-
Notifications
You must be signed in to change notification settings - Fork 635
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
NVME Admin command error: INVALID_OPCODE(2001) #84
Comments
That doesn't sound right since format is not an optional command to support for any device. It's required. Perhaps the device's status is incorrect, and maybe it doesn't like using the "all namespaces". Do you get the same error from running:
? |
Yes, same error. |
Okay, in this case, I recommend forwarding the error to the controller vendor. It sounds like they require something not defined in the specification, or they simply don't support the nvme format admin command. |
Closing; this appears to be a device side issue. |
I think the work-around is to just not issue format commands. The device doesn’t support it according to the status code.
From: fuzzydunlop1899 [mailto:notifications@github.com]
Sent: Tuesday, May 2, 2017 8:06 PM
To: linux-nvme/nvme-cli <nvme-cli@noreply.github.com>
Cc: Busch, Keith <keith.busch@intel.com>; State change <state_change@noreply.github.com>
Subject: Re: [linux-nvme/nvme-cli] NVME Admin command error: INVALID_OPCODE(2001) (#84)
Hi,
I have the exact same problem with the Samsung SM951 256 GB NVMe drive (MZVPV256HDGL-00000) and was also routed here via the Parted Magic forum. Since the SM951 is an unsupported OEM-Product I hope there might be a so workaround by now.
Thank you!
—
You are receiving this because you modified the open/close state.
Reply to this email directly, view it on GitHub<#84 (comment)>, or mute the thread<https://github.com/notifications/unsubscribe-auth/AEDXlhtIf_gLHumqcliniPMQ0OmzY27nks5r1-D-gaJpZM4Iak7r>.
|
Samsung PM961 128G responds with NVME Admin command error:8193 when nvme_format_ns /dev/nvme0n1 is sent on ASrock Taichi Z270 running CentOS 7.3.1611.el7. |
That looks like you're using an older version of this tool, so I'm going to assume 8193 is in decimal. That's 2001 in hex, and according to the spec, that's an invalid opcode error. Supporting the format opcode is optional, so it sounds like controller chose not to support it, and that's okay from a specification standpoint. |
Thank you for this reply. Using the very latest version of the tool gives this response:
[root@cabench11 Desktop]# nvme format /dev/nvme0n1
NVME Admin command error:INVALID_OPCODE(2001)
Issuing this command to this SSD on ASUS Z97 with same OS completes successfully. Same behavior with other Samsung SM/PM version SSDs???
Other thoughts?
From: Keith Busch [mailto:notifications@github.com]
Sent: Thursday, July 06, 2017 2:10 PM
To: linux-nvme/nvme-cli <nvme-cli@noreply.github.com>
Cc: Errol Heiman (eheiman) [CONT - Type 2] <eheiman@micron.com>; Comment <comment@noreply.github.com>
Subject: [EXT] Re: [linux-nvme/nvme-cli] NVME Admin command error: INVALID_OPCODE(2001) (#84)
That looks like you're using an older version of this tool, so I'm going to assume 8193 is in decimal. That's 2001 in hex, and according to the spec, that's an invalid opcode error. Supporting the format opcode is optional, so it sounds like controller chose not to support it, and that's okay from a specification standpoint.
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub<#84 (comment)>, or mute the thread<https://github.com/notifications/unsubscribe-auth/AckiTHUJKpWIsfxX0F1LDb6E38iGEduMks5sLT78gaJpZM4Iak7r>.
|
If you want to verify if your controller supports the Format NVM command, run |
Both Z270 and Z97 systems yield oacs : 0x7. I suspect OP_CODE is modified by Z270 versus Z97. Comments will be appreciated. |
An oacs of 7 is advertising support for format nvm. If it's not working, you should take this issue to your vendor. |
I owned 2 laptops with Samsung PM951 and PM961 SSDs and both had the same issue: oacs shows support but the format command returns INVALID_OPCODE(2001). |
Your comment is most appreciated. This same remedy also works for a SATA SSD in security frozen state. Based on that observation, I suspect this is a security related issue, present on Z270 but not on Z97. Review of BIOS configurations is in order.
From: Christophe Beyls [mailto:notifications@github.com]
Sent: Friday, August 04, 2017 3:07 PM
To: linux-nvme/nvme-cli <nvme-cli@noreply.github.com>
Cc: Errol Heiman (eheiman) [CONT - Type 2] <eheiman@micron.com>; Comment <comment@noreply.github.com>
Subject: [EXT] Re: [linux-nvme/nvme-cli] NVME Admin command error: INVALID_OPCODE(2001) (#84)
I owned 2 laptops with Samsung PM951 and PM961 SSDs and both had the same issue: oacs shows support but the format command returns INVALID_OPCODE(2001).
For both machines, the fix is to put to laptop to sleep, then resume it. After resume, the Samsung SSD accepts the command.
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub<#84 (comment)>, or mute the thread<https://github.com/notifications/unsubscribe-auth/AckiTGFaGBpPOsximY9B15Z_hsr48ayxks5sU4gMgaJpZM4Iak7r>.
|
Just confirming that putting the machine to sleep has also resolved this issue for me. |
I know it's closed but I'm just adding that I had the same problem and the same solution (suspend + resume) worked. Laptop with Intel HM175 Express Chipset and Samsung SM961 512GB. |
That sounds like a firmware bug. In any case, I hope everyone running this command is aware it obliterates your data. :) |
Almost a year later, and Samsung NVMEs are still behaving in the same way.
|
It's not working for me if I boot on an usb key to format it.
|
Hi everyone, |
Hi, Error: NVME Admin command error:INVALID_OPCODE(2001) Note: I have been contacting Samsung support, and they weren't able to help because this particular NVMe drive was OEM. When contacted Lenovo /OEM, but no luck there as well as they do not provide support for these drives. |
@nama08 To perform a low-level format on Lenovo Thinkpad machines (both SATA and NVME), you have to use the Lenovo EFI application which allows to reset the cryptographic key and erase the drive: https://support.lenovo.com/be/fr/downloads/ds019026 |
Hi and thanks for your valuable reply. I will check this out. As mentioned earlier, I was in contact with Samsung support and they weren't able to help. |
You need to have a Thinkpad machine listed on the Lenovo tool page. I personally own a T480S with a Samsung NVME drive (model MZVLB256, exactly the same as yours) and I can confirm the tool works with this drive (and I could not use I was also able to upgrade the firmware of the Samsung drive directly from Linux using the |
Hi, |
I have wd sn 750 1TB, nvme format gives error first,(change block size from 512 to 4096, got error code 0x4001, I'm not sure). then I tried supend/resume and it helped me |
Same drive as @comicfans (model number WDBRPG0010BNC-WRSN). On a brand new never touched drive, just running Suspend and resume fixed the issue, with the original command running succesfully after resume. So bizarre. |
Just so @trourance doesn't feel he's not the only one. I have a Dell XPS 9360 which came with this Samsung PM961 NVMe 512GB drive... Using the latest nvme-cli version 2.7.1 via the AppImage (and I tried compiling manually too) I get this...
So I guess bit 9 being 29 means it's still frozen... despite me issuing a command to suspend. The only other things I've seen is this Wiki article from Thomas-Krenn-Wiki.pl which says a BIOS update to their Supermicro fixed it for them... but there are no further BIOS updates for this XPS 9360... it's on the latest. |
In the end I've found that the Dell BIOS supports a 'data wipe' and it's managed to issue the command instead... the SSD was wiped in only a handful of seconds. But then that does mean there isn't a problem with the device... so the issue must be how nvme-cli communicates with it? Should this issue be reopened? |
The Dell BIOS is more than likely performing some kind of vendor unique sequence to unlock this operation. There's nothing wrong with the nvme-cli tooling from the protocol perspective, but we don't inherently know vendor specific magic. We'd need to know what command sequence the special BIOS updater is doing in order to script up an equivalent with this tool. |
I recently had to revisit this issue on a PC where the suspend workaround didn't work, and now have a pretty full understanding of what the real issue is, why the workaround sometimes works, and what can be done when it doesn't. Quick Summary
Full ExplanationMost modern PCs, on boot, will use a Trusted Computing Group (TCG) feature called Block SID Authentication on storage devices that support it. For storage devices that support it, this feature will check to see if the storage device's security identifier (SID) password is still set to the default. If it is, the feature will be enabled, and the storage device will block attempts to authenticate until a subsequent device power cycle occurs. This functionality is similar to the ATA FreezeLock command. The goal of this feature is to prevent malware from being able to easily set the password on a disk that has not yet had a password set. In general, an NVMe device can still be formatted even when SID Authentication is blocked. However, some devices like the WD SN750 (with certain firmware versions) mistakenly block Suspending and resuming the system is an effective workaround in many cases because many systems fail to block SID Authentication when resuming from a suspend. As such, doing a suspend and resume disables the block and avoids the arguably buggy behavior of the SN750 and other drives. If your motherboard blocks SID Authentication when resuming, the workaround is not effective. What can you do? Most boards have a mechanism to allow you to disable the block on next boot - on mine it is Examining the Block SID Authentication state of a drive and changing its password is pretty awkward. The SN750 seems to implement TCG Pyrite, or something like it, and the tools for working with such drives are limited. There is a tool called After building or copying the prebuilt sedutil-cli, one can examine the state of their drives from within the OS:
The
Notice the
Notice the
You'll want to make sure you do not lose that password, as options for being able to perform certain operations on the drive may be limited or nonexistant without it. After running this, you should be able to format the storage device without any workaround in any machine. The TCG Storage Opal Integration Guidelines have even more details on all of this. Finally, the suspend/resume workaround is a common mechanism to be able to bypass a similar "FreezeLock" on ATA devices. Interestingly, that mechanism works just fine on the motherboard I'm using, even though the motherboard stops it from working on NVMe devices. |
Amazing, thank you for writing this up! |
Amazing, Thank you. |
Well for any owners of Dell systems out there, this seem to be the trick for disabling the block on SID authentication on them... Although at least in my case the XPS 9360 doesn't have this option in its BIOS (and it's on the latest version). But like I said previously, they've at least given us a built in option to do this in the BIOS under the menu/screen... Maintenance | Data Wipe Great to finally understand what the real issue is though, thanks @aggieNick02 |
I think we should add this info to our documentation, as it seems a very common thing to happen. BTW, nvme has a very minimalist SED plugin. Not sure if it supports the steps necessary feature this workaround requires though. |
Oh nice, thanks for the info. I'll see if I can test it; it looks like it has the necessary commands, I don't know if it works with drives with Pyrite or Opalite, but regardless having support for this appearing in nvme-cli is encouraging since where to find a sedutil with needed fixes is not super obvious. |
I grabbed Ubuntu 24.04 LTS and quickly tried with the SN750. Unfortunately, it looks like it does not work with Pyrite drives yet. I get an I've no idea how common Pyrite or Opalite drives are, it just is what the problematic SN750 I was dealing with implemented. |
@gjoyce-ibm Maybe Greg has some insights here. I really have no clue when it comes to SED :) |
When I started looking at SED, there were two viable CLIs, sedcli and sedutil. Both projects however went dormant and had no support or new development. Given that state I decided that nvme-cli was the best course. But given no real requirements I chose to implement only a base set of OPALv2 functionality. This subset allows for many use cases but certainly not all. The implementation relies entirely on the ioctl's provided by the kernel block SED Opal driver (block/sed_opal.c). I'm not sure how Pyrite support works but it may be that sedcli/sedutil use the NVMe pass-through mechanism to access the drives directly without using the block SED Opal driver. I'm a little surprised that ioctl IOC_OPAL_DISCOVERY just failed. Is it possible that your kernel doesn't have that patch? |
I purchased Parted Magic to erase the drive in a new X1 Carbon 20FB-004QUS, however, although I can run Erase Disk - NVMe Secure Erase option and see the drive (Samsung MZVKV512HAJH-000L1), the erase process ends with "/dev/nvme0n1: Error! Disk is not erased". I then attempted a command line "nvme format /dev/nvme0n1 --ses=1", as well as "nvme format /dev/nvme0n1" (which a Parted Magic support forum admin confirmed is the command they use), but in both cases I get "Admin command error:INVALID_OPCODE(2001)" as the result. The Parted Magic forum admin requested that I contact you directly for assistance. Any feedback on how to correctly secure erase this drive is appreciated.
Thank you.
The text was updated successfully, but these errors were encountered: