Provided by: openseachest_24.08.1-1_amd64 
NAME
openSeaChest_Security - manual page for openSeaChest_Security
==========================================================================================
DESCRIPTION
==========================================================================================
openSeaChest_Security - openSeaChest drive utilities - NVMe Enabled Copyright (c) 2014-2024
Seagate Technology LLC and/or its Affiliates, All Rights Reserved openSeaChest_Security Version:
3.4.1-8_0_1 X86_64 Build Date: Sep 19 2024 Today: 20240925T133707 User: current user
========================================================================================== Usage =====
openSeaChest_Security [-d <sg_device>] {arguments} {options}
Examples ========
openSeaChest_Security --scan openSeaChest_Security -d /dev/sg<#> -i openSeaChest_Security -d
/dev/sg<#> --SATInfo openSeaChest_Security -d /dev/sg<#> --llInfo openSeaChest_Security -d
/dev/sg<#> --ataSecurityInfo openSeaChest_Security -d /dev/sg<#> --ataSecureErase enhanced
openSeaChest_Security -d /dev/sg<#> --ataSecureErase enhanced --ataSecPassword
AutoATAWindowsString12345678901 --ataSecPassType user openSeaChest_Security -d /dev/sg<#>
--disableATASecPW --ataSecPassword AutoATAWindowsString12345678901 --ataSecPassType user
Return codes ============
Generic/Common exit codes 0 = No Error Found 1 = Error in command line options 2 = Invalid Device
Handle or Missing Device Handle 3 = Operation Failure 4 = Operation not supported 5 = Operation
Aborted 6 = File Path Not Found 7 = Cannot Open File 8 = File Already Exists 9 = Need Elevated
Privileges ---openSeaChest_Security specific exit codes--- 32 = Zero Validation Failure Anything
else = unknown error
Utility Options ===============
--csmiIgnorePort (Obsolete)
This option is obsolete and will be removed in future versions.
--csmiUsePort (Obsolete)
This option is obsolete and will be removed in future versions.
--csmiVerbose (Obsolete)
This option is obsolete and will be removed in future versions.
--echoCommandLine
Echo the command line entered into the utility on the screen.
--enableLegacyUSBPassthrough
Only use this option on old USB or IEEE1394 (Firewire) products that do not otherwise work with
the tool. This option will enable a trial and error method that attempts sending various ATA
Identify commands through vendor specific means. Because of this, certain products that may
respond in unintended ways since they may interpret these commands differently than the bridge
chip the command was designed for.
--forceATA
Using this option will force the current drive to be treated as a ATA drive. Only ATA commands
will be used to talk to the drive.
--forceATADMA
(SATA Only)
Using this option will force the tool to issue SAT commands to ATA device using the protocol set
to DMA whenever possible (on DMA commands). This option can be combined with --forceATA
--forceATAPIO
(SATA Only)
Using this option will force the tool to issue PIO commands to ATA device when possible. This
option can be combined with --forceATA
--forceATAUDMA
(SATA Only)
Using this option will force the tool to issue SAT commands to ATA device using the protocol set
to UDMA whenever possible (on DMA commands). This option can be combined with --forceATA
--forceSCSI
Using this option will force the current drive to be treated as a SCSI drive. Only SCSI commands
will be used to talk to the drive.
-h, --help
Show utility options and example usage (this output you see now) Please report bugs/suggestions to
seaboard@seagate.com. Include the output of --version information in the email.
--license
Display the Seagate End User License Agreement (EULA).
--modelMatch [model Number]
Use this option to run on all drives matching the provided model number. This option will provide
a closest match although an exact match is preferred. Ex: ST500 will match ST500LM0001
--noBanner
Use this option to suppress the text banner that displays each time openSeaChest is run.
--onlyFW [firmware revision]
Use this option to run on all drives matching the provided firmware revision. This option will
only do an exact match.
--onlySeagate
Use this option to match only Seagate drives for the options provided
-q, --quiet
Run openSeaChest_Security in quiet mode. This is the same as -v 0 or --verbose 0
-v [0-4], --verbose [0 | 1 | 2 | 3 | 4]
Show verbose information. Verbosity levels are: 0 - quiet 1 - default 2 - command descriptions 3 -
command descriptions and values 4 - command descriptions, values, and data buffers Example: -v 3
or --verbose 3
-V, --version
Show openSeaChest_Security version and copyright information & exit
Utility arguments =================
-d, --device [deviceHandle | all]
Use this option with most commands to specify the device handle on which to perform an operation.
Example: /dev/sg<#> CSMI device handles can be specified as <error<#><#><#>> To run across all
devices detected in the system, use the "all" argument instead of a device handle. Example: -d
all NOTE: The "all" argument is handled by running the
specified options on each drive detected in the
OS sequentially. For parallel operations, please use a script opening a separate instance for each
device handle.
--displayLBA [LBA]
This option will read and display the contents of the specified LBA to the screen. The display
format is hexadecimal with an ASCII translation on the side (when available).
-F, --scanFlags [option list]
Use this option to control the output from scan with the options listed below. Multiple options
can be combined.
ata - show only ATA (SATA) devices
usb - show only USB devices scsi - show only SCSI (SAS) devices nvme - show only NVMe devices
interfaceATA - show devices on an ATA interface interfaceUSB - show devices on a USB interface
interfaceSCSI - show devices on a SCSI or SAS interface interfaceNVME = show devices on an NVMe
interface sd - show sd device handles sgtosd - show the sd and sg device handle mapping ignoreCSMI
- do not scan for any CSMI devices allowDuplicates - allow drives with both CSMI and PD handles
to show up multiple times in the list
-i, --deviceInfo
Show information and features for the storage device
--llInfo
Dump low-level information about the device to assist with debugging.
-s, --scan
Scan the system and list all storage devices with logical /dev/sg<#> assignments. Shows model,
serial and firmware numbers. If your device is not listed on a scan immediately after booting,
then wait 10 seconds and run it again.
-S, --Scan
This option is the same as --scan or -s, however it will also perform a low level rescan to pick
up other devices. This low level rescan may wake devices from low power states and may cause the
OS to re-enumerate them. Use this option when a device is plugged in and not discovered in a
normal scan. NOTE: A low-level rescan may not be available on all interfaces or all OSs. The
low-level rescan is not guaranteed to find additional devices in the system when the device is
unable to come to a ready state.
--SATInfo
Displays SATA device information on any interface using both SCSI Inquiry / VPD / Log reported
data (translated according to SAT) and the ATA Identify / Log reported data.
--testUnitReady
Issues a SCSI Test Unit Ready command and displays the status. If the drive is not ready, the
sense key, asc, ascq, and fru will be displayed and a human readable translation from the SPC spec
will be displayed if one is available.
--fastDiscovery
Use this option
to issue a fast scan on the specified drive.
--zeroVerify [full | quick]
Use this option to verify drive content, whether it's set to zero or not. This operation will
read user accessible address and validate if content at that address is zero or not. Validation
modes:
full - Complete drive will be scanned for verification. quick - 0.1% of total capacity will be
scanned for ID and OD validation along with
2 random addresses from 10000 equal size sections each.
SATA Only: ========= --ataSATsecurityProtocol [enable | disable] (SATA only)
This option can be used to force enable or disable using the ATA security protocol as specified in
the SAT specification. By default, the tool will use this method when it is supported to allow
the SATL to understand and manage the security commands being performed and prevent other issues.
--ataSecFreeze
(SATA only)
This option will send the ATA security freezelock command to a device. This command prevents all
other ATA security commands from being processed until the next reset or power cycle.
--ataSecPassword ["ASCII password" | SeaChest | empty]
(SATA only)
Use this option to specify a password to use with an ATA security operation. If specifying a
password with spaces, quotes must be used. If SeaChest is given, the default SeaChest password
will be used. If empty is given, an empty password will be used. Examples:
"This is a valid password" ThisIsAlsoValid "This password uses \"quotes\" "This password is
\/\/eird"
--ataSecPassType [user | master]
(SATA only)
Use this option to specify if the password being given with the --ataSecPassword option is a user
or a master password. If this option is not provided, user is assumed.
--ataSecPWMod [byteswapped | zeropad | spacepad | fpad | leftAlign | rightAlign | uppercase | lowercase |
invertcase] (SATA Only)
Use this option to have the utility make modifications to the ATA security password to attempt
other various ways it may be sent by a system bios. These are not guaranteed to work, but may help
unlock a drive that was locked by a BIOS that encoded the password in a unique way. This option
can be presented multiple times to select multiple modificaitons. EX: --ataSecPWMod byteswapped
--ataSecPWMod invertcase
byteswapped - byteswaps the password. EX: blah -> lbha zeropad - zero pads the password if less
than 32 characters spacepad - space pads the password if less than 32 characters fpad - pads the
passwords with Fh (all 1's) if less than 32characters leftAlign - left aligns the password in the
buffer rightAlign - right aligns the password in the buffer uppercase - sends the password as all
uppercase lowercase - sends the password as all lowercase invertcase - switches uppercase for
lower, and lowercase for upper
--ataSecurityInfo
(SATA only)
This option shows information about the ATA security feature on ATA devices. It will show the
security state and flags related to the state, Master password capability & ID, time to perform a
secure erase, whether user data is encrypted, and whether sanitize can override ATA security to
repurpose a drive.
--disableATASecPW
(SATA Only)
Use this option to disable an ATA security password. If the drive is in high security mode,
either user or master password may be provided. In maximum security mode only the user password
can be provided to unlock and disable the ATA security password. The master may only be used to
erase the drive in maximum security mode. Use the --ataSecPassword option to provide the password
to use and --ataSecPassType to specify whether it is the user or master password. If a drive lost
power during an ATA Security Erase in openSeaChest_Security, then providing --ataSecPassword
SeaChest will use the default SeaChest password used during the erase.
To disable a password set by a BIOS, the BIOS must have set the
password in ASCII. A BIOS may choose to hash or modify the password typed in the configuration
however it chooses and this utility has no idea how to match what the BIOS has done so it may not
always work to remove a password set by something other than this utility.
--unlockATASec
(SATA only)
Use this option along with the --ataSecPassword option and --ataSecPassType option to unlock a
drive with the provided password. If the drive is in maximum security mode, only the user
password may be used to unlock the device.
Data Destructive Commands (Seagate only) ========================================
SATA Only: ========= --ataSecureErase [normal | enhanced] (SATA only) (Clear | Purge)
Use "normal" to start a standard ATA security erase (Clear) or "enhanced" to start an enhanced ATA
security erase (Purge).
ATA Security Erase takes a very long time to complete at approximately three (3) hours per
Tera-byte (HDD). Some Seagate SED models will perform a quick cryptographic erase in enhanced mode
and the time for completion is reported as 2 minutes by the drive, but will take only seconds.
This industry standard command begins by locking the drive with a temporary password which is
cleared at the end of the erasure. Do not run this command unless you have ample time to allow it
to run through to the end. If the procedure is interrupted prior to completion, then the drive
will remain in a locked state and you must manually restart from the beginning again. The tool
will attempt to automatically clear the password that was set upon failure. The default password
used by the tool is "SeaChest", plain ASCII letters without the quotes
* normal writes binary zeros (0) or ones (1) to all user data areas.
* enhanced will fill all user data areas and reallocated user data with a vendor specific pattern.
Some Seagate Instant Secure Erase will perform a cryptographic erase instead of an overwrite.
openSeaChest_Security - openSeaChest drive utilities - NVMe Enabled Copyright (c) 2014-2024
Seagate Technology LLC and/or its Affiliates, All Rights Reserved openSeaChest_Security Version:
3.4.1-8_0_1 X86_64 Build Date: Sep 19 2024 Today: 20240925T133707 User: current user
========================================================================================== Version Info
for openSeaChest_Security:
Utility Version: 3.4.1 opensea-common Version: 4.1.0 opensea-transport Version: 8.0.1
opensea-operations Version: 8.0.2 Build Date: Sep 19 2024 Compiled Architecture: X86_64 Detected
Endianness: Little Endian Compiler Used: GCC Compiler Version: 11.4.0 Operating System Type: Linux
Operating System Version: 5.15.153-1 Operating System Name: Ubuntu 22.04.4 LTS
SEE ALSO
The full documentation for openSeaChest_Security is maintained as a Texinfo manual. If the info and
openSeaChest_Security programs are properly installed at your site, the command
info openSeaChest_Security
should give you access to the complete manual.
openSeaChest_Security =======================... September 2024 OPENSEACHEST_SECURITY(1)