From: Jonas Diemer <diemer@gmx.de>
To: linux-kernel@vger.kernel.org
Subject: security issue: hard disk lock
Date: Mon, 4 Apr 2005 19:42:10 +0200
User-Agent: KMail/1.8
MIME-Version: 1.0
Content-Type: text/plain;
  charset="us-ascii"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Message-Id: <200504041942.10976.diemer@gmx.de>
Sender: linux-kernel-owner@vger.kernel.org
Content-Length: 1488
Lines: 35

Hello!

I don't know if you guys already know, there is a possible security risk with 
all modern desktop-pcs and ata hard drives. In short:

Modern ata drives can be locked by password. This lock could be set by a 
malicous software. This security feature can be frozen, so no programs can 
set a lock until the next reboot. Ususally, the BIOS should take care of 
locking the security feature, but most desktop BIOSes (unlike laptop BIOSes) 
fail to do so. Once a lock is set and the password is unknown, the drive is 
trash.

See http://www.heise.de/ct/english/05/08/172/ for more details.

In the above article, a patched hdparm is used to freeze the drive's security 
features. This can be used during boot to prevent programs from setting a 
password. However, a malicous program could infect the computer and install 
itself in the boot sequence prior to the execution of hdparm...

I figured there could be a kernel compiled-in option that will make the kernel 
lock all drives found during bootup. then, a malicous program would need to 
install a different kernel in order to harm the drive, which would be much 
more secure.

What do you think of this? 

Regards,
Jonas

PS: Please CC me in replies, I am not subscribed to the list.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/