Hi,
Are people generally aware of the ATA security commands? They allow a password to be set on a hard drive. It's the hard drive that's doing the password storing, not the motherboard, so the drive's still locked if it's moved to another machine. On boot-up the BIOS recognises the drive's locked and prompts the user for the password. It's also the normal UI for setting it in the first place.
Anyway, my point is passwords are typically not set. This means something malicous can set it and the next time the machine boots the user's locked out of his own drive. The c't magazine had an article on it recently.
http://www.heise.de/ct/english/05/08/172/
Once a drive's locked with an unknown user password then it's a dead drive unless the manufacturer can be persuade to give you the higher level password that allows a security format of the device to be done. This normally requires a paper-chase to prove you're the rightful owner.
Options are for users to set the password on their drives so it can't be set malicously to something unknown to them but that's a pain because it needs supplying on boot-up. Or, for the ATA Freeze command to be used soon after boot-up. This puts the drive in a state where it won't accept any password setting until after the next boot.
(The ATA-3 spec. is http://www.t13.org/project/d2008r7b-ATA-3.pdf -- see pages 33 and 75 by the number written on the page.)
Ideally, the Freeze needs to be done as soon as possible in the BIOS -> bootloader -> OS chain to make it harder to set the password before the freeze is done. That's why I'm here. :-)
It LinuxBIOS were to add support for Freeze drives it would be another advantage over other BIOSes. Am I right in thinking that LinuxBIOS itself knows nothing about ATA and that's left to FILO? Is that the only payload that deals with ATA?
(I'm also going to lobby the Grub people for those of us that don't have BIOS support for ATA Freeze.)
Cheers,
Ralph.