[SOLVED] Setting NVMe SSD state to frozen mode after waking from sleep

ThoughtBubble · 2024-07-14 07:11:46

I'm trying to follow the instructions on the Security page. I'm having trouble with step 5.6.
The script relies on the hdparm tool.

I've ran

hdparm -I /dev/nvme*

, but it gives an empty output for each drive/controller/partition.
After digging further in the forums, I've found that hdparm is not meant to work with NVMe drives and that I should be using nvme-cli.

But there are no instructions on how do set the frozen mode with this tool.

What do I do?

Last edited by ThoughtBubble (2024-07-28 01:56:11)

V1del · 2024-07-14 20:27:12

The vulnerability the frozen state is supposed to guard you against does not exist on nvme drives in the first place.

So generally speaking, you don't do anything. What threat vector are you envisioning/trying to protect against? even if you disabled secure erase, to trigger a secure erase root would be necessary as would be to disable or reactivate the relevant functionality.

FWIW the accompanying section would be: https://wiki.archlinux.org/title/Solid_ … NVMe_drive

Last edited by V1del (2024-07-14 20:34:15)

nl6720 · 2024-07-15 10:43:22

The ATA command SECURITY FREEZE LOCK and the frozen mode (SEC2 state) are ATA specific and there doesn't seem to be an equivalent NVMe command. Some system firmware have a non-standard "security freeze" for NVMe that is issued at the end of POST (see https://github.com/linux-nvme/nvme-cli/issues/816 & https://forums.lenovo.com/topic/findpos … 69/5167342 where people mention it preventing nvme format), but there doesn't seem to be a way to trigger that thing manually.

Arch Linux

#1 2024-07-14 07:11:46

[SOLVED] Setting NVMe SSD state to frozen mode after waking from sleep

#2 2024-07-14 20:27:12

Re: [SOLVED] Setting NVMe SSD state to frozen mode after waking from sleep

#3 2024-07-15 10:43:22

Re: [SOLVED] Setting NVMe SSD state to frozen mode after waking from sleep

Board footer