From 33b4f5f5f5558003ba4a6493fcc8600d807f0869 Mon Sep 17 00:00:00 2001 From: Jonathan Gray Date: Sat, 27 Aug 2005 14:14:49 +0000 Subject: Use the ATA security FREEZE LOCK command on disks before they are presented to the rest of the system to stop a password being set that could deny access to the disk. ok grange@ deraadt@ --- sys/dev/ata/wd.c | 21 ++++++++++++++++++++- 1 file changed, 20 insertions(+), 1 deletion(-) (limited to 'sys/dev') diff --git a/sys/dev/ata/wd.c b/sys/dev/ata/wd.c index 840f088b165..d29a9bb9b9c 100644 --- a/sys/dev/ata/wd.c +++ b/sys/dev/ata/wd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: wd.c,v 1.42 2005/05/15 18:09:29 grange Exp $ */ +/* $OpenBSD: wd.c,v 1.43 2005/08/27 14:14:48 jsg Exp $ */ /* $NetBSD: wd.c,v 1.193 1999/02/28 17:15:27 explorer Exp $ */ /* @@ -262,6 +262,7 @@ wdattach(struct device *parent, struct device *self, void *aux) { struct wd_softc *wd = (void *)self; struct ata_atapi_attach *aa_link= aux; + struct wdc_command wdc_c; int i, blank; char buf[41], c, *p, *q; WDCDEBUG_PRINT(("wdattach\n"), DEBUG_FUNCS | DEBUG_PROBE); @@ -359,6 +360,24 @@ wdattach(struct device *parent, struct device *self, void *aux) WDCDEBUG_PRINT(("%s: atap_dmatiming_mimi=%d, atap_dmatiming_recom=%d\n", self->dv_xname, wd->sc_params.atap_dmatiming_mimi, wd->sc_params.atap_dmatiming_recom), DEBUG_PROBE); + + /* + * FREEZE LOCK the drive so malicous users can't lock it on us. + * As there is no harm in issuing this to drives that don't + * support the security feature set we just send it, and don't + * bother checking if the drive sends a command abort to tell us it + * doesn't support it. + */ + bzero(&wdc_c, sizeof(struct wdc_command)); + + wdc_c.r_command = WDCC_SEC_FREEZE_LOCK; + wdc_c.timeout = 1000; + wdc_c.flags = at_poll; + if (wdc_exec_command(wd->drvp, &wdc_c) != WDC_COMPLETE) { + printf("%s: freeze lock command didn't complete\n", + wd->sc_dev.dv_xname); + } + /* * Initialize and attach the disk structure. */ -- cgit v1.2.3