hdparm Security Unlock

[Michael Kuron]

Is there a reason why hdparm.mod does not currently support issuing the ATA 
SECURITY UNLOCK command to a hard drive?

Looking at hdparm.c, the only change required would be adding write support to 
grub_hdparm_do_ata_cmd() by doing the following. Write support is already 
present in grub_ahci_readwrite_real() and grub_pata_readwrite().

@@ -66,7 +66,7 @@
 static grub_err_t
 grub_hdparm_do_ata_cmd (grub_ata_t ata, grub_uint8_t cmd,
                        grub_uint8_t features, grub_uint8_t sectors,
-                       void * buffer, int size)
+                       void * buffer, int size, int write = 0)
 {
   struct grub_disk_ata_pass_through_parms apt;
   grub_memset (&apt, 0, sizeof (apt));
@@ -78,6 +78,7 @@
 
   apt.buffer = buffer;
   apt.size = size;
+  apt.write = write;
 
   if (ata->dev->readwrite (ata, &apt, 0))
     return grub_errno;

With that change, doing a Security Unlock should be possible using

#define GRUB_ATA_CMD_SECURITY_UNLOCK 0xf2
grub_uint16_t buf[256];
strncpy(buf+1, "Password", 32);
grub_hdparm_do_ata_cmd (ata, GRUB_ATA_CMD_SECURITY_UNLOCK, 0, 1, buf, sizeof 
(buf));

According to the ATA command specification, buf is 512 bytes long. The first 
byte is set to 0x00 when using the user password and 0x01 when using the master 
password. The second byte is ignored, and starting from the third byte we have 
the password string which has a length of 32 characters. According to the spec, 
the sector field is ignored;  however the Linux tool hdparm sets it to 1, so 
that's what I did above.

The Linux tool hdparm uses the command-line argument --security-unlock PWD (it 
doesn't have a single-letter shorthand form), so maybe we could use that here 
too (assuming the stuff above does actually work).

Regards,
Michael