« Previous 1 2
Using the ATA security features of modern hard disks and SSDs
In the Vault
The Master Password: Caution!
So far, I have not talked about the master password. In the previous scenario, the master password can be used as a fallback if the user password is not known. The idea behind this design again originates in a corporate laptop scenario: The company's own IT department must at all times have access to the data, even if the users are no longer around.
Every hard disk is initially supplied with an undocumented master password. In the hdparm
output, you can see this from the details of the master password revision code, which refers to the currently valid master password as an identifier. The default value 65534 (hex $ FFFE) references the manufacturer-defined password. In other words, the HDD or SSD manufacturer has a way of resetting the security settings right from the outset. The initial master password is unknown to the user but can be overwritten by the first call of the SECURITY_SET_PASSWORD
command, this time using the --user-master m
switch:
# hdparm --user-master m --security-set-pass "UltraSecret" /dev/sdb security_password="UltraSecret" /dev/sdb: Issuing SECURITY_SET_PASS command, password="UltraSecret", user=master, mode=high
The Master Password Revision Code is then set to 1. If only a master password, but no user password, is set, no security features are active. The master password does not enter the game until these settings are enabled. All security settings can then be disabled either with the user or with master password using the SECURITY_DISABLE_PASSWORD
ATA command:
# hdparm --user-master [m|u] --security-disable "UltraSecret" /dev/sdb
In terms of ATA states, a transition from SEC5 to SEC1 occurs. Now you can assign a new user password.
The ATA standard specifies two different security levels that are defined when setting the user password. These levels also define the scope and capabilities of the master password: HIGH
and MAXIMUM
. HIGH
is the default (LOW
would mean no security features are enabled). All explanations so far have related to the HIGH
level. Set the MAXIMUM
security level as follows:
# hdparm --user-master u --security-mode m --security-set-passwd "Secret" /dev/sdb security_password = "Secret" /dev/sdb: Issuing SECURITY_SET_PASS command, password="Secret", user=user, mode=maximum
The hdparm
output reflects the new status (Listing 5). In this state, you can no longer unlock the device with the master password or directly disable the security features. If you do not know your user password, a transition from SEC5 to SEC1 requires a SECURITY_ERASE_UNIT
, which will restore the device to a usable, pristine state.
Listing 5
MAXIMUM Level
# hdparm -I /dev/sdb /dev/sdb: [...] Security: Master password revision code = 65534 supported enabled not locked not frozen not expired: security count supported: enhanced erase Security level maximum 4min for SECURITY ERASE UNIT. 2min for ENHANCED SECURITY ERASE UNIT. [...]
The idea is that admins should not be able to gain access to user data, which is fine if you want to configure your disk that way. Keep in mind that when the security level is set to MAXIMUM, you'll lose all user data if you forget the user password.
Summary
The security features of modern ATA drives offer useful protection against unauthorized data access, provided they are applied correctly. The concept behind ATA security come from the world of corporate notebooks, but these techniques are also applicable to desktop systems – although you might need to use scripts to automate steps that the notebook BIOS completes automatically.
It is important to remember, especially in a private or simple business environment, that the HIGH security level is usually sufficient, and that devices should definitely be frozen to give malware no chance of changing the security settings – whether security is enabled or not.
If you set the security level to MAXIMUM, loss of the user password is equivalent to loss of data, unless you are prepared to pay a data recovery specialist a large amount money to open the disk under cleanroom conditions and retrieve the data or read the memory cells of the SSD directly.
Secure deletion of USB hard disks or SSDs with hdparm
will generate error messages in many cases. It seems that many SATA-USB adapters block the use of the some ATA Security Commands or at least do not implement them cleanly.
Infos
- Hard Disk ATA Security: http://www.csnc.ch/misc/files/publications/harddisk_ata_security_v1.1-1.pdf
- ATA-8/ACS 3 standard draft revision 1b: http://nevar.pl/pliki/ATA8-ACS-3.pdf
« Previous 1 2