RE : Re: [RFC] ATA host-protected area (HPA) device mapper?

--- Jeff Garzik wrote:
Your hard disk is a lot more powerfull than what you think, only very old

No, it's not. I am well aware of what's in the ATA spec.

hard disks only have ATA set max command. Nowadays, you can not only set the

Not true.

If you want more info without reading the spec, here is some more:
http://www.heise.de/ct/english/05/08/172/

Gujin also do the absolutely needed setup of the IDE hard disk which is to freeze
the password system _and_ the config system of all the IDE hard disks present, so
that no virus can put a random password and send you an E-mail with the address
where to send the money to get the password to unlock the hard disk and so access
again your data. Again, freezing means no more modifiable until next power cycle,
so IMO it is the job of the bootloader to setup the hard disk, before running
anything like Linux, a commercial OS, a bootable CDROM...

This is totally broken, and I am going to strongly recommend that no one
use this software.

But that is the recommended way to do in the ATA specification, since ATA4:

http://www.t13.org/project/d1153r18-ATA-ATAPI-4.pdf
and read "6.10 Security Mode feature set" around page 30 / page 46.
Pay attentiong to the last sentense of "6.10.4 Frozen mode".

And some BIOS correctly implement it - most BIOS don't.

It is the OS responsibility to do this. As a simple example, when the
libata ACPI patches are merged (soon), libata will send BIOS-specified
taskfiles to the device -- including the hard drive password, if any.
Then it will freeze the settings.

Which setting are you talking about: freezing the HPA, the configuration
or the password - that is different ATA commands.
Gujin can run a kernel (or some other software) without freezing each of
them independantly but the user has to explicitely request it - and should
not try to boot a random CDROM with the password unfrozen.

Gujin's behavior will prevent the user from accessing their data, if
they have protected it via BIOS.

Some BIOS have support for password, but Gujin is not using BIOS
services for "protection" because BIOS is not providing such services
with a documented interface.

Gujin is assuming that your hard disk are accessible by the documented ATA ide
system, and some (or all?) IDE SATA interface have (volumtary?) broken
implementation: they are not IDE register compatible.

More evidence that Gujin is completely broken.

Host controller programming interfaces have _always_ been variable. PCI
IDE standard was never a requirement for all host controllers, indeed
such a requirement would be stupid, and widely ignored.

Modern SATA controllers are all FIS-based, and are not (and should not
be) limited by the legacy IDE register programming interface.

The complete ATA specification is describing a register interface since ATA1,
SATA chipsets should be software compatible, even if they add commands/interfaces:
http://www.sata-io.org/interopfaq.asp say:
Are there any known interoperability issues with SATA?
One of the primary requirements of the SATA 1.0 specification was to
maintain backward compatibility with existing operating system drivers
to eliminate incompatibility issues.


Etienne.


__________________________________________________
Do You Yahoo!?
En finir avec le spam? Yahoo! Mail vous offre la meilleure protection possible contre les messages non sollicités
http://mail.yahoo.fr Yahoo! Mail
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Relevant Pages