Hmmm,
was ist beim Unterschied zwischen User und Masterpasswort so schwer zu verstehen (Mal ganz simpel dargestellt und Sonderfälle weggelassen):
Das User Passwort ist für den normalen Benutzer des Rechners gedacht. Er muss dieses beim Start des Rechners eingeben, damit die Platte überhaupt den Motor startet und er arbeiten kann.
Das Master Passwort ist die nächst höhere Instanz. In der Regel kennt in großen Firmen nur die EDV Abteilung das Master Passwort. Dieses Master Passwort dient dazu, die Platte wieder nutzbar zu machen, wenn das User Passwort (was ja eigentlich auch nur der Benutzer kennen soll, der es vergeben hat) nicht mehr bekannt ist, weil der User das Unternehmen verlassen hat, oder es schlichtweg vergessen wurde, oder was auch immer....
Gibt man jetzt das Master Passwort ein, wird ein Secure Erase durchgeführt, alle Daten sind weg und die Platte ist wieder normal benutzbar.
Für diejenigen, die es genauer wollen, zitiere ich mal aus den ATA Specs (Das ganze Dokument hat 500 Seiten und ist eine hervorragende Möglichkeit seine Einschlafschwierigkeiten zu überwinden. Spätestens nach 1 Seite schläft man unwidderuflich ein
:
--------------------------------------------------------------------
4.20.2.1 Overview
The system has two types of passwords: User and Master.
4.20.2.2 User Password
The User password creates a lock to block execution of some commands, including preventing access to all user
data on the device. The User password may be used to unlock the device to allow access.
Security is enabled by setting a User password with the SECURITY SET PASSWORD command. When security
is enabled, the device is Locked (i.e., access to user data on the device is denied) after a power-on reset is
processed until a SECURITY UNLOCK command completes without error.
4.20.2.3 Master Password
The Master password is a password that may be used to unlock the device if the User password is lost or if an
administrator requires access (e.g., to repurpose a device).
A factory-installed Master password may be valid before an initial SECURITY SET PASSWORD command has
been completed without error. A device may contain both a valid Master and a valid User password. Setting the
Master password does not enable Security (i.e., does not Lock the device after the next power-on reset has
been processed).
4.20.3 Master Password Capability
A device with Security enabled has two ways of using the Master password. This capability has values of High or
Maximum. The capability value is set when the User password is set (see 7.45).
When the Master Password Capability is set to High, either the User or Master password may be used
interchangeably.
When the Master Password Capability is set to Maximum, the Master password is not used with the SECURITY
DISABLE PASSWORD and SECURITY UNLOCK commands. The SECURITY ERASE UNIT command,
however, does accept either a valid User or Master password
4.20.8 Password Rules
This subclause applies to any Security command that accepts a password, and for which there exists a valid
password. This subclause does not apply after the drive has processed a SECURITY FREEZE LOCK command
without error.
The SECURITY ERASE UNIT command ignores the Master Password Capability value when comparing
passwords, and shall accept either a valid Master or User password.
If the User password sent to the device does not match the User password previously set with the SECURITY
SET PASSWORD command, then the device shall return command aborted.
If the Master Password Capability was set to High during the last SECURITY SET PASSWORD command
setting the User password, then the device shall accept the Master password and complete the command
without error.
If the Master Password Capability was set to Maximum during the last SECURITY SET PASSWORD command
setting the User password, then the device shall return command aborted for a SECURITY UNLOCK command
or a SECURITY DISABLE PASSWORD command if the Master password is supplied.
Und nochmal als Bild zum einfacheren Verständnis:
Irgendwie kein Wunder, dass manche SSDs damit Schwierigkeiten haben und Ihre Daten nicht mehr preisgeben wollen