Home » Mailing list archives » freebsd-hackers » 2008 » September » 30

Re: ATA Security patch to atacontrol

Previous thread: none

Next thread: SSH Brute Force attempts by Rich Healey on Monday, September 29, 2008 - 5:10 pm. (22 messages)
[view original message]
From: Daniel Roethlisberger
Subject: ATA Security patch to atacontrol
Date: Monday, September 29, 2008 - 4:06 pm

I've added experimental support for the ATA Security command set to
atacontrol.  Please test and review.  If you have some spare disk(s)
with ATA Security support and a BIOS which does not freeze the security
configuration, I'd like to hear about any results of playing with this
patch.  See the changes to the manual page for details on the commands.

Note that you may render disks unusable using the ATA Security commands.
Use with great care.

http://daniel.roe.ch/code/ata/atasecurity-20080930-complete.diff

-- 
Daniel Roethlisberger
http://daniel.roe.ch/
_______________________________________________
freebsd-hackers@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-hackers
To unsubscribe, send any mail to "freebsd-hackers-unsubscribe@freebsd.org"

[ message continues ]
[view original message]
From: Jeremy Chadwick
Subject: Re: ATA Security patch to atacontrol
Date: Monday, September 29, 2008 - 7:39 pm

Daniel,

Can you provide me datasheet and technical reference material to what
"ATA Security" is?  Which ATA specification is this documented in?  I'd
like to read it.

Thanks!

-- 
| Jeremy Chadwick                                jdc at parodius.com |
| Parodius Networking                       http://www.parodius.com/ |
| UNIX Systems Administrator                  Mountain View, CA, USA |
| Making life hard for others since 1977.              PGP: 4BD6C0CB |

_______________________________________________
freebsd-hackers@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-hackers
To unsubscribe, send any mail to "freebsd-hackers-unsubscribe@freebsd.org"

[ message continues ]
[view original message]
From: Andrey V. Elsukov
Subject: Re: ATA Security patch to atacontrol
Date: Monday, September 29, 2008 - 10:53 pm

I think you can found it in ATA-ATAPI-7 vol.1: "4.7 Security Mode feature set".

http://en.wikipedia.org/wiki/Advanced_Technology_Attachment#HDD_Passwords_and_Security
http://en.wikipedia.org/wiki/Advanced_Technology_Attachment#ATA_standards_versions.2C_...

-- 
WBR, Andrey V. Elsukov
_______________________________________________
freebsd-hackers@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-hackers
To unsubscribe, send any mail to "freebsd-hackers-unsubscribe@freebsd.org"

[ message continues ]
[view original message]
From: Daniel Roethlisberger
Subject: Re: ATA Security patch to atacontrol
Date: Tuesday, September 30, 2008 - 2:43 am

Exactly.  Even though the actual T13 standard must be purchased, you can
find the documents and drafts of it online at various places by googling
for appropriate keywords.  For example:

   http://hddguru.com/content/en/documentation/2006.01.27-ATA-ATAPI-7/

The ATA command set, including the ATA Security commands, is in vol. 1.

In 2005, there was a much-cited article in the German c't magazine about
the security implications of ATA Security, which might be worth a read
too.  It is available online in English:

   http://www.heise.de/ct/english/05/08/172/

-- 
Daniel Roethlisberger
http://daniel.roe.ch/
_______________________________________________
freebsd-hackers@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-hackers
To unsubscribe, send any mail to "freebsd-hackers-unsubscribe@freebsd.org"

[ message continues ]
[view original message]
From: Bruce Cran
Subject: Re: ATA Security patch to atacontrol
Date: Tuesday, September 30, 2008 - 6:23 am

http://www.t13.org has all the latest drafts at 
http://www.t13.org/Documents/MinutesDefault.aspx?DocumentType=4&DocumentStage=2

-- 
Bruce Cran
_______________________________________________
freebsd-hackers@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-hackers
To unsubscribe, send any mail to "freebsd-hackers-unsubscribe@freebsd.org"

[ message continues ]
[view original message]
From: Daniel Roethlisberger
Subject: Re: ATA Security patch to atacontrol
Date: Tuesday, September 30, 2008 - 3:46 pm

I've slightly improved the patch.  Changes:
- More sane timeouts on ATA commands
- Print a security usage if parameters are illegal
- Extended the manual page with some examples and notes about which
  commands are lethal to mounted filesystems
- Teach the kernel about the ATA Security command codes (for console
  printf messages)

Even with the kernel changes, a kernel rebuild is not required in order
to test the code.

http://daniel.roe.ch/code/ata/atasecurity-20081001-complete.diff

Please send me feedback.

-- 
Daniel Roethlisberger
http://daniel.roe.ch/
_______________________________________________
freebsd-hackers@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-hackers
To unsubscribe, send any mail to "freebsd-hackers-unsubscribe@freebsd.org"

[ message continues ]
Previous thread: none

Next thread: SSH Brute Force attempts by Rich Healey on Monday, September 29, 2008 - 5:10 pm. (22 messages)