>> Note that this HPA is a good place to store a bootloader too, in fact
>> I like to think of it as the big floppy drive of the PC which no more
>> have any floppy drive: create a FAT filesystem of 64 Mbytes there and
>> copy all the floppy you used to have there. Your bootloader, if it
>> is good enough, will be able to run software from this area.
>
> If your bootloader if the first thing to run in the system, you can
> use & protect portion of your hardrive for yourself - just make sure you
> lock with set max with password when passing control to 'normal'
> OS/loader.
>
> Aleks.
When my bootloader is installed in an HPA protected partition
containning a filesystem (instead of a real primary or extended
partition), it is by default not only protecting the HPA by
password but also freeze it.
To run a trusted application which needs an unprotected IDE disk,
you need to have the application in the KGZ kernel form
(elf -> objdump -> gzip with the right IDE comment), see:
http://marc.theaimsgroup.com/?l=linux-kernel&m=112134577732513
And also uncheck the "ignore kernel IDE options" box in setup.
The problem is that you cannot really modify the disk size by
the IDE configuration command because BIOS react badly to disks
which change their number of LBA after boot, so the bootloader
cannot be really transparent. Moreover, if the bootloader is
completely hidden, people try to install multiple times the
bootloader when they just want to upgrade it - and it does not
work as intended.
The bootloader can still be configured to set the disk size
to the one declared in the MBR if needed and if the IDE disk
is currently able to modify its own number of LBA. Same for HPA,
if it finds the HPA frozzen - maybe because it has chainloaded
itself - it will not try to modify the HPA.
Note that the frozzen state I am speaking of here have nothing
to do with the "IDE security freeze" command needed before running
any OS to protect against disk2brick/blankdisk viruses.
Etienne.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[Index of Archives]
[Kernel Newbies]
[Netfilter]
[Bugtraq]
[Photo]
[Gimp]
[Yosemite News]
[MIPS Linux]
[ARM Linux]
[Linux Security]
[Linux RAID]
[Video 4 Linux]
[Linux for the blind]
|
|