DISK"
- done
- echo ''
- echo "Press Control-C within the next 30 seconds to cancel, or press Enter to continue"
- read -t 30
- echo ''
- SUCCESSFUL=''
- FAILED=''
- for DISK in $SANITIZE_DISKS; do
- ADD_DISK=false
- SUPPORTED_FEATURES=`get_features $DISK`
- if [[ $SUPPORTED_FEATURES =~ 'CRYPTO_SCRAMBLE_EXT' ]]; then
- echo "Erasing $DISK with SANITIZE CRYPTOGRAPHIC SCRAMBLE"
- sudo hdparm --yes-i-know-what-i-am-doing --sanitize-crypto-scramble "$DISK" && ADD_DISK=true
- wait_for_idle "$DISK"
- ADD_DISK=true
- fi
- if [[ $SUPPORTED_FEATURES =~ 'BLOCK_ERASE_EXT' ]]; then
- echo "Erasing $DISK with SANITIZE BLOCK ERASE"
- sudo hdparm --yes-i-know-what-i-am-doing --sanitize-block-erase "$DISK" && ADD_DISK=true
- wait_for_idle "$DISK"
- fi
- if $ADD_DISK; then
- echo "Successfully wiped $DISK"
- SUCCESSFUL="$SUCCESSFUL $DISK"
- else
- echo -e "${RED}${BOLD}Did not find a suitable method to wipe ${DISK}${NORMAL}"
- add_failure $DISK
- fi
- done
- for DISK in $SECURE_ERASE_DISKS; do
- if [[ ! `get_features $DISK | grep frozen` =~ 'not' ]]; then
- # Disk is frozen
- echo -e "${YELLOW_BACKGROUND} ${NORMAL}\n"
- echo "$DISK is frozen. We will now suspend the PC to attempt to unfreeze it."
- echo "After the PC is suspended, please wake it up yourself then press Enter again."
- echo "Press Enter now to suspend the PC."
- read && sudo systemctl suspend
- sleep 10
- echo "Waiting for you to press Enter again..."
- read || interrupt
- if [[ ! `get_features $DISK | grep frozen` =~ 'not' ]]; then
- echo "${RED}Disk is still frozen. I will not be able to wipe this disk.${NORMAL}"
- add_failure $DISK
- continue
- fi
- fi
- echo "Setting security password on $DISK to 'Eins'"
- if [[ ! `sudo hdparm --user-master u --security-set-pass Eins $DISK` ]]; then
- echo -e "${YELLOW_BACKGROUND}FAILED TO SET DRIVE PASSWORD ON DISK ${DISK}${NORMAL}"
- add_failure $DISK
- continue
- fi
- echo "Wiping $DISK with SATA Secure Erase"
- if [[ ! `sudo hdparm --user-master u --security-erase Eins $DISK` ]]; then
- echo -e "${YELLOW_BACKGROUND}FAILED TO SECURE ERASE ${DISK}${NORMAL}"
- echo "The drive password is currently 'Eins', you will need to reset it."
- echo "Press Enter to continue."
- read
- continue
- fi
- echo "Successfully wiped $DISK"
- SUCCESSFUL="$SUCCESSFUL $DISK"
- done
- echo "Wiped the following disks: $SUCCESSFUL"
- if [[ -n "$FAILED" ]]; then
- echo -e "${RED}I WAS UNABLE TO WIPE THE FOLLOWING DISKS${NORMAL}"
- echo "$FAILED"
- fi
- success
- [[ -n $SANITIZE_DISKS ]] && echo "The PC may fail to power off automatically. If so, you may force power off."
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement