From afb496dc7355d630c544794f431caf141cd1850d Mon Sep 17 00:00:00 2001 From: coelner Date: Thu, 28 Jul 2022 22:05:41 +0200 Subject: [PATCH] cubietruck-hdd --- linux_hardening.md | 146 +++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 146 insertions(+) diff --git a/linux_hardening.md b/linux_hardening.md index b66123c..656b9a0 100644 --- a/linux_hardening.md +++ b/linux_hardening.md @@ -339,6 +339,7 @@ The following features can be selectively disabled via DCO: NCQ interface_power_management async_notification SSP ``` +deskimini proxmox ``` Model Family: Toshiba 2.5" HDD MQ01ABD... Device Model: TOSHIBA MQ01ABD100 @@ -534,6 +535,151 @@ SCT capabilities: (0x303d) SCT Status supported. SCT Feature Control supported. SCT Data Table supported. +``` +``` +root@cubietruck:~# smartctl -l scterc /dev/sda +smartctl 7.2 2020-12-30 r5155 [armv7l-linux-5.15.25-sunxi] (local build) +Copyright (C) 2002-20, Bruce Allen, Christian Franke, www.smartmontools.org + +SCT Error Recovery Control: + Read: Disabled + Write: Disabled + +root@cubietruck:~# hdparm --dco-identify /dev/sda + +/dev/sda: +DCO Checksum verified. +DCO Revision: 0x0001 +The following features can be selectively disabled via DCO: + Transfer modes: + mdma0 mdma1 mdma2 + udma0 udma1 udma2 udma3 udma4 udma5 udma6(?) + Real max sectors: 1465149168 + ATA command/feature sets: + SMART self_test error_log security AAM HPA 48_bit + (?): FUA selective_test conveyance_test write_read_verify + (?): WRITE_UNC_EXT + SATA command/feature sets: + (?): NCQ interface_power_management SSP + * SCT Features Control (AC4) + * SCT Data Tables (AC5) + unknown 206[12] (vendor specific) + unknown 206[13] (vendor specific) +Security: + Master password revision code = 65534 + supported + not enabled + not locked + not frozen + not expired: security count + supported: enhanced erase + 182min for SECURITY ERASE UNIT. 182min for ENHANCED SECURITY ERASE UNIT. +Logical Unit WWN Device Identifier: 5000c5002e9f2ea1 + NAA : 5 + IEEE OUI : 000c50 + Unique ID : 02e9f2ea1 + +root@cubietruck:~# hdparm -I /dev/sda [82/121] + +/dev/sda: + +ATA device, with non-removable media + Model Number: ST9750423AS + Serial Number: 5WS06X8A + Firmware Revision: 0001SDM1 + Transport: Serial +Standards: + Used: unknown (minor revision code 0x0029) + Supported: 8 7 6 5 + Likely used: 8 +Configuration: + Logical max current + cylinders 16383 16383 + heads 16 16 + sectors/track 63 63 + CHS current addressable sectors: 16514064 + LBA user addressable sectors: 268435455 + LBA48 user addressable sectors: 1465149168 + Logical Sector size: 512 bytes + Physical Sector size: 4096 bytes + Logical Sector-0 offset: 0 bytes + device size with M = 1024*1024: 715404 MBytes + device size with M = 1000*1000: 750156 MBytes (750 GB) + cache/buffer size = 16384 KBytes + Nominal Media Rotation Rate: 5466 +Capabilities: + LBA, IORDY(can be disabled) + Queue depth: 32 + Standby timer values: spec'd by Standard, no device specific minimum + R/W multiple sector transfer: Max = 16 Current = 16 + Advanced power management level: 192 + Recommended acoustic management value: 208, current value: 254 + DMA: mdma0 mdma1 mdma2 udma0 udma1 udma2 udma3 udma4 udma5 *udma6 + Cycle time: min=120ns recommended=120ns + PIO: pio0 pio1 pio2 pio3 pio4 + Cycle time: no flow control=120ns IORDY flow control=120ns +Commands/features: + Enabled Supported: + * SMART feature set + Security Mode feature set + * Power Management feature set + * Write cache + * Look-ahead + * Host Protected Area feature set + * WRITE_BUFFER command + * READ_BUFFER command + * NOP cmd + * DOWNLOAD_MICROCODE + * Advanced Power Management feature set + SET_MAX security extension + * Automatic Acoustic Management feature set + * 48-bit Address feature set + * Device Configuration Overlay feature set + * Mandatory FLUSH_CACHE + * FLUSH_CACHE_EXT + * SMART error logging + * SMART self-test + * General Purpose Logging feature set + * WRITE_{DMA|MULTIPLE}_FUA_EXT + * WRITE_DMA_QUEUED_FUA_EXT + * 64-bit World wide name + * IDLE_IMMEDIATE with UNLOAD + Write-Read-Verify feature set + * WRITE_UNCORRECTABLE_EXT command + * {READ,WRITE}_DMA_EXT_GPL commands + * Segmented DOWNLOAD_MICROCODE + * {READ,WRITE}_DMA_EXT_GPL commands + * Segmented DOWNLOAD_MICROCODE + * Gen1 signaling speed (1.5Gb/s) + * Gen2 signaling speed (3.0Gb/s) + * Native Command Queueing (NCQ) + * Host-initiated interface power management + * Phy event counters + * Idle-Unload when NCQ is active + Device-initiated interface power management + * Software settings preservation + * SMART Command Transport (SCT) feature set + * SCT Read/Write Long (AC1), obsolete + * SCT Write Same (AC2) + * SCT Error Recovery Control (AC3) + * SCT Features Control (AC4) + * SCT Data Tables (AC5) + unknown 206[12] (vendor specific) + unknown 206[13] (vendor specific) +Security: + Master password revision code = 65534 + supported + not enabled + not locked + not frozen + not expired: security count + supported: enhanced erase + 182min for SECURITY ERASE UNIT. 182min for ENHANCED SECURITY ERASE UNIT. +Logical Unit WWN Device Identifier: 5000c5002e9f2ea1 + NAA : 5 + IEEE OUI : 000c50 + Unique ID : 02e9f2ea1 +Checksum: correct ``` ERC settings: `smartctl -l scterc /dev/sda` or setting `smartctl -l scterc,150,150 /dev/sda`