DD doesn't cut it

14.10.2011 23:26

You can add the Seagate Momentus XT to the list of quirky storage devices.

I was cleaning a few disks in the usual way, by overwriting the data with zeros like this:

$ dd if=/dev/zero of=/dev/sdb bs=4096

I don't believe such data is recoverable by any ordinary means, so I don't do overkills like multiple passes with random garbage and such. However I am, as always, wary of broken software that doesn't do what it's told. So I check each disk afterwards by abusing the hexdump utility like this:

$ hd /dev/sdb
00000000  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
*

If all I get back are zeros, nicely collapsed into a single line like in the example above, then the data has been securely erased. I've never actually seen this test fail, until today. Imagine my surprise when hd revealed a good 10 MB chunk of data around 4 GB from the start of the 500 GB drive that should not be there.

I can't attribute this to anything else than some weird firmware bug. dd reported writing 500 GB data as expected. There was nothing in the kernel log. The boundaries of this unerased region didn't have any nice round numbers I could recognize. In the unerased data I could recognize parts of files from the disk (including a full copy of the GPL) although some parts seemed to be partially erased. For instance, one block would have 1 non-zero byte out of 8, another 3 bytes and so on. Again I could find no simple pattern.

A second dd command, targeted at the unerased region did remove the data for good, so it wasn't caused by some permanent error. Just to be sure I also did an ATA Secure Erase on the drive.

Weird. This is a hybrid drive with flash and magnetic storage which means it has a more complicated firmware than ordinary drives, so I guess it's expected to also have more bugs. In fact a search for "momentus xt firmware" reveals a bunch of problems, although none look similar to what I've stumbled upon. I'm just wondering how often such mishaps happen and go unnoticed when the buffer that should be written contains something more important than a bunch of zeros.

Posted by Tomaž | Categories: Digital

Add a new comment


(No HTML tags allowed. Separate paragraphs with a blank line.)