Z170 OC Formula **SECURITY FLAW** |
Post Reply | Page 123> |
Author | ||||
someguy
Newbie Joined: 09 Dec 2016 Status: Offline Points: 11 |
Post Options
Thanks(0)
Posted: 09 Dec 2016 at 5:10pm |
|||
I have found the following security issue in the Z170 Formula OC and
the Z77 Extreme 4. After enabling the ATA Password on TWO DIFFERENT
BRANDS OF SSDs, the Master passwords reset after restart to default. I
would like to see Asrock fix this immediately. This renders the ATA
password and Self Encrypting Drive (SED) functionality of the SSDs
useless.
Edited by someguy - 09 Dec 2016 at 5:11pm |
||||
Xaltar
Moderator Group Joined: 16 May 2015 Location: Europe Status: Offline Points: 24758 |
Post Options
Thanks(0)
|
|||
Please contact tech support directly with this issue and thank you for reporting it
|
||||
|
||||
someguy
Newbie Joined: 09 Dec 2016 Status: Offline Points: 11 |
Post Options
Thanks(0)
|
|||
Xaltar
Moderator Group Joined: 16 May 2015 Location: Europe Status: Offline Points: 24758 |
Post Options
Thanks(0)
|
|||
http://www.asrock.com/support/index.us.asp
Copy paste link. Edited by Xaltar - 09 Dec 2016 at 10:50pm |
||||
|
||||
parsec
Moderator Group Joined: 04 May 2015 Location: USA Status: Offline Points: 4996 |
Post Options
Thanks(0)
|
|||
That would be here: http://event.asrock.com/tsd.asp I'm curious, I'm surprised, if this is correct, an ATA password option exists in the UEFI/BIOS as an option. ASRock has not had that option available for a while now. I'm also curious which SSDs you are using that you set the password on. |
||||
someguy
Newbie Joined: 09 Dec 2016 Status: Offline Points: 11 |
Post Options
Thanks(0)
|
|||
Intel and Micron. This is a huge security oversight and must be fixed immediately. Edited by someguy - 09 Dec 2016 at 11:04pm |
||||
parsec
Moderator Group Joined: 04 May 2015 Location: USA Status: Offline Points: 4996 |
Post Options
Thanks(0)
|
|||
Actually, you have a problem here. There is a reason for this situation. When you said, "... the Master passwords reset after restart to default", you mean a clearing of the UEFI/BIOS? Regardless, support for the ATA password requires support in the UEFI/BIOS. That is, the ATA master password is set in the UEFI/BIOS itself. As you know, that option does not exist in either board's UEFI. That's why the password is reset, or really simply cleared. Unfortunately, this option is not included in the UEFI because of the number of users that forget their passwords, causing their drives to be unusable. Requests from users to clear the password in that situation becomes a problem, due to the potential of the drives or PC being stolen, or someone trying to break into a PC. Mother board and drive manufactures find themselves in this situation all to often. Regrettably, a way to prevent this is to simply not support the ATA password function. Yes, you are being dragged down by the stupidity of others, but forgotten passwords became such a huge issue that the decision was made long ago to remove this option from the UEFI of all ASRock boards. That means this "issue" will not be generally fixed on your or any ASRock boards. Given that, it might be possible for ASRock to provide a custom UEFI/BIOS version for your boards, that adds the ATA password option. At one time, I tested a UEFI on a different ASRock board, that had the ATA password option, which worked fine. That UEFI version was not made generally available. You will need to explain this to ASRock support, and we will try to help you with this. Of course any other UEFI/BIOS updates for your boards would require another custom version. I'm sorry about this, and I hope you can understand the overall situation. I personally cannot guarantee you will be able to get custom UEFI versions. |
||||
someguy
Newbie Joined: 09 Dec 2016 Status: Offline Points: 11 |
Post Options
Thanks(0)
|
|||
On the Z170 OC Formula the ATA Security Function can be accessed by: 1.Press Del or F2 when system is started to enter BIOS. 2.Press <Ctrl><Shift><F3> and press F10 to save and exit. 3.The ATA password will be available at BIS, Security. Also, when I said that the "Master Password clears after restart" I meant that the Master password returns to default after the PC is restarted. This should not happen. The user password can be set in BIOS however the master password is set in Linux using HDPARM. |
||||
parsec
Moderator Group Joined: 04 May 2015 Location: USA Status: Offline Points: 4996 |
Post Options
Thanks(0)
|
|||
Now we know we are dealing with Linux. Might have helped to mention that from the start. The Ctrl Shift F3 key combination does nothing in my ASRock Z170 Extreme7+ board's UEFI. If that causes a security feature in Linux to become accessible, great, otherwise it does nothing with Windows. Or perhaps with your mystery Intel and Micron SSDs? The Master password you are referring to, is the ATA Master password, is that correct? Nothing you set in the UEFI, correct? The Admin and User passwords in the UEFI are there to prevent anyone from changing the UEFI option settings, once the Admin password is set. They are unrelated to the ATA password. I still say, until an ATA password option is added to the UEFI, it will be reset every time the PC is restarted. Or at least not clearing that data, if possible, is all you want. Why that data is cleared now is the question. Don't be surprised if ASRock support tells you Linux is not supported on your board. That may be your main problem getting this fixed. |
||||
wardog
Moderator Group Joined: 15 Jul 2015 Status: Offline Points: 6447 |
Post Options
Thanks(0)
|
|||
Anything set using HDPARM and related issues will be a linux OS issue as HDPARM is a linux cmd.
At the point HDPARM becomes available, the MB's BIOS has already handed of to the OS. |
||||
Post Reply | Page 123> |
Tweet
|
Forum Jump | Forum Permissions You cannot post new topics in this forum You cannot reply to topics in this forum You cannot delete your posts in this forum You cannot edit your posts in this forum You cannot create polls in this forum You cannot vote in polls in this forum |