Accessing HPA and DCO Areas on Hard Drives

Firmware based Security Erase devices are able to access hidden partitions in order to erase hard drives

by Ray Leventhal
CPR Tools

Many hard drive manufacturers employ segmenting schemes or layers of obscurity that can be used to limit the apparent or visible capacity of a hard drive. DCO and HPA are two common features that can be used to alter the visible space on a drive, sometimes for the purpose hiding data. When it comes to erasing this data, firmware based ATA Security Erase methods are far more capable of accessing these areas than software methods.

HPA, or Host Protected Area, sets a hidden partition commonly used as a ‘recovery partition’. Manufacturers such as Dell and HP (and many others) use this space as a recovery partition to be used if the system is to be reset to factory conditions.

DCO, or Device Configuration Overlay can also be used to limit the available space on a hard drive. It also provides additional device configuration functionality in its ability to toggle certain drive features. Some of these features include security, HPA support, 48 bit support, UDMA levels and various S.M.A.R.T. settings. Not all drives support DCO and of those that do, not all DCO features are supported.

Software erasure methods require the use of an operating system and a computer. Advanced users can hide information using HPA and DCO partitions, which essentially obscures the data from software erasure applications. Further, with software erasure methods, if the process is interrupted, the as-yet untouched portions of the drive will still contain whatever data was written there. In other words, when running software-based products to erase data, only the areas of the drive seen by the operating system can be addressed and erased.

For most drives however, firmware-based ATA Security Erase products disregards any such limiting factors (HPA, DCO, etc) and addresses the hard drive using the drive’s own firmware and logic. The operating system is therefore irrelevant to this process.

Note that not all products that support ATA Security Erase address HPA or DCO areas. Some, such as CPR Tools’ Hammer™ device, provide the option to specifically clear HPA and DCO partitions if they exist, prior to beginning an eradication process. CPR Tools’ best practice recommendations for ‘purge’ include the application of a random password before beginning the ‘purge’ process. This is recommended to ensure that any data is securely locked and unavailable, even if the eradication process is interrupted.

Finally, note that firmware-based products erase the drive at its highest available write speed, precluding the need to transfer data and update information to the operating system and software. This is why hardware eradication is a more certain process than software based data erasure.

An extended discussion of this topic may be found here.