I have a My Passport Ultra Metal Edition.
I notice that its SATL block all ATA Security Feature Set commands but SECURITY SET PASSWORD.
When I send the following ATA commands through ATA PASSTHROUGH:
SECURITY UNLOCK (F2h)
SECURITY ERASE PREPARE (F3h)
SECURITY ERASE UNIT (F4h)
SECURITY FREEZE LOCK (F5h)
SECURITY DISABLE PASSWORD (F6h)
I will get the following sense data:
70 00 05 00 00 00 00 0a 00 00 00 00 24
Which means “Invalid field in cdb”. So I assume the SATL explicitly block these commands.
However, it does NOT block:
SECURITY SET PASSWORD (F1h)
That is, I can successfully enable the ATA Security Feature Set (lock the drive) with ATA PASSTHROUGH, but not unlock the drive or disable it, unless I know about the vendor-specific SCSI commands handling password/encryption of the drive.
For such cases the “WD Security” app cannot unlock the drive or disable the password, since it does not use plain password but a hashed one. And it is not even able to erase the drive if the ATA master password is not in-sync with the master password stored in the SCSI layer (which can be a very likely case since I can set both the ATA user password and master password through ATA PASSTHROUGH; it seems to be the case for totally brand new drive as well)
Therefore I think WD should have blocked SECURITY SET PASSWORD (F1h) as well. Otherwise some users might end up making the drive seemingly-bricked (since even ATA IDENTIFY DEVICE is blocked after a power cycle) and cannot fix it themselves unless they found out about the vendor-specific SCSI commands, when they want to try locking the drive but have no access to WD Security (e.g. Linux users).