security issue: hard disk lock

[Jonas Diemer]

Hello!

I don't know if you guys already know, there is a possible security risk with 
all modern desktop-pcs and ata hard drives. In short:

Modern ata drives can be locked by password. This lock could be set by a 
malicous software. This security feature can be frozen, so no programs can 
set a lock until the next reboot. Ususally, the BIOS should take care of 
locking the security feature, but most desktop BIOSes (unlike laptop BIOSes) 
fail to do so. Once a lock is set and the password is unknown, the drive is 
trash.

See http://www.heise.de/ct/english/05/08/172/ for more details.

In the above article, a patched hdparm is used to freeze the drive's security 
features. This can be used during boot to prevent programs from setting a 
password. However, a malicous program could infect the computer and install 
itself in the boot sequence prior to the execution of hdparm...

I figured there could be a kernel compiled-in option that will make the kernel 
lock all drives found during bootup. then, a malicous program would need to 
install a different kernel in order to harm the drive, which would be much 
more secure.

What do you think of this? 

Regards,
Jonas

PS: Please CC me in replies, I am not subscribed to the list.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/