* hdparm Security Unlock
@ 2012-10-07 14:54 Michael Kuron
2012-12-10 16:05 ` Vladimir 'φ-coder/phcoder' Serbinenko
0 siblings, 1 reply; 2+ messages in thread
From: Michael Kuron @ 2012-10-07 14:54 UTC (permalink / raw)
To: grub-devel
Is there a reason why hdparm.mod does not currently support issuing the ATA SECURITY UNLOCK command to a hard drive?
Looking at hdparm.c, the only change required would be adding write support to grub_hdparm_do_ata_cmd() by doing the following. Write support is already present in grub_ahci_readwrite_real() and grub_pata_readwrite().
@@ -66,7 +66,7 @@
static grub_err_t
grub_hdparm_do_ata_cmd (grub_ata_t ata, grub_uint8_t cmd,
grub_uint8_t features, grub_uint8_t sectors,
- void * buffer, int size)
+ void * buffer, int size, int write = 0)
{
struct grub_disk_ata_pass_through_parms apt;
grub_memset (&apt, 0, sizeof (apt));
@@ -78,6 +78,7 @@
apt.buffer = buffer;
apt.size = size;
+ apt.write = write;
if (ata->dev->readwrite (ata, &apt, 0))
return grub_errno;
With that change, doing a Security Unlock should be possible using
#define GRUB_ATA_CMD_SECURITY_UNLOCK 0xf2
grub_uint16_t buf[256];
strncpy(buf+1, "Password", 32);
grub_hdparm_do_ata_cmd (ata, GRUB_ATA_CMD_SECURITY_UNLOCK, 0, 1, buf, sizeof (buf));
According to the ATA command specification, buf is 512 bytes long. The first byte is set to 0x00 when using the user password and 0x01 when using the master password. The second byte is ignored, and starting from the third byte we have the password string which has a length of 32 characters. According to the spec, the sector field is ignored; however the Linux tool hdparm sets it to 1, so that's what I did above.
The Linux tool hdparm uses the command-line argument --security-unlock PWD (it doesn't have a single-letter shorthand form), so maybe we could use that here too (assuming the stuff above does actually work).
Regards,
Michael
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: hdparm Security Unlock
2012-10-07 14:54 hdparm Security Unlock Michael Kuron
@ 2012-12-10 16:05 ` Vladimir 'φ-coder/phcoder' Serbinenko
0 siblings, 0 replies; 2+ messages in thread
From: Vladimir 'φ-coder/phcoder' Serbinenko @ 2012-12-10 16:05 UTC (permalink / raw)
To: grub-devel
[-- Attachment #1: Type: text/plain, Size: 2503 bytes --]
On 07.10.2012 16:54, Michael Kuron wrote:
> Is there a reason why hdparm.mod does not currently support issuing the ATA SECURITY UNLOCK command to a hard drive?
>
> Looking at hdparm.c, the only change required would be adding write support to grub_hdparm_do_ata_cmd() by doing the following. Write support is already present in grub_ahci_readwrite_real() and grub_pata_readwrite().
>
It's "patches are welcome" situation
> @@ -66,7 +66,7 @@
> static grub_err_t
> grub_hdparm_do_ata_cmd (grub_ata_t ata, grub_uint8_t cmd,
> grub_uint8_t features, grub_uint8_t sectors,
> - void * buffer, int size)
> + void * buffer, int size, int write = 0)
> {
We don't use "default" arguments.
> struct grub_disk_ata_pass_through_parms apt;
> grub_memset (&apt, 0, sizeof (apt));
> @@ -78,6 +78,7 @@
>
> apt.buffer = buffer;
> apt.size = size;
> + apt.write = write;
>
> if (ata->dev->readwrite (ata, &apt, 0))
> return grub_errno;
>
> With that change, doing a Security Unlock should be possible using
>
> #define GRUB_ATA_CMD_SECURITY_UNLOCK 0xf2
> grub_uint16_t buf[256];
> strncpy(buf+1, "Password", 32);
> grub_hdparm_do_ata_cmd (ata, GRUB_ATA_CMD_SECURITY_UNLOCK, 0, 1, buf, sizeof (buf));
We don't have strncpy, only grub_strncpy and where does 32 comes from?
>
> According to the ATA command specification, buf is 512 bytes long. The first byte is set to 0x00 when using the user password and 0x01 when using the master password. The second byte is ignored, and starting from the third byte we have the password string which has a length of 32 characters. According to the spec, the sector field is ignored; however the Linux tool hdparm sets it to 1, so that's what I did above.
>
> The Linux tool hdparm uses the command-line argument --security-unlock PWD (it doesn't have a single-letter shorthand form), so maybe we could use that here too (assuming the stuff above does actually work).
>
Command line agument is possible but you also need a possibility to
enter the password from keyboard, necessarry functions are already in
crypto.mod. To avoid hdparm depending on crypto.mod it's good to have a
separate command for unlocking, not part of hdparm.
> Regards,
> Michael
>
>
> _______________________________________________
> Grub-devel mailing list
> Grub-devel@gnu.org
> https://lists.gnu.org/mailman/listinfo/grub-devel
>
--
Regards
Vladimir 'φ-coder/phcoder' Serbinenko
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 294 bytes --]
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2012-12-10 16:05 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2012-10-07 14:54 hdparm Security Unlock Michael Kuron
2012-12-10 16:05 ` Vladimir 'φ-coder/phcoder' Serbinenko
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.