ASRock.com Homepage
Forum Home Forum Home > Technical Support > Intel Motherboards
  New Posts New Posts RSS Feed - Z170 OC Formula **SECURITY FLAW**
  FAQ FAQ  Forum Search Search  Events   Register Register  Login Login

Z170 OC Formula **SECURITY FLAW**

 Post Reply Post Reply Page  123>
Author
Message
someguy View Drop Down
Newbie
Newbie


Joined: 09 Dec 2016
Status: Offline
Points: 11
Post Options Post Options   Thanks (0) Thanks(0)   Quote someguy Quote  Post ReplyReply Direct Link To This Post Topic: Z170 OC Formula **SECURITY FLAW**
    Posted: 09 Dec 2016 at 5:10pm
I have found the following security issue in the Z170 Formula OC and the Z77 Extreme 4. After enabling the ATA Password on TWO DIFFERENT BRANDS OF SSDs, the Master passwords reset after restart to default. I would like to see Asrock fix this immediately. This renders the ATA password and Self Encrypting Drive (SED) functionality of the SSDs useless.

Edited by someguy - 09 Dec 2016 at 5:11pm
Back to Top
Xaltar View Drop Down
Moderator Group
Moderator Group
Avatar

Joined: 16 May 2015
Location: Europe
Status: Offline
Points: 24758
Post Options Post Options   Thanks (0) Thanks(0)   Quote Xaltar Quote  Post ReplyReply Direct Link To This Post Posted: 09 Dec 2016 at 5:50pm
Please contact tech support directly with this issue and thank you for reporting it Thumbs Up
Back to Top
someguy View Drop Down
Newbie
Newbie


Joined: 09 Dec 2016
Status: Offline
Points: 11
Post Options Post Options   Thanks (0) Thanks(0)   Quote someguy Quote  Post ReplyReply Direct Link To This Post Posted: 09 Dec 2016 at 10:07pm
How do I contact technical support directly?
Back to Top
Xaltar View Drop Down
Moderator Group
Moderator Group
Avatar

Joined: 16 May 2015
Location: Europe
Status: Offline
Points: 24758
Post Options Post Options   Thanks (0) Thanks(0)   Quote Xaltar Quote  Post ReplyReply Direct Link To This Post Posted: 09 Dec 2016 at 10:49pm
http://www.asrock.com/support/index.us.asp  

Copy paste link.


Edited by Xaltar - 09 Dec 2016 at 10:50pm
Back to Top
parsec View Drop Down
Moderator Group
Moderator Group
Avatar

Joined: 04 May 2015
Location: USA
Status: Offline
Points: 4996
Post Options Post Options   Thanks (0) Thanks(0)   Quote parsec Quote  Post ReplyReply Direct Link To This Post Posted: 09 Dec 2016 at 10:54pm
Originally posted by someguy someguy wrote:

How do I contact technical support directly?


That would be here: http://event.asrock.com/tsd.asp

I'm curious, I'm surprised, if this is correct, an ATA password option exists in the UEFI/BIOS as an option. ASRock has not had that option available for a while now.

I'm also curious which SSDs you are using that you set the password on.
Back to Top
someguy View Drop Down
Newbie
Newbie


Joined: 09 Dec 2016
Status: Offline
Points: 11
Post Options Post Options   Thanks (0) Thanks(0)   Quote someguy Quote  Post ReplyReply Direct Link To This Post Posted: 09 Dec 2016 at 11:04pm
Originally posted by parsec parsec wrote:

Originally posted by someguy someguy wrote:

How do I contact technical support directly?


That would be here: http://event.asrock.com/tsd.asp

I'm curious, I'm surprised, if this is correct, an ATA password option exists in the UEFI/BIOS as an option. ASRock has not had that option available for a while now.

I'm also curious which SSDs you are using that you set the password on.


Intel and Micron. This is a huge security oversight and must be fixed immediately.


Edited by someguy - 09 Dec 2016 at 11:04pm
Back to Top
parsec View Drop Down
Moderator Group
Moderator Group
Avatar

Joined: 04 May 2015
Location: USA
Status: Offline
Points: 4996
Post Options Post Options   Thanks (0) Thanks(0)   Quote parsec Quote  Post ReplyReply Direct Link To This Post Posted: 10 Dec 2016 at 12:23am
Originally posted by someguy someguy wrote:

Originally posted by parsec parsec wrote:

Originally posted by someguy someguy wrote:

How do I contact technical support directly?


That would be here: http://event.asrock.com/tsd.asp

I'm curious, I'm surprised, if this is correct, an ATA password option exists in the UEFI/BIOS as an option. ASRock has not had that option available for a while now.

I'm also curious which SSDs you are using that you set the password on.


Intel and Micron. This is a huge security oversight and must be fixed immediately.


Actually, you have a problem here. There is a reason for this situation.

When you said, "... the Master passwords reset after restart to default", you mean a clearing of the UEFI/BIOS?

Regardless, support for the ATA password requires support in the UEFI/BIOS. That is, the ATA master password is set in the UEFI/BIOS itself.

As you know, that option does not exist in either board's UEFI. That's why the password is reset, or really simply cleared.

Unfortunately, this option is not included in the UEFI because of the number of users that forget their passwords, causing their drives to be unusable. Requests from users to clear the  password in that situation becomes a problem, due to the potential of the drives or PC being stolen, or someone trying to break into a PC.

Mother board and drive manufactures find themselves in this situation all to often. Regrettably, a way to prevent this is to simply not support the ATA password function.

Yes, you are being dragged down by the stupidity of others, but forgotten passwords became such a huge issue that the decision was made long ago to remove this option from the UEFI of all ASRock boards. That means this "issue" will not be generally fixed on your or any ASRock boards.

Given that, it might be possible for ASRock to provide a custom UEFI/BIOS version for your boards, that adds the ATA password option. At one time, I tested a UEFI on a different ASRock board, that had the ATA password option, which worked fine. That UEFI version was not made generally available.

You will need to explain this to ASRock support, and we will try to help you with this. Of course any other UEFI/BIOS updates for your boards would require another custom version.

I'm sorry about this, and I hope you can understand the overall situation. I personally cannot guarantee you will be able to get custom UEFI versions.
Back to Top
someguy View Drop Down
Newbie
Newbie


Joined: 09 Dec 2016
Status: Offline
Points: 11
Post Options Post Options   Thanks (0) Thanks(0)   Quote someguy Quote  Post ReplyReply Direct Link To This Post Posted: 10 Dec 2016 at 8:12am
Originally posted by parsec parsec wrote:

Originally posted by someguy someguy wrote:

Originally posted by parsec parsec wrote:

Originally posted by someguy someguy wrote:

How do I contact technical support directly?


That would be here: http://event.asrock.com/tsd.asp

I'm curious, I'm surprised, if this is correct, an ATA password option exists in the UEFI/BIOS as an option. ASRock has not had that option available for a while now.

I'm also curious which SSDs you are using that you set the password on.


Intel and Micron. This is a huge security oversight and must be fixed immediately.


Actually, you have a problem here. There is a reason for this situation.

When you said, "... the Master passwords reset after restart to default", you mean a clearing of the UEFI/BIOS?

Regardless, support for the ATA password requires support in the UEFI/BIOS. That is, the ATA master password is set in the UEFI/BIOS itself.

As you know, that option does not exist in either board's UEFI. That's why the password is reset, or really simply cleared.

Unfortunately, this option is not included in the UEFI because of the number of users that forget their passwords, causing their drives to be unusable. Requests from users to clear the  password in that situation becomes a problem, due to the potential of the drives or PC being stolen, or someone trying to break into a PC.

Mother board and drive manufactures find themselves in this situation all to often. Regrettably, a way to prevent this is to simply not support the ATA password function.

Yes, you are being dragged down by the stupidity of others, but forgotten passwords became such a huge issue that the decision was made long ago to remove this option from the UEFI of all ASRock boards. That means this "issue" will not be generally fixed on your or any ASRock boards.

Given that, it might be possible for ASRock to provide a custom UEFI/BIOS version for your boards, that adds the ATA password option. At one time, I tested a UEFI on a different ASRock board, that had the ATA password option, which worked fine. That UEFI version was not made generally available.

You will need to explain this to ASRock support, and we will try to help you with this. Of course any other UEFI/BIOS updates for your boards would require another custom version.

I'm sorry about this, and I hope you can understand the overall situation. I personally cannot guarantee you will be able to get custom UEFI versions.


On the Z170 OC Formula the ATA Security Function can be accessed by:

1.Press Del or F2 when system is started to enter BIOS.

2.Press <Ctrl><Shift><F3> and press F10 to save and exit.

3.The ATA password will be available at BIS, Security.


Also, when I said that the "Master Password clears after restart" I meant that the Master password returns to default after the PC is restarted. This should not happen. The user password can be set in BIOS however the master password is set in Linux using HDPARM.


Back to Top
parsec View Drop Down
Moderator Group
Moderator Group
Avatar

Joined: 04 May 2015
Location: USA
Status: Offline
Points: 4996
Post Options Post Options   Thanks (0) Thanks(0)   Quote parsec Quote  Post ReplyReply Direct Link To This Post Posted: 10 Dec 2016 at 10:34am
Originally posted by someguy someguy wrote:



On the Z170 OC Formula the ATA Security Function can be accessed by:

1.Press Del or F2 when system is started to enter BIOS.

2.Press <Ctrl><Shift><F3> and press F10 to save and exit.

3.The ATA password will be available at BIS, Security.


Also, when I said that the "Master Password clears after restart" I meant that the Master password returns to default after the PC is restarted. This should not happen. The user password can be set in BIOS however the master password is set in Linux using HDPARM.




Now we know we are dealing with Linux. Might have helped to mention that from the start.

The Ctrl Shift F3 key combination does nothing in my ASRock Z170 Extreme7+ board's UEFI. If that causes a security feature in Linux to become accessible, great, otherwise it does nothing with Windows. Or perhaps with your mystery Intel and Micron SSDs?

The Master password you are referring to, is the ATA Master password, is that correct? Nothing you set in the UEFI, correct?

The Admin and User passwords in the UEFI are there to prevent anyone from changing the UEFI option settings, once the Admin password is set. They are unrelated to the ATA password.

I still say, until an ATA password option is added to the UEFI, it will be reset every time the PC is restarted. Or at least not clearing that data, if possible, is all you want. Why that data is cleared now is the question.

Don't be surprised if ASRock support tells you Linux is not supported on your board. That may be your main problem getting this fixed.
Back to Top
wardog View Drop Down
Moderator Group
Moderator Group


Joined: 15 Jul 2015
Status: Offline
Points: 6447
Post Options Post Options   Thanks (0) Thanks(0)   Quote wardog Quote  Post ReplyReply Direct Link To This Post Posted: 10 Dec 2016 at 11:17am
Anything set using HDPARM and related issues will be a linux OS issue as HDPARM is a linux cmd.

At the point HDPARM becomes available, the MB's BIOS has already handed of to the OS.
Back to Top
 Post Reply Post Reply Page  123>
  Share Topic   

Forum Jump Forum Permissions View Drop Down

Forum Software by Web Wiz Forums® version 12.04
Copyright ©2001-2021 Web Wiz Ltd.

This page was generated in 0.078 seconds.