summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJonathan Gray <jsg@cvs.openbsd.org>2005-08-27 14:14:49 +0000
committerJonathan Gray <jsg@cvs.openbsd.org>2005-08-27 14:14:49 +0000
commit33b4f5f5f5558003ba4a6493fcc8600d807f0869 (patch)
tree7a8f0952837ad831958ac1e0338f547b687c8bd5
parent85239c54fc1b8ea649d5f04292b1b135358b65ea (diff)
Use the ATA security FREEZE LOCK command on disks before
they are presented to the rest of the system to stop a password being set that could deny access to the disk. ok grange@ deraadt@
-rw-r--r--sys/dev/ata/wd.c21
1 files changed, 20 insertions, 1 deletions
diff --git a/sys/dev/ata/wd.c b/sys/dev/ata/wd.c
index 840f088b165..d29a9bb9b9c 100644
--- a/sys/dev/ata/wd.c
+++ b/sys/dev/ata/wd.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: wd.c,v 1.42 2005/05/15 18:09:29 grange Exp $ */
+/* $OpenBSD: wd.c,v 1.43 2005/08/27 14:14:48 jsg Exp $ */
/* $NetBSD: wd.c,v 1.193 1999/02/28 17:15:27 explorer Exp $ */
/*
@@ -262,6 +262,7 @@ wdattach(struct device *parent, struct device *self, void *aux)
{
struct wd_softc *wd = (void *)self;
struct ata_atapi_attach *aa_link= aux;
+ struct wdc_command wdc_c;
int i, blank;
char buf[41], c, *p, *q;
WDCDEBUG_PRINT(("wdattach\n"), DEBUG_FUNCS | DEBUG_PROBE);
@@ -359,6 +360,24 @@ wdattach(struct device *parent, struct device *self, void *aux)
WDCDEBUG_PRINT(("%s: atap_dmatiming_mimi=%d, atap_dmatiming_recom=%d\n",
self->dv_xname, wd->sc_params.atap_dmatiming_mimi,
wd->sc_params.atap_dmatiming_recom), DEBUG_PROBE);
+
+ /*
+ * FREEZE LOCK the drive so malicous users can't lock it on us.
+ * As there is no harm in issuing this to drives that don't
+ * support the security feature set we just send it, and don't
+ * bother checking if the drive sends a command abort to tell us it
+ * doesn't support it.
+ */
+ bzero(&wdc_c, sizeof(struct wdc_command));
+
+ wdc_c.r_command = WDCC_SEC_FREEZE_LOCK;
+ wdc_c.timeout = 1000;
+ wdc_c.flags = at_poll;
+ if (wdc_exec_command(wd->drvp, &wdc_c) != WDC_COMPLETE) {
+ printf("%s: freeze lock command didn't complete\n",
+ wd->sc_dev.dv_xname);
+ }
+
/*
* Initialize and attach the disk structure.
*/