[LinuxBIOS] Adding Support for ATA Freeze Command.

Ralph Corderoy ralph at inputplus.co.uk
Sat May 21 11:43:42 CEST 2005


Are people generally aware of the ATA security commands?  They allow a
password to be set on a hard drive.  It's the hard drive that's doing
the password storing, not the motherboard, so the drive's still locked
if it's moved to another machine.  On boot-up the BIOS recognises the
drive's locked and prompts the user for the password.  It's also the
normal UI for setting it in the first place.

Anyway, my point is passwords are typically not set.  This means
something malicous can set it and the next time the machine boots the
user's locked out of his own drive.  The c't magazine had an article on
it recently.


Once a drive's locked with an unknown user password then it's a dead
drive unless the manufacturer can be persuade to give you the higher
level password that allows a security format of the device to be done.
This normally requires a paper-chase to prove you're the rightful owner.

Options are for users to set the password on their drives so it can't be
set malicously to something unknown to them but that's a pain because it
needs supplying on boot-up.  Or, for the ATA Freeze command to be used
soon after boot-up.  This puts the drive in a state where it won't
accept any password setting until after the next boot.

(The ATA-3 spec. is http://www.t13.org/project/d2008r7b-ATA-3.pdf -- see
pages 33 and 75 by the number written on the page.)

Ideally, the Freeze needs to be done as soon as possible in the BIOS ->
bootloader -> OS chain to make it harder to set the password before the
freeze is done.  That's why I'm here.  :-)  

It LinuxBIOS were to add support for Freeze drives it would be another
advantage over other BIOSes.  Am I right in thinking that LinuxBIOS
itself knows nothing about ATA and that's left to FILO?  Is that the
only payload that deals with ATA?

(I'm also going to lobby the Grub people for those of us that don't have
BIOS support for ATA Freeze.)



More information about the coreboot mailing list