[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#390616: linux-image-2.6.18: Enable ATA-Security for Sid kernels

maximilian attems wrote:
severity 390616 wishlist
tags 390616 wontfix

no reason

On Mon, 02 Oct 2006, schorpp wrote:

tom1:/home/schorpp# hdlock

Issuing SECURITY_SET_PASS command, password="xxxxxx", user=master,
Problem issuing security command: Invalid argument
Error: 22
You need to configure your kernel with CONFIG_IDE_TASK_IOCTL.

(hdparm >= 6.3)

Pls enable CONFIG_IDE_TASK_IOCTL, it is stable since 2.6.16, thx.

i hardly believe that claim without massive testing,

see my early postings on the ide-dev list archive.

i will compile a vanilla kernel and prove it working fine instantly.
i have been locking and unlocking ata-(5)/6/7 hdd's with release vanilla kernels at least since february 2006 successfully and without kernel error messages.
You are out of sync.

unlocking locked drives with hdparm locked from that known and widely used proprietary ata-security bios extension/patch works, too, and vice versa:

what maybe is not working is unlocking from older ibm thinkpad bios locked
2,5" ide hd's and vice versa due to buggy MSB/LSB swapping of the password string in IBM bios. this is confirmed with latest T23 bios. since most newer motherboard bioses are freezing ata-security of drives attached to mainboard controllers pre boot theres no danger to lock accidently for most users, too, but this takes freedom.
aboves config option gave us lots of ide troubles before sarge

yes, but thats been a long time and we dont talk about sarge 2.6.8 kernels

also the IDE maintainer has not been active in the later
2.6 series,

why should he? this option was interesting to a few security people only, but it could be interesting to p2p file-sharerers which are threatend by police practice of erasing all discs they find without any court ruling. loop-aes wont protect here, but this feature can, because to police equipment the drives will appear as defective in locked state and will be returned ;)

so i don't believe your claim. (-ac did some work post
2.6.18) we consider enabling this postetch.

this is not about believe, it works and I want my freedom to protect my data using all available systems.

big NACK

think again,

Reply to: