11

I have a Samsung 960 EVO from 2016ish (I think) and a year or so ago I built a new computer. I bought a 2 TB SSD, so I wasn't too interested in my 512 GB. The drive was encrypted with BitLocker using the SSD encryption. Everything worked fine.

Fast forward to last week, I wanted to use the drive or at least know I could safely discard the drive. I wanted to take one last poke at the data to get some affirmation that the data was not retrievable so I've been trying to use Samsung Magician's "Secure Erase". The UEFI version reported that it couldn't do it. Ok, I then tried nvme-cli on Debian which reported access denied. I finally tried the legacy boot USB which finally said that it couldn't do it because the drive was encrypted and that I needed to decrypt it first.

I may well have left BitLocker in a "locked" state, since I figured was fine since I already moved the data and had been running for some time. I understand UEFI or other mechanisms can "freeze" a drive, but that wasn't the case here as no info method reported the frozen state. I've since installed it in another PC, created a partition, put data on it, etc. and nothing else seems to care.

To be clear, since I originally used TPM which should be the encryption key manager, and I have since cleared the old TPM, I'm not REALLY worried about the data. This is more of a noodle scratcher than anything.

I couldn't find any search result hits for the "access denied" message I was getting, so I had nothing to go on until I used the legacy boot image where it reported it was encrypted and needed to be decrypted.

Can anyone explain my current SSD state and tell me what my options are?

I want the option of encryption in the future, so should I just send it to the shredder? It does have 3364 "Media and Data Integrity Errors" and 27,635 "Error Information Log Entries" but they hadn't been increasing. I'm only at 38 TBw or so...

*** update to add SMART log...anyone want to help me interpret these? The errors make me worry about using it, but there are no other flags.

SMART/Health Information (NVMe Log 0x02)
Critical Warning:                   0x00
Temperature:                        35 Celsius
Available Spare:                    100%
Available Spare Threshold:          10%
Percentage Used:                    8%
Data Units Read:                    61,845,017 [31.6 TB]
Data Units Written:                 73,198,493 [37.4 TB]
Host Read Commands:                 1,122,472,181
Host Write Commands:                1,784,178,910
Controller Busy Time:               7,489
Power Cycles:                       234
Power On Hours:                     28,361
Unsafe Shutdowns:                   164
Media and Data Integrity Errors:    3,364
Error Information Log Entries:      27,634
Warning  Comp. Temperature Time:    0
Critical Comp. Temperature Time:    0
Temperature Sensor 1:               35 Celsius
Temperature Sensor 2:               41 Celsius
ᄂ ᄀ
  • 4,187
Brian
  • 225

1 Answers1

24

BitLocker in software mode wouldn't cause such problems. It might be that you've used BitLocker in hardware mode (which used to be the default mode in certain older Windows versions), that is, had it activate the TCG OPAL encryption feature built-in to the SSD itself.

Remove the SSD and find the PSID key on its label sticker. Insert the SSD again, then perform a "PSID revert" using either sedutil (available on Linux and Windows; instructions), or maybe the ESET Encryption Recovery tool. Internet says that Samsung Magician is supposed to also have this feature.

Doing this will completely erase the disk and deactivate OPAL encryption.

(If there is no sticker anymore or the PSID is illegible, throw the SSD out.)

grawity
  • 501,077