security issue: hard disk lock

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Jonas Diemer <diemer@gmx.de>
To: linux-kernel@vger.kernel.org
Subject: security issue: hard disk lock
Date: Mon, 4 Apr 2005 19:42:10 +0200	[thread overview]
Message-ID: <200504041942.10976.diemer@gmx.de> (raw)

Hello!

I don't know if you guys already know, there is a possible security risk with 
all modern desktop-pcs and ata hard drives. In short:

Modern ata drives can be locked by password. This lock could be set by a 
malicous software. This security feature can be frozen, so no programs can 
set a lock until the next reboot. Ususally, the BIOS should take care of 
locking the security feature, but most desktop BIOSes (unlike laptop BIOSes) 
fail to do so. Once a lock is set and the password is unknown, the drive is 
trash.

See http://www.heise.de/ct/english/05/08/172/ for more details.

In the above article, a patched hdparm is used to freeze the drive's security 
features. This can be used during boot to prevent programs from setting a 
password. However, a malicous program could infect the computer and install 
itself in the boot sequence prior to the execution of hdparm...

I figured there could be a kernel compiled-in option that will make the kernel 
lock all drives found during bootup. then, a malicous program would need to 
install a different kernel in order to harm the drive, which would be much 
more secure.

What do you think of this? 

Regards,
Jonas

PS: Please CC me in replies, I am not subscribed to the list.

next             reply	other threads:[~2005-04-04 17:42 UTC|newest]

Thread overview: 10+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2005-04-04 17:42 Jonas Diemer [this message]
2005-04-04 18:32 ` security issue: hard disk lock Horst von Brand
2005-04-04 23:00   ` Chris Friesen
2005-04-05 15:41   ` Vernon Mauery
2005-04-05 17:10     ` Jonas Diemer
2005-04-04 19:26 ` Florian Weimer
2005-04-11 15:36 ` Alan Cox
2005-04-11 16:01   ` Jonas Diemer
2005-04-14  3:20     ` Mark Lord
2005-04-15 15:09     ` Alan Cox

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=200504041942.10976.diemer@gmx.de \
    --to=diemer@gmx.de \
    --cc=linux-kernel@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.