Does the linux kernel contain support for ATA Security feature set?

public inbox for linux-kernel@vger.kernel.org
 help / color / mirror / Atom feed

* Does the linux kernel contain support for ATA Security feature set?
@ 2009-04-16 23:49 Robert Nicholson
  2009-04-17  0:46 ` Matthew Garrett
  2009-04-17  9:29 ` Alan Cox
  0 siblings, 2 replies; 7+ messages in thread
From: Robert Nicholson @ 2009-04-16 23:49 UTC (permalink / raw)
  To: linux-kernel

So, I've got an X-25M that I want to securely erase and it turns out  
on a Mac I'm not going to be able to issue the command because it  
doesn't support legacy IDE mode from what I understand. So the idea of  
a any boot CD that I could boot and run a program that can issue a  
SECURE_ERASE (SE) to the drive is only applicable to PC's.

So does the Linux kernel support the ATA security set then? or does  
it, like OSX have protective measures to stop abuse of those features.

^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: Does the linux kernel contain support for ATA Security feature set?
  2009-04-16 23:49 Does the linux kernel contain support for ATA Security feature set? Robert Nicholson
@ 2009-04-17  0:46 ` Matthew Garrett
  2009-04-17  0:50   ` Robert Nicholson
  2009-04-17  9:29 ` Alan Cox
  1 sibling, 1 reply; 7+ messages in thread
From: Matthew Garrett @ 2009-04-17  0:46 UTC (permalink / raw)
  To: Robert Nicholson; +Cc: linux-kernel

On Thu, Apr 16, 2009 at 06:49:59PM -0500, Robert Nicholson wrote:
> So, I've got an X-25M that I want to securely erase and it turns out  
> on a Mac I'm not going to be able to issue the command because it  
> doesn't support legacy IDE mode from what I understand. So the idea of  
> a any boot CD that I could boot and run a program that can issue a  
> SECURE_ERASE (SE) to the drive is only applicable to PC's.

Why is the lack of legacy IDE an issue? hdparm works fine with SATA 
setups.
-- 
Matthew Garrett | mjg59@srcf.ucam.org

^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: Does the linux kernel contain support for ATA Security feature set?
  2009-04-17  0:46 ` Matthew Garrett
@ 2009-04-17  0:50   ` Robert Nicholson
  2009-04-17  0:55     ` Matthew Garrett
  2009-04-19 19:32     ` Robert Nicholson
  0 siblings, 2 replies; 7+ messages in thread
From: Robert Nicholson @ 2009-04-17  0:50 UTC (permalink / raw)
  To: Matthew Garrett; +Cc: linux-kernel

So you're implying that it is possible to do a SECURE_ERASE using  
hdparm then.

I don't know why but HDDERASE tool requires legacy IDE mode.

On Apr 16, 2009, at 7:46 PM, Matthew Garrett wrote:

> On Thu, Apr 16, 2009 at 06:49:59PM -0500, Robert Nicholson wrote:
>> So, I've got an X-25M that I want to securely erase and it turns out
>> on a Mac I'm not going to be able to issue the command because it
>> doesn't support legacy IDE mode from what I understand. So the idea  
>> of
>> a any boot CD that I could boot and run a program that can issue a
>> SECURE_ERASE (SE) to the drive is only applicable to PC's.
>
> Why is the lack of legacy IDE an issue? hdparm works fine with SATA
> setups.
> -- 
> Matthew Garrett | mjg59@srcf.ucam.org


^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: Does the linux kernel contain support for ATA Security feature set?
  2009-04-17  0:50   ` Robert Nicholson
@ 2009-04-17  0:55     ` Matthew Garrett
  2009-04-19 19:32     ` Robert Nicholson
  1 sibling, 0 replies; 7+ messages in thread
From: Matthew Garrett @ 2009-04-17  0:55 UTC (permalink / raw)
  To: Robert Nicholson; +Cc: linux-kernel

On Thu, Apr 16, 2009 at 07:50:14PM -0500, Robert Nicholson wrote:
> So you're implying that it is possible to do a SECURE_ERASE using  
> hdparm then.

The manpage says so. I've never tried.

-- 
Matthew Garrett | mjg59@srcf.ucam.org

^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: Does the linux kernel contain support for ATA Security feature set?
  2009-04-16 23:49 Does the linux kernel contain support for ATA Security feature set? Robert Nicholson
  2009-04-17  0:46 ` Matthew Garrett
@ 2009-04-17  9:29 ` Alan Cox
  2009-04-17 16:37   ` Krzysztof Halasa
  1 sibling, 1 reply; 7+ messages in thread
From: Alan Cox @ 2009-04-17  9:29 UTC (permalink / raw)
  To: Robert Nicholson; +Cc: linux-kernel

> So does the Linux kernel support the ATA security set then? or does

It supports pass through of ATA commands: See man hdparm

> it, like OSX have protective measures to stop abuse of those features.

The kernel doesn't but your BIOS or in some distributions early boot
scripts may well issue a security freeze.

Alan

^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: Does the linux kernel contain support for ATA Security feature set?
  2009-04-17  9:29 ` Alan Cox
@ 2009-04-17 16:37   ` Krzysztof Halasa
  0 siblings, 0 replies; 7+ messages in thread
From: Krzysztof Halasa @ 2009-04-17 16:37 UTC (permalink / raw)
  To: Alan Cox; +Cc: Robert Nicholson, linux-kernel

Alan Cox <alan@lxorguk.ukuu.org.uk> writes:

>> it, like OSX have protective measures to stop abuse of those features.
>
> The kernel doesn't but your BIOS or in some distributions early boot
> scripts may well issue a security freeze.

A hot-plugged disk should not be affected then.
Not very safe with IDE/PATA, at least in theory.
-- 
Krzysztof Halasa

^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: Does the linux kernel contain support for ATA Security feature set?
  2009-04-17  0:50   ` Robert Nicholson
  2009-04-17  0:55     ` Matthew Garrett
@ 2009-04-19 19:32     ` Robert Nicholson
  1 sibling, 0 replies; 7+ messages in thread
From: Robert Nicholson @ 2009-04-19 19:32 UTC (permalink / raw)
  To: linux-kernel

So when I do a hdparm --security-set-pass NULL /dev/sda

I get a

SECURITY_ERASE: Input/output error

This is with a kernel that doesn't have CONFIG_IDE_TASK_IOCTL=y defined

I'm also told that for SATA drives that's not necessary anyway. Is  
that correct?

What should the response be for hdparm if CONFIG_IDE_TASK_IOCTL isn't  
defined for a drive that needs it?

The drive is an Intel X-25M

HDDERASE won't work since I'm on a Mac.

I don't want to create a customized lived CD witth a new kernel unless  
it's necessary.

On Apr 16, 2009, at 7:50 PM, Robert Nicholson wrote:

> So you're implying that it is possible to do a SECURE_ERASE using  
> hdparm then.
>
> I don't know why but HDDERASE tool requires legacy IDE mode.
>
> On Apr 16, 2009, at 7:46 PM, Matthew Garrett wrote:
>
>> On Thu, Apr 16, 2009 at 06:49:59PM -0500, Robert Nicholson wrote:
>>> So, I've got an X-25M that I want to securely erase and it turns out
>>> on a Mac I'm not going to be able to issue the command because it
>>> doesn't support legacy IDE mode from what I understand. So the  
>>> idea of
>>> a any boot CD that I could boot and run a program that can issue a
>>> SECURE_ERASE (SE) to the drive is only applicable to PC's.
>>
>> Why is the lack of legacy IDE an issue? hdparm works fine with SATA
>> setups.
>> -- 
>> Matthew Garrett | mjg59@srcf.ucam.org
>


^ permalink raw reply	[flat|nested] 7+ messages in thread

end of thread, other threads:[~2009-04-19 19:32 UTC | newest]

Thread overview: 7+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2009-04-16 23:49 Does the linux kernel contain support for ATA Security feature set? Robert Nicholson
2009-04-17  0:46 ` Matthew Garrett
2009-04-17  0:50   ` Robert Nicholson
2009-04-17  0:55     ` Matthew Garrett
2009-04-19 19:32     ` Robert Nicholson
2009-04-17  9:29 ` Alan Cox
2009-04-17 16:37   ` Krzysztof Halasa

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox