[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

HDD password protection accidentally activated on kernel start?


I have a big problem and want to avoid it happing again:

I tried to shutdown my JVC MP-XP7210 (Pentium III CPU) notebook via gdm
but the PC restarted (happened already sometimes in the past). To avoid a
long delay I just pressed the power button for 3 seconds and it turned off
still during kernel loading (maybe init was already active for a very short
time, not sure). (This way I tried to avoid file system errors, I wouldn't
do this once the partitions are already mounted.)

Once I restarted my notebook the BIOS asks me for a HDD password which I
never set! What a mess! I'm unable to bypass it, cannot even enter the BIOS
to select another boot sequence ... [1]

Now the question: Does the kernel (or a user space tool such as hdparm
started in the early boot process) activate temporarily HDD Passwords
(a ATA feature), maybe just to probe the system?
Is it possible to avoid that my problem occurs again?

Probably it is even during kernel initialisation not a good idea to restart,
is there a way for the kernel to cleanly shutdown the harddisk once I press
the power button? (AFAIK it triggers an ACPI event which isn't listened as
the corresponding daemon is not yet started.) Shouldn't the kernel listen to
such events at this time to avoid such trouble?

According to http://www.heise.de/ct/english/05/08/172/ the ATA command
"Security Freeze Lock" could/should be used to avoid setting a password.
Maybe it is a good idea to call this early by the kernel if the disk is not
protected (to avoid attackers setting this, but even the root user should
not be able to set a password via software since the BIOS could not accept
it during start up (a different password encoding is sometimes used????).

[1]: Remark: The HDD password is written directly on disk and only the HDD
firmware can access this area (where also SMART logs are saved, ...).
Clearing the CMOS will (probably) not work. Even harddisk vendors claim to
be not able to bypass this protection. Until the password is entered most ATA
commands are blocked (accept Identify Drive, ...).

PS: I will try to find the Default Master Password for my Samsung drive
(a space " "?) and hope it was not yet changed too. Extenting hdparm to
send it should hopefully not very difficult. There is also a commercial
software (http://www.hdd-tools.com/products/rrs/) (which requires a
proprietary OS I do not own) which claims to be able to unlock the disk (by
replacing the HDD firmware temporarily???), so I may have luck restoring
my data ...

PS2: I'm not subcribed, please CC: me.


Reply to: