11

I have a Samsung 960 EVO from 2016ish (I think) and a year or so ago I built a new computer. I bought a 2 TB SSD, so I wasn't too interested in my 512 GB. The drive was encrypted with BitLocker using the SSD encryption. Everything worked fine.

Fast forward to last week, I wanted to use the drive or at least know I could safely discard the drive. I wanted to take one last poke at the data to get some affirmation that the data was not retrievable so I've been trying to use Samsung Magician's "Secure Erase". The UEFI version reported that it couldn't do it. Ok, I then tried nvme-cli on Debian which reported access denied. I finally tried the legacy boot USB which finally said that it couldn't do it because the drive was encrypted and that I needed to decrypt it first.

I may well have left BitLocker in a "locked" state, since I figured was fine since I already moved the data and had been running for some time. I understand UEFI or other mechanisms can "freeze" a drive, but that wasn't the case here as no info method reported the frozen state. I've since installed it in another PC, created a partition, put data on it, etc. and nothing else seems to care.

To be clear, since I originally used TPM which should be the encryption key manager, and I have since cleared the old TPM, I'm not REALLY worried about the data. This is more of a noodle scratcher than anything.

I couldn't find any search result hits for the "access denied" message I was getting, so I had nothing to go on until I used the legacy boot image where it reported it was encrypted and needed to be decrypted.

Can anyone explain my current SSD state and tell me what my options are?

I want the option of encryption in the future, so should I just send it to the shredder? It does have 3364 "Media and Data Integrity Errors" and 27,635 "Error Information Log Entries" but they hadn't been increasing. I'm only at 38 TBw or so...

*** update to add SMART log...anyone want to help me interpret these? The errors make me worry about using it, but there are no other flags.

SMART/Health Information (NVMe Log 0x02)
Critical Warning:                   0x00
Temperature:                        35 Celsius
Available Spare:                    100%
Available Spare Threshold:          10%
Percentage Used:                    8%
Data Units Read:                    61,845,017 [31.6 TB]
Data Units Written:                 73,198,493 [37.4 TB]
Host Read Commands:                 1,122,472,181
Host Write Commands:                1,784,178,910
Controller Busy Time:               7,489
Power Cycles:                       234
Power On Hours:                     28,361
Unsafe Shutdowns:                   164
Media and Data Integrity Errors:    3,364
Error Information Log Entries:      27,634
Warning  Comp. Temperature Time:    0
Critical Comp. Temperature Time:    0
Temperature Sensor 1:               35 Celsius
Temperature Sensor 2:               41 Celsius
Improve this question
4
  • 1
    If you're not worried about the data, you could try to format the drive and then do the Secure Erase. But with this number of errors, I'm not sure that this disk is worth the trouble.
    – harrymc
    Commented Feb 17, 2023 at 14:34
  • 1
    can we see smart screenshot (crystaldiskinfo for example - add to question)?
    – Joep van Steen
    Commented Feb 17, 2023 at 14:48
  • @harrymc see, I couldn't figure out what a bad number was either...it hasn't risen in a long time, but I haven't been using it either. I did already format the drive, and I can do all operations with it...just not secure erase with any tool. The PSID thing seems to be my next task
    – Brian
    Commented Feb 17, 2023 at 15:17
  • @JoepvanSteen I don't have it plugged in right now, but I will and update the question. Everything else looked unremarkable from what I could see.
    – Brian
    Commented Feb 17, 2023 at 15:18

1 Answer 1

Reset to default
24

BitLocker in software mode wouldn't cause such problems. It might be that you've used BitLocker in hardware mode (which used to be the default mode in certain older Windows versions), that is, had it activate the TCG OPAL encryption feature built-in to the SSD itself.

Remove the SSD and find the PSID key on its label sticker. Insert the SSD again, then perform a "PSID revert" using either sedutil (available on Linux and Windows; instructions), or maybe the ESET Encryption Recovery tool. Internet says that Samsung Magician is supposed to also have this feature.

Doing this will completely erase the disk and deactivate OPAL encryption.

(If there is no sticker anymore or the PSID is illegible, throw the SSD out.)

Improve this answer
2
  • 2
    this worked perfectly! I used the rescue64 uefi image from: github.com/Drive-Trust-Alliance/sedutil/wiki/… after that I loaded my host, and used nvme-cli to do both the crypto erase and user data erase. now it shows 0 usage. Thanks!!!
    – Brian
    Commented Feb 18, 2023 at 20:51
  • Thank you so much man! I have a 990 Pro encrypted and after hardware change I thought I bricked it. Even the local Samsung customer service didn't know what to do. I almost threw it in a trash bin until I saw your post.
    – Guanyuming He
    Commented Mar 7 at 7:54

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .