
WD Passport 4TB drives don't support WRITE SAME command - mschuster91
https://community.wd.com/t/invalid-command-operation-code-write-same/242463
======
tssva
SCSI standard only mandates WRITE SAME command support for host managed zoned
block devices, so unless the drive reports as one it is within spec.

~~~
eqvinox
(a) source? Only thing I could find is SBC-3 which lists everything as
optional, so kinda not helpful
[[https://t10.org/ftp/t10/document.05/05-344r0.pdf](https://t10.org/ftp/t10/document.05/05-344r0.pdf)]

(b) doesn't really matter, working reality trumps theoretical spec.

------
saagarjha
(I looked it up and WRITE SAME seems to be a SCSI command to essentially do a
"memset".)

------
mehrdadn
> In any case, it is a huge security issue, because file systems use this
> command to efficiently clear freed blocks to zeros.

Do file systems directly issue SCSI commands? I would've thought they tell the
storage driver to do something and the driver would do it with the most
efficient means available.

~~~
trasz
If not supporting WRITE SAME turns out to be a security issue, it's a bug in
the operating system.

And yes, some filesystems do - ESX, for example, uses what they call VAAI,
which is a set of optional (standardized) SCSI functionality, like WRITE SAME,
COMPARE AND SWAP (iirc), and server side copy.

~~~
jjoonathan
Ah, blame tennis, my favorite game!

Is there an alternative non-optional strategy for achieving secure delete (or
revocation semantics of some kind)? If not, this is a fundamental capability
that you can't paper over by slapping an abstraction layer on top any more
than you could turn a 1TB HDD into a 2TB HDD with an abstraction layer. If so,
it seems to me like the bug is very much in the hard drive / standards, not in
the operating system.

~~~
kllrnohj
> Is there an alternative non-optional strategy for achieving secure delete

Issue normal data writes of blocks that are filled with zeros. The same way
regular data makes it to the drive just fine will also of course work for data
that's all zeros.

~~~
pixl97
Would that work on a filesystem that supports sparse files?

~~~
throwaway373438
We're talking about the filesystem driver itself issuing the write.

The above is a discussion about whether the filesystem driver or the block
device driver would issue the SCSI commands.

This would never happen from userspace.

------
georgyo
I don't know if I am at all surprised that a USB hard-drive is failing to
implement all SCSI commands, even if it really should.

~~~
londons_explore
Isn't the USB mass storage spec just a pipe for sending SCSI commands?

~~~
duskwuff
USB Mass Storage has its own command set. Some newer USB3 adapters do allow
SCSI commands to be passed through using UASP, but not all do.

~~~
pavon
And even if they support it, it isn't always safe to do so. For example, I
have a WD Passport sitting on my desk that was bricked when I issued an ATA
secure erase command[1]. Don't assume that any SATA/SCSI commands are safe to
issue to USB drives unless you have researched it.

[1]
[https://ata.wiki.kernel.org/index.php/ATA_Secure_Erase](https://ata.wiki.kernel.org/index.php/ATA_Secure_Erase)

~~~
dreamlayers
Probably the USB interface keeps some data for its encryption function on a
part of the hard drive which it makes inaccessible. You erased the whole hard
drive, including that part, and probably caused the USB interface to
malfunction.

------
pkaye
Is there actually a SCSI drive in there or just a SATA drive with a USB bridge
chip using the USB mass storage spec and implementing some basic SCSI
commands?

~~~
laurentdc
It's a regular 2.5" hard drive, but the motherboard has a USB <> SATA bridge
and some glue logic on it already, probably to save space or costs. [0]

There's no SATA connector so you can't salvage the drive or the enclosure. But
there are SATA test points so you could wire it that way in theory. [1] [2]

Toshiba does the same, I found out the hard way after prying open one of them
to salvage a hard drive for my PS4

[0]
[https://www.youtube.com/watch?v=wP4l_L81NKw](https://www.youtube.com/watch?v=wP4l_L81NKw)

[1]
[https://forum.acelaboratory.com/download/file.php?id=999&mod...](https://forum.acelaboratory.com/download/file.php?id=999&mode=view)

[2]
[https://forum.acelaboratory.com/viewtopic.php?t=9174](https://forum.acelaboratory.com/viewtopic.php?t=9174)

~~~
LeifCarrotson
In the 3.5" space, "shucking" the enclosures off desktop USB storage devices
almost always reveals a SATA 3.5" hard drive.

Kind of surprising that the drive control board in the Passport has the USB
connector built right in. It makes me wonder a few things:

1\. What are volumes like for 2.5" spinning rust drives? I understand that the
vast majority of 3.5" drives go into servers, desktops, or storage devices
where they operate on a SATA bus, so the small volume of USB drives are most
cheaply made with a housing that uses the economies of scale of that industry
and adds a USB conversion motherboard. A decade ago, I would have said most
2.5" drives are used with SATA connectors in laptops, but who's buying laptops
that don't use solid state storage anymore?

2\. What's the cost difference for a drive control board with optional pads
for both SATA and USB, only one installed at a time, vs one that only supports
SATA?

3\. Can you pull off the control board and replace it with one from the same
lineup that uses SATA, like you would in a data recovery operation where some
IC on the board burned out? Or is the mechanical component also specialized?

------
gaius_baltar
I wonder if it is some kind of market segmentation choice. Does it even make
sense?

~~~
klodolph
It is absolutely a market segmentation choice.

~~~
topspin
How do you know this?

~~~
klodolph
It’s literally nothing more than a piece of firmware. WD is fairly aggressive
about market segmentation, and firmware differences (or settings) are a big
part of that.

~~~
cornishpixels
You should read the rest of the thread. It's likely a completely different
drive.

~~~
klodolph
A completely different drive which lacks a feature in firmware. WD creates
"completely different drives" which may have physical differences, but the
firmware is also a huge differentiator in the market.

------
znpy
i learnt not to trust wd passport drives.

I have a completely unusable 2tb drive at home that for some reason only gets
detected by macbooks, not from windows or linux pcs.

~~~
stOneskull
I've had similar experiences. Two that I couldn't access with anything, and
would've needed to pay a professional data recovery person if I wanted the
stuff. But I had two Hitachi ones which were similar too.

I now have a collection of internal drives in enclosures, and the first two,
out of old laptops, have now outlasted any external drive I've ever had.

Only 1 external drive I've had has been good in my life. That's a Seagate.
Dunno if it's a fluke but I'll just buy that brand in the future until I find
out.

------
speedgoose
If you rely on your USB hard drive to write zeros when you delete data, you
must stop and encrypt your data.

~~~
verbify
Encryption is not future proof (encryption that was previously thought of as
secure has been broken). Writing zeros is future proof.

~~~
lonelappde
Absolutely not. Writing random data is future proof.

~~~
jcrawfordor
1) Writing all zeros is generally considered more SSD-friendly than random
data. The exact reasons for this are complex in part because behavior of SSD
controllers varies significantly with all-zero blocks. But, while absolutely
inferior to using TRIM, there is reason to believe that writing all zeroes is
less likely to lead to premature wear than random data.

2) While it's been "common knowledge" since Gutmann that data from old writes
can be recovered (thus the advice to write multiple passes of random data),
this turns out to have been iffy in Gutmann's day and an outright myth today.
Multiple university teams have tried and failed to recover data using advanced
techniques (such as SEM tomography) after a single zero pass. Generally the
success rate for single bits is only slightly better than random chance.
Gutmann himself criticized multi-pass overwriting as "a kind of voodoo
incantation to banish evil spirits" and unnecessary today.

3) By far the larger concern in data recovery, for platters as well as SSDs,
is caches and remapping performed in the firmware. As a result, the ATA secure
erase command is the best way to destroy data because it allows the controller
to employ its special knowledge of the architecture of the drive. However, ATA
SE has been found to be extremely inconsistently implemented, especially on
consumer hard drives. The inability to reliably verify good completion of the
ATA SE is a major contributor towards preference for "self-encrypting" drives
in which ATA SE can be reliably achieved by clearing the internal crypto
information, and the US government's recommendation that drives can only
reliably be cleared by physical destruction. Physical destruction is probably
your best bet as well, because self-encrypting enterprise drives come at a
substantial price premium and you still lack insight into the quality of their
firmware. In other words, the price of a drive with an assured good ATA SE
implementation is probably higher than the price of a cheap drive and the one
you'll replace it with after you crush it.

~~~
rowanG077
in regards to 2):

It's true that multiple overwrites are overkill. But for SSD's it's has been
shown that it's possible to read data after a full overwrite [1].

[1]
[https://static.usenix.org/event/fast11/tech/full_papers/Wei....](https://static.usenix.org/event/fast11/tech/full_papers/Wei.pdf)

~~~
jcrawfordor
The data recovered in this paper, though, was recovered by direct readout of
flash chips in order to locate pages which had not actually been overwritten
at all. This is a very different kind of problem and attack than the one that
led to multiple-pass overwrites and falls into my point 3. The reason that
multi-pass overwriting can be effective on SSDs is because the increased
number of write operations encourages the SSD controller to remap more blocks
in and out of the page space which increases physical coverage of the
overwrite.

There _is_ a potential benefit to multi-pass random write to SSDs in this
case, but this paper shows exactly why you shouldn't do this: because the
improvement in security from random overwrites is stochastic at best and
cannot be guaranteed without full knowledge of the behavior of the controller,
as can be seen in the paper in the drives which continued to contain remnant
data after many passes.

As the paper finds, multi-pass overwrite is not a valid technique to sanitize
SSDs, and is still cargo-cult security.

~~~
rowanG077
Yes like I already said multi-pass is not a good way to sanitize SSDs. However
it does directly contradict your stance that data is irrecoverable after a
full-write. It doesn't really matter that it's done via a direct flash chip
readout. Literally anyone can do that. In comparison the cost of a SEM(which
can't read out platters) approaches a million dollars.

------
peter_d_sherman
Future OS'es (if using SCSI) should test to see if this works (easy test),
especially if using that SCSI to communicate with a VM host's (i.e., ESX's)
filesystem...

------
hoppla
So, a user can create a new file and get access to previously stored content
somehow?

