From owner-freebsd-fs@FreeBSD.ORG Sat Aug 6 00:54:17 2011 Return-Path: Delivered-To: freebsd-fs@FreeBSD.ORG Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id BD1B61065740 for ; Sat, 6 Aug 2011 00:54:17 +0000 (UTC) (envelope-from prvs=11992d5f15=killing@multiplay.co.uk) Received: from mail1.multiplay.co.uk (mail1.multiplay.co.uk [85.236.96.23]) by mx1.freebsd.org (Postfix) with ESMTP id 2C2D08FC1D for ; Sat, 6 Aug 2011 00:54:16 +0000 (UTC) X-MDAV-Processed: mail1.multiplay.co.uk, Sat, 06 Aug 2011 01:43:38 +0100 X-Spam-Processed: mail1.multiplay.co.uk, Sat, 06 Aug 2011 01:43:37 +0100 X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on mail1.multiplay.co.uk X-Spam-Level: X-Spam-Status: No, score=-5.0 required=6.0 tests=USER_IN_WHITELIST shortcircuit=ham autolearn=disabled version=3.2.5 Received: from r2d2 ([188.220.16.49]) by mail1.multiplay.co.uk (mail1.multiplay.co.uk [85.236.96.23]) (MDaemon PRO v10.0.4) with ESMTP id md50014484356.msg for ; Sat, 06 Aug 2011 01:43:36 +0100 X-MDRemoteIP: 188.220.16.49 X-Return-Path: prvs=11992d5f15=killing@multiplay.co.uk X-Envelope-From: killing@multiplay.co.uk X-MDaemon-Deliver-To: freebsd-fs@FreeBSD.ORG Message-ID: From: "Steven Hartland" To: "Jeremy Chadwick" References: <13BEC27B17D24D0CBF2E6A98FD3227F3@multiplay.co.uk> <20110728012437.GA23430@icarus.home.lan> <20110728103234.GA33275@icarus.home.lan> <20110728145917.GA37805@icarus.home.lan> <2A07CD8AE6AE49A5BAED59A7E547D1F9@multiplay.co.uk> <2D117F9F212A4CCBA6B7F51E8705BDB7@multiplay.co.uk> <20110805033001.GA47366@icarus.home.lan> <20110805044725.GA48395@icarus.home.lan> Date: Sat, 6 Aug 2011 01:44:02 +0100 MIME-Version: 1.0 Content-Type: text/plain; format=flowed; charset="iso-8859-1"; reply-type=original Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2900.5931 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.6109 Cc: freebsd-fs@FreeBSD.ORG Subject: Re: Questions about erasing an ssd to restore performance under FreeBSD X-BeenThere: freebsd-fs@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Filesystems List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 06 Aug 2011 00:54:17 -0000 ----- Original Message ----- From: "Jeremy Chadwick" > I've cleaned up the patch (removed the half-written usage stuff) and > made it available. > > http://jdc.parodius.com/freebsd/camcontrol_ata_security/ > > If this is committed to base the #define ATA_SECURITY_* entries should > be moved into include/sys/ata.h. > > Steve, if you want to put up your patch somewhere I can review it, but > an official review from someone more familiar with CAM (e.g. mav@) would > be best. > > I'm also not sure how you implemented all the features, > UI-wise (command-line-argument-wise). This is what I came up with, from > my internal docs, with comparative syntax in Linux hdparm: > > NOTE: Should try to avoid using -C, -E, -n, -t, -u, or -v > > camcontrol security -U -p PWD == unlock (--security-unlock PWD) > camcontrol security -S -p PWD == set password (--security-set-pass PWD) > camcontrol security -D -p PWD == disable (--security-disable PWD) > camcontrol security -X -p PWD == erase (--security-erase PWD) > camcontrol security -Z -p PWD == enhanced erase (--security-erase-enhanced PWD) > camcontrol security -i TYPE ... == {user,master} (--user-master USER) Yer I couldn't stand using meaningless short options so added long arg support. The current version of my patch can be found here:- http://blog.multiplay.co.uk/dropzone/freebsd/ata_security_cam.patch If you can find some time to review it Jeremy that would great. I think its all pretty straight forward, the only confusing part of the diff is that I split ataidentify into 3 pieces, ataidentify and the helpers ata_do_idenfity and ata_cam_send to avoid swathes of code duplication. Some more details and usage examples and caveats can be found here:- http://blog.multiplay.co.uk/2011/08/freebsd-security-support-for-ata-devices-via-camcontrol/ I've updated the code as well as the man pages so everything should be good. I've not tested all of the various combinations totally yet, but have tested all the big ones inc secure erase, set pass, set level, set user & disable. It should be noted that this requires disks attached to an ATA controller e.g. ahci as ATA commands don't appear to pass through other controllers e.g. mpt even with ATA disks underneath. I'd be interested to here from anyone who has an info on getting this to work as well. Much credit to Daniel Roethlisberger for his work which was the basis of this code. This can be found here:- http://www.roe.ch/ATA_Security http://www.freebsd.org/cgi/query-pr.cgi?pr=bin/127918 Regards Steve ================================================ This e.mail is private and confidential between Multiplay (UK) Ltd. and the person or entity to whom it is addressed. In the event of misdirection, the recipient is prohibited from using, copying, printing or otherwise disseminating it or any information contained in it. In the event of misdirection, illegible or incomplete transmission please telephone +44 845 868 1337 or return the E.mail to postmaster@multiplay.co.uk.