PSID Revert operation failed

SOLVED
Kilobyte Kid

PSID Revert operation failed

My old PC is dying, so i removed my Crucial SSD and installed it in my new PC. The SSD was/is Bitlocker encrypted. (I still have the Recovery Key.)
Unfortunately Windows (on the new PC) cannot initialize the drive. Nor can i do a PSID revert. Data loss is not an issue, since i have a backup.

cannotInitialize.pngCSE-SMART.pngCSE-Sanitize.pngCSE-PSIDrevert.pngMSE-CLI.pngSEDUtil.png

What kind of issue am i facing? Any help would be welcome :-)

8 Replies
JEDEC Jedi

Re: PSID Revert operation failed

I don't use Windows and I haven't had much experience with hardware encrypted devices.   I'm assuming you have this system configured correctly to perform the commands in your screenshots and all the prerequisites have been met as identified in the Crucial Storage Executive screenshots you provided (locked SSD is on an AHCI enabled non-RAID controller).     In your screenshot for the sedutil, you should have used the   "--scan" option which would list your drives and whether they support this type of encryption (second column will be "No" if unsupported).   Assuming your commands for sedutil were entered correctly it appears it is not using compatible encryption.

 

 

I wonder if the drive may be encrypted or locked using ATA Security methods.   I'm not sure how you check or disable it using Windows.   If you want some instructions to do this using Knoppix (a free Live USB bootable Linux distro) let me know and I'll provide instructions.

 

 

 

Kilobyte Kid

Re: PSID Revert operation failed

Thanks for your reply!

I tried Linux too; hdparm won't unlock the SSD either. I also tried booting the SED Util Rescue system... same results as SED Util on Windows.
I'm getting pretty desperate, but i don't wanna give up yet. Fingers crossed. Data loss is certainly not an issue.


Maybe MBR issues? But i thought a PSID revert can be done at any (locked) state the drive is in. As long as you enter the correct PSID chars.

JEDEC Jedi

Re: PSID Revert operation failed

 

I don't have much experience with hardware encryption and am only now investigating options for some personal systems.  I believe the PSID Reset will only work on the newer SSDs employing Opal 2.  I'm not sure if it will revert older types of encryption such Opal 1 or a security lock using ATA Security.

 

Another user posted on these forums that Windows 10 would not see their SSD when it was using a GPT partition, so maybe the partition type on the second drive needs to match the boot drive?

 

Have you tried connecting this SSD using a USB Adapter to see if Windows might treat it differently?

 

Using Linux, did you try to repartition the drive or use "dd" to erase it?  The drive must have all volumes unmounted for these commands to work.  Just because you were using BitLocker doesn't mean it was actually using hardware encryption (or the latest version).

 

From your screenshots I don't believe your SSD is using the Opal2 encryption standard as evidenced by the results of sedutil --query.   A sedutil --scan  may be easier to tell.

 

Use Linux and hdparm to get the details on the SSD, use:

 

sudo  hdparm  -I   /dev/sdX

 

 where "sdX" is your SSD and where you must substitute the correct designation in place of the "X".  To identify the Linux drive designation for your SSD, you can use any of the following to assist you: 

sudo    lsblk   -f

sudo    fdisk   -l

sudo    smartctl   --scan
sudo    smartctl   -i   /dev/sdX

These commands will provide drive identification for all connected drives with the second smartctl  command providing you the model & serial# of the drive for confirmation.

 

Examine the output of the "hdparm -I" command & look under the "Command/features" section to see if the "Security Mode Feature Set" is enabled.   Also check under the "Security" section whether  a password is "Enabled" and whether the SSD is "Locked".    If these are enabled then ATA Security Mode is active.   Check to see if the "Master Password Revision Code = 65534"  shows the "65534" value.  If it shows another value, then the ATA Security Master Password has been set and may interfere with unlocking the ATA Security Mode.    Also see if the last line of output says "Checksum: correct".   Are any other items listed significant?

 

If ATA Security is not enabled and it doesn't appear Opal2 security is being used, then the drive may be only using software encryption which Linux should be able to overwrite if the drive is in working order.

 

While booted from Linux, connect the SSD using USB and wait a few seconds.   Using a terminal issue the following command to see if any errors are being reported when the SSD is connected:

 

sudo   dmesg   |   tail

 

If you cannot connect the drive using USB, then you will have to scroll through the  dmesg  or kernel logs  or  using   journalctl  to find where the kernel  trys to communicate & initialize the SSD.  It is much easier to find using USB.

sudo   dmesg  -H

sudo dmesg | less
sudo journalctl -b

Use the arrow keys and Page Up/Down to scroll through the logs.  Using dmesg you may want to start at the end of the log by pressing the "End" key if the log contains information on more than one session.

 

Using Linux you can check the partition layout using the following commands (gdisk can sometimes provide more information for GPT partitions):

 

sudo   fdisk  -l   /dev/sdX

sudo  gdisk  -l   /dev/sdX

 

 

If you want to save the output of any of these commands you can do so by adding either of the following to the end of each command listed above:

 

  |    tee  -a   ~/name-of-file.txt

  >   ~/name-of-file.txt

 

The files will be stored in the Home folder (give them unique names) and can be copied to your Windows drive.  The first version allows you to see the output of the command on the screen as well as write it to a file.   The second version will produce no output on the screen.

 

You can use fdisk  or gdisk to repartition the drives or you can use "dd" to destroy the partitions and any software encryption on the drive (just make sure you have identified the proper designation for your SSD or you will lose data on your good drives):

 

sudo  fdisk  /dev/sdX

sudo  gdisk  /dev/sdX

sudo  dd  if=/dev/zero  of=/dev/sdX   bs=1M  count=1000

 

You may need to unmount volumes from your SSD in order for these commands to destroy the partitions/encryption:

 

sudo   umount   /dev/sdX{1..9}

  

I know Knoppix has all of these commands installed, but other distributions or Live CDs may not.

JEDEC Jedi

Re: PSID Revert operation failed

PSID Revert should work on M550 model but you cannot use it in order to unlock the drive locked using ATA Security.

 

@Br1ck3dSSD, on your old PC were you using BitLocker unlock screen?

Were you using any other unlock screen like the unlock screen triggered by the BIOS?

You said that your old PC is dying. Provided that would be possible, did you try to put the drive in your old PC and unlock the drive?

______________________________________

FAQs and Top Forum Solutions
Did a user help you? Say thanks by giving Kudos!
How do I know what memory to buy?
Still need help? Contact Crucial Customer Service
Remember to regularly backup your important data!

Highlighted
Kilobyte Kid

Re: PSID Revert operation failed

"Have you tried connecting this SSD using a USB Adapter to see if Windows might treat it differently?"

@HWTech, Windows also cannot initialize the SSD via an USB adapter.
Should it make any difference whether the SSD is connected to a SATA port or connected via USB?

As the screenshot (in my previous post) shows, the SSD is locked.

Security: 
	Master password revision code = 65534
		supported
		enabled
		locked
	not	frozen
	not	expired: security count
		supported: enhanced erase
	Security level high
	2min for SECURITY ERASE UNIT. 2min for ENHANCED SECURITY ERASE UNIT. 

Unfortunately the only password i've got is the Bitlocker recovery key. The following won't work.

sudo hdparm --user-master m --security-erase-enhanced PASS /dev/sda  

 

JEDEC Jedi

Re: PSID Revert operation failed

 Windows can treat USB drives differently than internally connected drives because of the differences in the controllers.   Plus USB devices are removable.   USB controllers tend to block some drive commands as well.

 

FYI, your previous post never had the image approved.  Looking at your current post it appears the SSD is locked with ATA Security and no master password has been set.   ATA Security passwords are a maximum of 32 characters.  

 

Try issuing the "security-erase" and "security-erase-enhanced" using the "u"  option instead of "m" for "user-master".   If your BitLocker recovery key is 32bits or less use it.  I'm not sure how BitLocker works, but I'm assuming BitLocker took your password and converted it to a 32 character recovery key.

 

sudo   hdparm   --user-master  u  --security-erase-enhanced  PASS  /dev/sdX

sudo   hdparm   --user-master  u  --security-erase  PASS  /dev/sdX

 

Where "PASS" is your BitLocker Recovery Key and "dev/sdX" is your locked SSD.

 

If this does not work, then I would offer two more suggestions.  Since it appears the master password is still the factory default you can try setting a master ATA password using a new password.  Then issue a "security-erase" or "security-erase-enhanced" using the "user-master  m" option with the new password.

sudo   hdparm   --user-master  m   --security-set-pass  NEWPASS  /dev/sdX

sudo   hdparm   --user-master  m  --security-erase  NEWPASS  /dev/sdX

sudo   hdparm   --user-master  m  --security-erase-enhanced  NEWPASS  /dev/sdX

You could also issue a "security-disabled" or "security-unlock"  using the new master password if you wanted to remove the user password or to retrieve data respectively.   

sudo   hdparm   --user-master  m  --security-disable  NEWPASS  /dev/sdX

sudo   hdparm   --user-master  m  --security-unlock  NEWPASS  /dev/sdX

If you set the master password do not forget it or the next time your SSD will be bricked if you are unable to use/remember the "--user-master   u" password.

 

The second option would be to insert the SSD into another older laptop (preferably an identical model as some BIOS treats the ATA password differently) so you could use your BitLocker password to unlock the drive, then disabling BitLocker on it. 

 

Does your current system's BIOS/UEFI settings allow changing the CSM setting?  Many times there are three options, with one being Legacy, a second setting is a hybrid setting, and the third is usually the most recent/advanced option.   If so and you are willing to risk this system & its boot drive, you might get lucky by removing the boot drive & changing the CSM to a legacy option and hope you can boot to the locked SSD and get a chance to enter your BitLocker password.

 

Here are a couple of very good links for understanding ATA Security.

 

Differences between user & master passwords:

http://www.admin-magazine.com/Archive/2014/19/Using-the-ATA-security-features-of-modern-hard-disks-a...

 

Technical specifications for ATA Security (page 3 has important information):

http://www.t13.org/documents/UploadedDocuments/docs2006/e05179r4-ACS-SecurityClarifications.pdf

 

NOTE:   Do not use "NULL"  or "" for setting a password until you research it completely.   I read something about one or both of those options being dangerous due to poor or buggy implementations of ATA Security.

 

Update:  Here is one reason not to use a NULL or blank ATA password, but there was another more fatal reasoning as well which I cannot locate at the moment.   

 

Kilobyte Kid

Re: PSID Revert operation failed

Thanks a lot! Smiley Happy


Yes, ATA Security passwords contain 32 characters at most. Apparently a Bitlocker recovery key is too long.

I found something interesting on the page you're linking to: "When I tried it again later on the same drive through a USB adapter, it let me password protect the... Maybe i had the same problem.


This did the trick, it defaults to USER. But i had to connect the SSD to a SATA port in another PC.

sudo hdparm --security-disable PASS /dev/sda

After that i could do:

sudo dd if=/dev/zero of=/dev/sda


After all, it seems that the SSD was ATA locked instead of BitLocker encrypted. But i know for sure that the SSD was in the middle of a Bitlocker decryption process when the unexpected shutdown occurred. Maybe i messed up things while trying to fix the problem myself before asking for help here. Thanks anyway. Your guidance did certainly help!

 

JEDEC Jedi

Re: PSID Revert operation failed

I'm glad you were able to get your SSD working again and thanks for providing the detailed update.

 

AFAIK only the ATA Secure Erase (or Sanitize or PSID reset) requires the SSD to be connected to an internal SATA controller.   Other ATA Security options (enable, unlock, disable) can usually be performed while connected using a USB to SATA adapter, but some adapters & USB controllers may block some of these commands.   The Crucial USB to SATA Adapter works fine for enabling, unlocking or disabling ATA Security features.