6th January 2009

ATA Security

I have done some work on FreeBSD atacontrol(8) to support the ATA Security command set used for locking ATA drives with passwords. The command set is interesting because it includes commands to wipe the disk including bad blocks which would otherwise not be accessible for wiping from the operating system. Another benefit is the ability to freeze the security configuration as part of the boot process in order to prevent malicous ATA drive lockout.

ATA Security adds commands to password protect a drive. Normally, ATA Security is handled by the BIOS and the security configuration is frozen before the OS is loaded. However, some BIOSes do not freeze the security configuration. In such cases, atacontrol can be used to issue security commands to a device, for instance to unlock a device, set a password, disable password protection, to wipe the device or just to freeze the security configuration as part of the OS initialization process.

usage: atacontrol security <device> <security-command>:
atacontrol security <device>
atacontrol security <device> freeze
atacontrol security <device> set master
atacontrol security <device> set user high|maximum
atacontrol security <device> unlock master|user
atacontrol security <device> disable master|user
atacontrol security <device> erase master|user [enhanced]

Back to FreeBSD Contributions.