From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from list by lists.gnu.org with archive (Exim 4.71) id 1Ti5rL-0004tU-GA for mharc-grub-devel@gnu.org; Mon, 10 Dec 2012 11:05:35 -0500 Received: from eggs.gnu.org ([208.118.235.92]:59226) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1Ti5r7-0004s9-Nl for grub-devel@gnu.org; Mon, 10 Dec 2012 11:05:33 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1Ti5r1-0004Rr-Ll for grub-devel@gnu.org; Mon, 10 Dec 2012 11:05:21 -0500 Received: from mail-bk0-f41.google.com ([209.85.214.41]:39433) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1Ti5r1-0004RH-Bl for grub-devel@gnu.org; Mon, 10 Dec 2012 11:05:15 -0500 Received: by mail-bk0-f41.google.com with SMTP id jg9so1288081bkc.0 for ; Mon, 10 Dec 2012 08:05:14 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:user-agent:mime-version:to:subject:references :in-reply-to:x-enigmail-version:content-type; bh=HqNU5SIhLsjMGT3lW6Ihl12kKSCe9x9J+cIZS69eoc8=; b=CZEPCZ1HiKfch9cxG+0x6NSLdqm9H1r/w3Jh0T77Sq3FNOuAMtRHeznx6A8/PjJSP+ g4KJxlfz3hsEpVVEJ80mQ+CAwG6atrTxDsNsl/B+EPFwBuMlz43hhE83305ImQGC+kfT 0xRTQcgk5rUZ25EnvdtonUzaaT3nZFz0IFx6xD6ZgW5kXCcdwK9j93+YK5wF1T1xaFzx J4ov57hU9Vk+ogLy4mj8LmeUFhCHaaZAjEdA0IEnT1qjpkEzeKVON7ANg5m5JzVBoGTq moPTFlDcWnJHjUpvzvCf5iva0HW89p2LfmkyXNl6n5tlA10SPLIeqSFsiyURmeSO2xB1 isVg== Received: by 10.204.147.132 with SMTP id l4mr4755815bkv.20.1355155514232; Mon, 10 Dec 2012 08:05:14 -0800 (PST) Received: from debian.x201.phnet (125-234.197-178.cust.bluewin.ch. [178.197.234.125]) by mx.google.com with ESMTPS id o7sm14578555bkv.13.2012.12.10.08.05.11 (version=TLSv1/SSLv3 cipher=OTHER); Mon, 10 Dec 2012 08:05:12 -0800 (PST) Message-ID: <50C60833.4080807@gmail.com> Date: Mon, 10 Dec 2012 17:05:07 +0100 From: =?UTF-8?B?VmxhZGltaXIgJ8+GLWNvZGVyL3BoY29kZXInIFNlcmJpbmVua28=?= User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:10.0.11) Gecko/20121122 Icedove/10.0.11 MIME-Version: 1.0 To: grub-devel@gnu.org Subject: Re: hdparm Security Unlock References: <74D77075-2601-41CF-A2BA-E1305F751A42@physcip.uni-stuttgart.de> In-Reply-To: <74D77075-2601-41CF-A2BA-E1305F751A42@physcip.uni-stuttgart.de> X-Enigmail-Version: 1.4.1 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="------------enigA3BA3A206A699E90F4ED9981" X-detected-operating-system: by eggs.gnu.org: GNU/Linux 3.x [fuzzy] X-Received-From: 209.85.214.41 X-BeenThere: grub-devel@gnu.org X-Mailman-Version: 2.1.14 Precedence: list Reply-To: The development of GNU GRUB List-Id: The development of GNU GRUB List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 10 Dec 2012 16:05:33 -0000 This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enigA3BA3A206A699E90F4ED9981 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable On 07.10.2012 16:54, Michael Kuron wrote: > Is there a reason why hdparm.mod does not currently support issuing the= ATA SECURITY UNLOCK command to a hard drive? >=20 > Looking at hdparm.c, the only change required would be adding write sup= port to grub_hdparm_do_ata_cmd() by doing the following. Write support is= already present in grub_ahci_readwrite_real() and grub_pata_readwrite().= >=20 It's "patches are welcome" situation > @@ -66,7 +66,7 @@ > static grub_err_t > grub_hdparm_do_ata_cmd (grub_ata_t ata, grub_uint8_t cmd, > grub_uint8_t features, grub_uint8_t sectors, > - void * buffer, int size) > + void * buffer, int size, int write =3D 0) > { We don't use "default" arguments. > struct grub_disk_ata_pass_through_parms apt; > grub_memset (&apt, 0, sizeof (apt)); > @@ -78,6 +78,7 @@ > =20 > apt.buffer =3D buffer; > apt.size =3D size; > + apt.write =3D write; > =20 > if (ata->dev->readwrite (ata, &apt, 0)) > return grub_errno; >=20 > With that change, doing a Security Unlock should be possible using >=20 > #define GRUB_ATA_CMD_SECURITY_UNLOCK 0xf2 > grub_uint16_t buf[256]; > strncpy(buf+1, "Password", 32); > grub_hdparm_do_ata_cmd (ata, GRUB_ATA_CMD_SECURITY_UNLOCK, 0, 1, buf, s= izeof (buf)); We don't have strncpy, only grub_strncpy and where does 32 comes from? >=20 > According to the ATA command specification, buf is 512 bytes long. The = first byte is set to 0x00 when using the user password and 0x01 when usin= g the master password. The second byte is ignored, and starting from the = third byte we have the password string which has a length of 32 character= s. According to the spec, the sector field is ignored; however the Linux= tool hdparm sets it to 1, so that's what I did above. >=20 > The Linux tool hdparm uses the command-line argument --security-unlock = PWD (it doesn't have a single-letter shorthand form), so maybe we could u= se that here too (assuming the stuff above does actually work). >=20 Command line agument is possible but you also need a possibility to enter the password from keyboard, necessarry functions are already in crypto.mod. To avoid hdparm depending on crypto.mod it's good to have a separate command for unlocking, not part of hdparm. > Regards, > Michael >=20 >=20 > _______________________________________________ > Grub-devel mailing list > Grub-devel@gnu.org > https://lists.gnu.org/mailman/listinfo/grub-devel >=20 --=20 Regards Vladimir '=CF=86-coder/phcoder' Serbinenko --------------enigA3BA3A206A699E90F4ED9981 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iF4EAREKAAYFAlDGCDMACgkQNak7dOguQgkrXgEAskTArZkytTRFEdHyIAdjvgF8 R03HPQYulDCd8mplZtAA/i0tb6ER4vmApkl3FTtVW1x3AW3I8PeE6PiMgqtNAa3c =9yui -----END PGP SIGNATURE----- --------------enigA3BA3A206A699E90F4ED9981--