Secure LiveCD system - HOW TO make hard drive spin UP/DOWN

All Gurus once were Newbies
Forum rules
There are no such things as "stupid" questions. However if you think your question is a bit stupid, then this is the right place for you to post it. Please stick to easy to-the-point questions that you feel people can answer fast. For long and complicated questions prefer the other forums within the support section.
Before you post please read this

Secure LiveCD system - HOW TO make hard drive spin UP/DOWN

Postby Webtest on Fri Jul 02, 2010 8:08 pm

Over a month ago, I posted the following post regarding my hard drive that I keep trying to spin down, but it always spins back up every 30 minutes. Here is a link to the post: http://forums.linuxmint.com/viewtopic.php?f=90&t=48643

There were ZERO replies to this post, but don't feel bad because I also posted this information to the gvfs mailing list (http://mail.gnome.org/mailman/listinfo/gvfs-list) and got ZERO responses there as well.

In the mean time, I kept looking for whatever way possible to keep the hard drive spun down. If I couldn't keep the daemon (or whatever was the cause) from spinning the drive back up, maybe there was a way of "incapacitating" the drive itself. I came across a pretty good web site:
http://linuxmafia.com/pub/linux/suse-linux-internals/chapter2.html
SuSE Linux Internals, Terrehon Bowden, Bodo Bauer
This at least gave me the correct terminology to use in a Google search where I found ...
http://www.faqs.org/docs/Linux-HOWTO/SCSI-Generic-HOWTO.html
dgilbert at interlog dot com
The Linux SCSI Generic (sg) HOWTO
SCSI version - Mint 8: 30534 3.5.34 [20061027]

This got me very close, as it discusses some of the internal operations of the SCSI driver on the hardware. It in turn led me to a search which found the Red Hat documentation site at:
http://www.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/html/Online_Storage_Reconfiguration_Guide/task_controlling-scsi-command-timer-onlining-devices.html
This was the best reference of all, and it almost nailed the solution to the problem. It discussed the "/proc" directory and showed:
Code: Select all
mint mint # cat /proc/scsi/sg/devices
host   chan   id   lun   type   opens   qdepth   busy   online
0   0   0   0   0   1   1   0   1

Ah! If there is a flag for the device 'ONline, there must be some way to set if "OFFline", and if I could do that, what would happen? After a couple of more hours searching, reading, and testing, I finally came up with a most excellent solution:
Code: Select all
# The command to set the hard drive device offline can ONLY be run in root. "sudo echo" will NOT work!
mint@mint ~ $ sudo -i
# Spin the hard drive down ... I figured this out a month ago ... must be done while ONline
mint ~ # hdparm -y /dev/sda
/dev/sda
issuing standby command
# Set the hard drive OFFline
mint ~ # echo offline > /sys/block/sda/device/state
# Make sure the device received the command [optional]
mint ~ # cat /sys/block/sda/device/state
offline

OK! Major success. I presume the daemon still tries to 'tick' the drive, but the system ran just fine for several hours with the drive continuously spun down and offline.

Now, if I could set the drive OFFline, could I get it back spinning again? Again the answer is absolutely YES, but there is a trick to it. You can NOT set the drive ONline! I noticed that the state before I set it offline was "running", so, I ran the 'echo' command to pass "running" to SDA, and it worked perfectly. Once the drive is online (i.e. 'running'), I can spin it up and mount it by accessing the drive in the 'Places' list in the Gnome Nautilus File Browser.
Code: Select all
# Set the hard drive ONline
mint ~ # echo running > /sys/block/sda/device/state

So, now I have a totally secure web browsing system ... my system is securly locked on an SD flash memory card, and while I am connected to the internet, my hard drive is totally inaccessible, however, I can still spin up and remount the drive whenever I want. I still have a few more things I want to do, but the important tasks are finally accomplished.

Blessings in abundance, all the best, and ENJOY!
Art in Carlisle PA USA
BOAT - a hole in the water that you pour money into
LINUX - a hole in your life that you pour TIME into

HP dx2400 Core 2 Duo 4 GB - Mint 10 Gnome, Mint 13 Mate, Mint 15 Mate <on LOCKED Kanguru USB drives>
Webtest
Level 3
Level 3
 
Posts: 179
Joined: Sun Feb 21, 2010 4:45 pm
Location: Carlisle, Pennsylvania, USA

Linux Mint is funded by ads and donations.
 

Re: Secure LiveCD system - HOW TO make hard drive spin UP/DO

Postby piratesmack on Fri Jul 02, 2010 9:34 pm

Thanks, works great.

I just tried this from a Knoppix live cd, but I used 'hdparm -Y' (The man page says this completely turns the hard drive off).
Hopefully this will give me a little extra battery life
piratesmack
Level 5
Level 5
 
Posts: 710
Joined: Mon May 26, 2008 3:08 pm

Re: Secure LiveCD system - HOW TO make hard drive spin UP/DO

Postby larsp on Sat Feb 26, 2011 5:24 am

Thanks for sharing your research webtest! Your solution is exactly what I was hoping to find! :D

I just upgraded my home server from a slow headless NAS running embedded debian, to some new hardware that is strong enough to also be my HTPC, so I decided to run Linux Mint 10 to get a pretty desktop as well as the server functionality, and wow does it run great!

One of the things my server do is a nightly backup of important data to an ESATA drive, using rsync to make daily hardlinked backup folders. I have written a script that mounts the drive, does the backup, then unmounts it and spins it down to save power and reduce noise. About once a week, I physically remove the external drive and swap it with a similar drive I have in my drawer, to get even more backup safety.

... however ... deamon(s) in Linux Mint ruined the spin down part... that is, until I found this solution. Now my script is even stronger, because the drive is completely offline and even more free of harms way, until the script does its magic :D

Getting stuff like this working is what makes Linux so great and rewarding!

Best regards,
Lars

BTW: In my backup script, I added a check on the umount command exit value before performing the offline trick. If umount fails, I don't think it is clever to brutally offline the drive. Something may be accessing the filesystem for some reason.
larsp
Level 1
Level 1
 
Posts: 1
Joined: Sat Feb 26, 2011 4:51 am

Re: Secure LiveCD system - HOW TO make hard drive spin UP/DO

Postby Webtest on Sun Feb 27, 2011 11:56 am

I think I was a teacher in my previous incarnation! I enjoy sharing almost as much as I enjoy finding knowledgeable and helpful people on the forums who help me to find solutions.

One caution ... On Mint 10, when I boot up my secure system off of the locked SD card, very shortly after I type in the command to spin down the drive, something in the system "touches" the drive and spins it back up! I haven't taken the time to figure out the timing ... it may just be a coincidence where the I just happen to type in the commands a little faster than it takes the system to "touch" the drive. Anyway, I just recall the previous command and spin it down again, and then take it offline. I can actually hear the drive in my system so it is no problem, but this is a warning for anyone who can't hear the drive spin up or down. It would be an interesting problem to figure out the difference between Mint 8 and 10 and how to keep this from happening. It doesn't bother me much because I mostly use Mint 8, and it doesn't touch the drive and spin it up for about a half an hour after I spin it down.

Blessings in abundance, all the best, and ENJOY!
Art in Carlisle PA, USA
BOAT - a hole in the water that you pour money into
LINUX - a hole in your life that you pour TIME into

HP dx2400 Core 2 Duo 4 GB - Mint 10 Gnome, Mint 13 Mate, Mint 15 Mate <on LOCKED Kanguru USB drives>
Webtest
Level 3
Level 3
 
Posts: 179
Joined: Sun Feb 21, 2010 4:45 pm
Location: Carlisle, Pennsylvania, USA

Re: Secure LiveCD system - HOW TO make hard drive spin UP/DO

Postby DrHu on Sun Feb 27, 2011 3:43 pm

Webtest wrote:So, now I have a totally secure web browsing system ... my system is securly locked on an SD flash memory card, and while I am connected to the internet, my hard drive is totally inaccessible, however

Good story, but nothing really to do with securing your system from the Internet
    Just relying on the Linux IPTABLES + your router should be enough
--I might even through in an encrypted hard drive area; that to me seems to be the most secure method

I would ask you this, if you thought someone could get yo your hard drive from the Internet, why don't you think they could spin up the hard drive, and just grab some data from it
User avatar
DrHu
Level 16
Level 16
 
Posts: 6783
Joined: Wed Jun 17, 2009 8:20 pm

Re: Secure LiveCD system - HOW TO make hard drive spin UP/DO

Postby Webtest on Mon Feb 28, 2011 11:56 am

Dr. Hu ...
if you thought someone could get to your hard drive from the Internet, why don't you think they could spin up the hard drive

I am paranoid, but not quite THAT paranoid! First of all, I am running Linux, not Windoze, so there is less risk. Secondly, the filesystem that is running is unusual in that it is a ramdisk and not a hard drive (I don't really care what happens to the ramdisk since the time between reboots is about an hour). Beyond that, someone would have to break into the system and then try to figure out that the hard drive is offline AND that it is spun down. Also, when I walk away from the system, I never leave it online, so while I am at the computer I can hear the drive spin up. That would get my attention immediately. I am not worried about any data that I have on the drive ... it is a Windoze system, and I just absolutely don't want any viruses planted on it. I do use it for my iTunes account but never for any banking or other credit card activity.

One major surprise I learned a few days ago is that the "Lock" switch on an SD card is NOT a hardware lock on the card! It merely provides a status signal to the OS, which then determines how to handle data writes to the card. I will be checking on that later this week. Your comment on the IPTABLES sounds interesting and I will investigate that also. Hopefully, in a month or two I will be able to spin my own uncompressed LiveCD system ... that is my next major objective! When I can do that, I will write a step-by-step tutorial on how to do it.

Thanks for your interesting comments.
Blessings in abundance, all the best, & ENJOY!
Art in Carlisle PA, USA
BOAT - a hole in the water that you pour money into
LINUX - a hole in your life that you pour TIME into

HP dx2400 Core 2 Duo 4 GB - Mint 10 Gnome, Mint 13 Mate, Mint 15 Mate <on LOCKED Kanguru USB drives>
Webtest
Level 3
Level 3
 
Posts: 179
Joined: Sun Feb 21, 2010 4:45 pm
Location: Carlisle, Pennsylvania, USA

Re: Secure LiveCD system - HOW TO make hard drive spin UP/DO

Postby Habitual on Mon Feb 28, 2011 3:42 pm

Art:

Props for your perseverance.
Most people just come here to whine and moan, but you saw it through.
Much respect.
+1
What's a landing but a take off in reverse?
My DorkBlog
User avatar
Habitual
Level 8
Level 8
 
Posts: 2132
Joined: Sun Nov 21, 2010 8:31 pm
Location: Undecided

Re: Secure LiveCD system - HOW TO make hard drive spin UP/DO

Postby Webtest on Sun Feb 17, 2013 7:54 pm

Esteemed Forum Participants & Lurkers:
Since my last post to this thread I added a third step to my hard drive shtudown, AND I was able to fully automate it! The 3 steps are:

* Spin down the drive
* Mark the drive offline immediately after the spindown
* DELETE the device completely!

Here is the script that I run in a Terminal window to do this. It can be run by any user with sudo privileges. It is marked as executable, so clicking on the icon and selecting "Run in terminal" works just fine. The "sleep 5" at the end keeps the Terminal window open just long enough to confirm the results.
Code: Select all
#!/bin/sh
# Run as user mint IN TERMINAL WINDOW WITH:    ./hdoff
#
# http://stackoverflow.com/questions/84882/sudo-echo-something-etc-privilegedfile-doesnt-work-is-there-an-alterna
# https://blogs.oracle.com/joshis/entry/sudo_echo_does_not_work
# sudo sh -c 'echo "text" > file'

echo
echo "Drive sda is:"
cat /sys/block/sda/device/state
echo
sudo hdparm -y /dev/sda; sudo sh -c 'echo offline > /sys/block/sda/device/state'
echo
echo "Drive sda is:"
cat /sys/block/sda/device/state
echo
sudo sh -c 'echo 1 > /sys/block/sda/device/delete'
echo 'Drive sda is ->  DELETED  <- if  "No such file or directory"'
cat /sys/block/sda/device/state
echo
echo
sleep 5

Note the unusual format of the echo commands that need to be run as SuperUser ...
sudo sh -c 'echo offline > /sys/block/sda/device/state'
there are a lot of discussions regarding this on the internet ... 2 of the links are in my code comments. In this format, the privileged command can be run by any user with sudo privileges.

Hopefully this will help some other newbie in the future!
Blessings in abundance, all the best, & ENJOY!
Art in Carlisle PA USA
BOAT - a hole in the water that you pour money into
LINUX - a hole in your life that you pour TIME into

HP dx2400 Core 2 Duo 4 GB - Mint 10 Gnome, Mint 13 Mate, Mint 15 Mate <on LOCKED Kanguru USB drives>
Webtest
Level 3
Level 3
 
Posts: 179
Joined: Sun Feb 21, 2010 4:45 pm
Location: Carlisle, Pennsylvania, USA

Linux Mint is funded by ads and donations.
 

Return to Newbie Questions

Who is online

Users browsing this forum: ace_N_kelly, braikar, killer de bug and 22 guests