admin 管理员组文章数量: 1184232
Instead of finding someone or something to shoot at I tried to test the locking mechanism.
I have experiemented with 3 hard disks, locked them and then unlocked them about a dozen times.
Haven't found a solution yet but can report the behaviour of it.
(1) To show both hard disks available
First as an example I started with two disks, sda for working and sdb is to be locked. I first became the root user (as Windows Admin) and showed the existence of the two disks by a Linux command "fdisk -l". I have colored the Linux commands in blue inside the boxes. The uncolored text are resposes by the Linux kernel, to assist reading Secondly I confirmed the sdb status by the command hdparm with the -I option. hdparm is the only command to lock and unlock the disk. (note: the display of "hdparm -I" has been truncated except showing the last relevant section)
At this stage the disk is not locked.
(2) To show how one disk is locked
I then locked the disk device sdb twice, first as the master ( m ) using a password " somebody " and then as the user ( u ) by password " anybody ". The above commands were accepted by Linux and so the disk has a record of both master and user passwords. The locking by the master does not lock the disk at all. The disk can only be locked if a password is set when the "user" switch is used. I then rebooted the PC.
(3) To show the results after a disk has been locked
After reboot the PC took longer to boot because an operating system found it hard to understand what is going on with a hard disk that cannot be read. I found a Linux kernel, Ubuntu 8.04, hanged but others just spent time displaying the error trying to read the disk.
The following 3 items of information confirmed the disk is indeed locked
(1) If an attempt is made to boot the locked disk the BIos would report
(2) If the disk is booted by Grub, which is a Linux boot loader capable of booting any installed PC system, it reported
If the disk does not exist the normal error in Grub is "Error 21 : Selected disk does not exist". Here the disk was not displayed I knew it was there and could ask Grub to show its geometry by command "geometry (hd0)", hence the error reported.
(3) In an operational operating system the disk is simply not reported.
I now booted a Linux (Open Suse) in sda disk (which has XP, Vista and 10 Linux distros) and the response of command "fdisk -l" confirmed the disk sdb wasn't there. It is noteworthy to point out although the device sdb was not reported yet the Linux kernel knew it was there and the command hdparm could find the relevant disk information and reported that it was indeed locked as shown by the last section of the display above.
The locked disk is not available at the software level but there seems to be a limited access from the hardware level. It did not respond to the dd command with which I could possibly copy its MBR or any sector out to have a look. To the operating system itself the disk simply does not exist.
Since a raw disk, directly off a new purchase, would still respond to command "fdisk -l" the evidence would suggest the locking mechanism could possibly be part of the controller physically attached to the hard disk by a function inhibitating the disk to be read sensibly, judging from the amount of errors a Linux kernel reports when detecting the locked disk.
(4) To show how a hard is unlocked (requiring the knowledge of the password)
To unlock it I just use the hdparm command again with the "--security--disable" switch and the master-password " somebody " The Linux then immediately reporting the disk was no longer locked if the "hdparm -I /dev/sdb" was issued Naturally it was showned up in "fdisk -l". (output not showed due to limitation of the post length)
The disk at this stage is not yet available from the Bios but will be operational after a reboot.
I have tried all the security switches of the hdparm command but did not find a way to overcome a locked hard disk unless I have a prior knowledge of either the user or master password.
However as I could unlocked the disk with an operating system this means I could possibly ask the same operating system to display the reserved password location of the hard disk and obtain the knowledge of the previous password, say just for the purpose of unlocking it. Unfortunately I am not experienced enough to do this yet and as a security measure there is almost nothing written on the subject.
For completeness I also post the help section relating to the --security switch of the hdparm command from Linux kernel. All the locking and unlocking activities involve the use of just one command hdparm and nothing else.
Explanation of the commands
The locking command
linux:/home/saikee # hdparm --user-master u --security-mode h --security-set-pass anybody /dev/sdb
The --user-master switch is to select u for user amd m for master. The disk can only be locked if " u " is selected for this switch. Type " m " doesn't lock the disk at all, it only set up a password inside the hard disk.
The --security-mode switch is to select h for high amd m for maximum. If m is selected the disk can only be re-used after being completely erased.
The --security-set-pass with the password followed is to lock the disk making it unavailable for use.
The password used is type " u " anybody while the device to be locked is /dev/sdb
The unlocking command
linux:/home/saikee # hdparm --user-master m --security-disable somebody /dev/sdb
Only the --security-disable with the appropriate password can unlock the disk. I purposely use a different password, previously established as the master password, to unlock the disk. The --security-unlock switch seems only to inhibit the disk from being locked in the first place. The feature disappears if the PC is booted.
I have experiemented with 3 hard disks, locked them and then unlocked them about a dozen times.
Haven't found a solution yet but can report the behaviour of it.
(1) To show both hard disks available
First as an example I started with two disks, sda for working and sdb is to be locked. I first became the root user (as Windows Admin) and showed the existence of the two disks by a Linux command "fdisk -l". I have colored the Linux commands in blue inside the boxes. The uncolored text are resposes by the Linux kernel, to assist reading Secondly I confirmed the sdb status by the command hdparm with the -I option. hdparm is the only command to lock and unlock the disk. (note: the display of "hdparm -I" has been truncated except showing the last relevant section)
At this stage the disk is not locked.
(2) To show how one disk is locked
I then locked the disk device sdb twice, first as the master ( m ) using a password " somebody " and then as the user ( u ) by password " anybody ". The above commands were accepted by Linux and so the disk has a record of both master and user passwords. The locking by the master does not lock the disk at all. The disk can only be locked if a password is set when the "user" switch is used. I then rebooted the PC.
(3) To show the results after a disk has been locked
After reboot the PC took longer to boot because an operating system found it hard to understand what is going on with a hard disk that cannot be read. I found a Linux kernel, Ubuntu 8.04, hanged but others just spent time displaying the error trying to read the disk.
The following 3 items of information confirmed the disk is indeed locked
(1) If an attempt is made to boot the locked disk the BIos would report
(2) If the disk is booted by Grub, which is a Linux boot loader capable of booting any installed PC system, it reported
If the disk does not exist the normal error in Grub is "Error 21 : Selected disk does not exist". Here the disk was not displayed I knew it was there and could ask Grub to show its geometry by command "geometry (hd0)", hence the error reported.
(3) In an operational operating system the disk is simply not reported.
I now booted a Linux (Open Suse) in sda disk (which has XP, Vista and 10 Linux distros) and the response of command "fdisk -l" confirmed the disk sdb wasn't there. It is noteworthy to point out although the device sdb was not reported yet the Linux kernel knew it was there and the command hdparm could find the relevant disk information and reported that it was indeed locked as shown by the last section of the display above.
The locked disk is not available at the software level but there seems to be a limited access from the hardware level. It did not respond to the dd command with which I could possibly copy its MBR or any sector out to have a look. To the operating system itself the disk simply does not exist.
Since a raw disk, directly off a new purchase, would still respond to command "fdisk -l" the evidence would suggest the locking mechanism could possibly be part of the controller physically attached to the hard disk by a function inhibitating the disk to be read sensibly, judging from the amount of errors a Linux kernel reports when detecting the locked disk.
(4) To show how a hard is unlocked (requiring the knowledge of the password)
To unlock it I just use the hdparm command again with the "--security--disable" switch and the master-password " somebody " The Linux then immediately reporting the disk was no longer locked if the "hdparm -I /dev/sdb" was issued Naturally it was showned up in "fdisk -l". (output not showed due to limitation of the post length)
The disk at this stage is not yet available from the Bios but will be operational after a reboot.
I have tried all the security switches of the hdparm command but did not find a way to overcome a locked hard disk unless I have a prior knowledge of either the user or master password.
However as I could unlocked the disk with an operating system this means I could possibly ask the same operating system to display the reserved password location of the hard disk and obtain the knowledge of the previous password, say just for the purpose of unlocking it. Unfortunately I am not experienced enough to do this yet and as a security measure there is almost nothing written on the subject.
For completeness I also post the help section relating to the --security switch of the hdparm command from Linux kernel. All the locking and unlocking activities involve the use of just one command hdparm and nothing else.
Explanation of the commands
The locking command
linux:/home/saikee # hdparm --user-master u --security-mode h --security-set-pass anybody /dev/sdb
The --user-master switch is to select u for user amd m for master. The disk can only be locked if " u " is selected for this switch. Type " m " doesn't lock the disk at all, it only set up a password inside the hard disk.
The --security-mode switch is to select h for high amd m for maximum. If m is selected the disk can only be re-used after being completely erased.
The --security-set-pass with the password followed is to lock the disk making it unavailable for use.
The password used is type " u " anybody while the device to be locked is /dev/sdb
The unlocking command
linux:/home/saikee # hdparm --user-master m --security-disable somebody /dev/sdb
Only the --security-disable with the appropriate password can unlock the disk. I purposely use a different password, previously established as the master password, to unlock the disk. The --security-unlock switch seems only to inhibit the disk from being locked in the first place. The feature disappears if the PC is booted.
版权声明:本文标题:解锁Linux硬盘新技能:快速设置硬盘加密功能 内容由网友自发贡献,该文观点仅代表作者本人, 转载请联系作者并注明出处:http://www.roclinux.cn/p/1770652312a3536085.html, 本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌抄袭侵权/违法违规的内容,一经查实,本站将立刻删除。
发表评论