90-000243-A
Copyright © 2011 by Astek Corporation. All rights reserved
9
3. Cryptographic Erase
The Astek A41606-ENC, D60-6A has a sanitization algorithm that will sanitize up to 16 Self-
Encrypting Drives (SED) that support the Cryptographic Erase Functions “Key Erase”.
Key Erase” (SBC-3, Sections 5.24/2/4
Block Erase” (SBC-3, Section 5.24.2.3
To erase data from drives connect to the CLI using the serial port with connection speed of 38400
and parameters 8-N-1. A password is needed;
the default is “expander”
The “santest” CLI command starts the erase process. It changes the encryption key stored in the
crypto drive, thus effectively performing an instant erase then does a block erase of the drive.
Cryptographic Erase “Key Erase” Command Line Interface (CLI) commands.
CLI Functions
Command
Description
Read or Write
All Drives
rwAll [Write(0) | Read (1)]
rwAll 0:
Writes 512 Bytes of an A5A5 repeating
pattern to LUN 0 of each drives in the
system using SCSI Block level
commands.
rwAll 1
Reads 512 Bytes from LUN 0 of each
drives in the system using SCSI Block
level commands.
Start Sanitization
santest
: Start the entire Sanitization process
-
Disable Host-Side Phys
-
Perform Sanitize Key Erase on all drives
-
Prints first 512B of LUN 0 from each drives
-
Block Erase all drives in the systems
-
Prints test results
Sanitize LED
gpioState [On(0) | OFF(1) | BLINK(2)
| BLINK_FAST(3)]
Verify the Sanitization LED is operating properly
Disable Host Phys
SSpDisablePhy
Disables the Host-Side(PC) SAS ports
Sanitize Key
Erase
SSpKeyErase [drive-sasAddrHigh(H)
drive-sasAddrLow(H)
timeOutInSec(d)]
Issues the SBC-3 Cryptographic command to change
the encryption key stored in the crypto drive, thus
effectively performing an instant erase.
Writes LBA(0)
SSpBlockWrite [drive-sasAddrHigh(H)
drive-sasAddrLow(H)
WriteFlag(d)
timeOutInSec(d)]
WriteFlag [0:0xA5 pattern |
1: Block Erase Verification
String]
Writes 512 Bytes of an A5A5 repeating pattern to
LUN 0 of a specified drive
Sanitize Block
Erase
SSpBlockErase [drive-sasAddrHigh(H)
drive-sasAddrLow(H)
timeOutInSec(d)]
Block erase an entire drive
Reads LBA(0)
SSpBlockRead [drive-sasAddrHigh(H)
drive-sasAddrLow(H)
timeOutInSec(d)]
Reads 512 Bytes from LUN 0 of a specified drive
Request Sense
SSpRequestSense [drive-sasAddrHigh(H)
drive-sasAddrLow(H)
timeOutInSec(d)]
Issues the SCSI Request Sense Command