Menu

#14 Add ability to specify non-ASCII security passwords

open
nobody
None
5
2019-07-25
2012-05-06
Mark K
No

For the ATA security feature, currently it isn't possible to specify passwords which contain non-ASCII characters.

To improve that, it would be good if hdparm could be told to read the (binary) password from a file, and/or allow the user to give binary passwords on the command line (in hexadecimal).

Discussion

  • Mark K

    Mark K - 2012-05-25

    Patch to add ability to specify security password from file for hdparm 9.39

     
    security_file_diff.txt

  • Mark K

    Mark K - 2012-05-25

    Attached is a patch to implement new security options, where hdparm can be told to read the password from a file. For example:
    hdparm --security-unlock-from-file filename /dev/sg1
    hdparm --security-set-pass-from-file filename /dev/sg1
    ... etc.

    hdparm will read the first 32 bytes from the specified file and use that as the password. If fewer than 32 bytes can be read, the remaining password bytes will be set to 0.

    The patch could definitely do with some tidying up, and I haven't tested it significantly. But hopefully this will be useful to anyone who needs to lock/unlock disks with non-printable/binary passwords.

     

  • Michal Zatloukal

    Michal Zatloukal - 2019-07-24

    Sad to see no activity on this. Got stuck trying to enter password with leading null chars.

     

    • Deltik

      Deltik - 2019-07-25

      Good news! hdparm version 9.46 (released on 2015-06-14) added support for binary security passwords by accepting the input in the form of a hex string. This also includes support for left-padded null bytes.

      Usage example:

      hdparm --user-master u --security-set-pass hex:8e0580838985672bc6c3c12a9cefd52a446390e7000000000000000000000000 /dev/sdc

      (Note that the password shown in the output of the command will be garbage if the input is binary and be blank if your password begins with a null byte, so you can ignore that part of the output.)

      I would say that the actual implementation is cleaner than the patch proposed in this feature request, though the password is exposed in the cmdline.

       

      • Michal Zatloukal

        Michal Zatloukal - 2019-07-25

        Hey, thanks. Was this documented anywhere? My first thought was that the manual on linux.die.net was out of date (was doing this from clonezilla), but even the one from hdparm 9.51 on my jessie system doesn't mention it.

         

        • Deltik

          Deltik - 2019-07-25

          This is not documented in the man page. I was scouring the source code at first, which led me to a variable called binary_passwd. Then I looked for when this was introduced. Turns out the feature is documented in the changelog file, Changelog.

          A partial copy of the changelog for that version is also in the project news: https://sourceforge.net/p/hdparm/news/2015/06/hdparm-946-released/

          hdparm-9.46:
    …
    - added "hex:aabbcc.." for binary security passwords.
           

Log in to post a comment.