Z170 OC Formula **SECURITY FLAW**
Printed From: ASRock.com
Category: Technical Support
Forum Name: Intel Motherboards
Forum Description: Question about ASRock Intel Motherboards
URL: https://forum.asrock.com/forum_posts.asp?TID=3979
Printed Date: 27 Dec 2024 at 11:20am
Software Version: Web Wiz Forums 12.04 - http://www.webwizforums.com
Topic: Z170 OC Formula **SECURITY FLAW**
Posted By: someguy
Subject: Z170 OC Formula **SECURITY FLAW**
Date Posted: 09 Dec 2016 at 5:10pm
| I have found the following security issue in the Z170 Formula OC and the Z77 Extreme 4. After enabling the ATA Password on TWO DIFFERENT BRANDS OF SSDs, the Master passwords reset after restart to default. I would like to see Asrock fix this immediately. This renders the ATA password and Self Encrypting Drive (SED) functionality of the SSDs useless. |
Replies:
Posted By: Xaltar
Date Posted: 09 Dec 2016 at 5:50pm
Please contact tech support directly with this issue and thank you for reporting it  ------------- 
|
Posted By: someguy
Date Posted: 09 Dec 2016 at 10:07pm
| " rel="nofollow - How do I contact technical support directly? |
Posted By: Xaltar
Date Posted: 09 Dec 2016 at 10:49pm
|
http://www.asrock.com/support/index.us.asp" rel="nofollow - http://www.asrock.com/support/index.us.asp Copy paste link. -------------
|
Posted By: parsec
Date Posted: 09 Dec 2016 at 10:54pm
That would be here: http://event.asrock.com/tsd.asp" rel="nofollow - http://event.asrock.com/tsd.asp I'm curious, I'm surprised, if this is correct, an ATA password option exists in the UEFI/BIOS as an option. ASRock has not had that option available for a while now. I'm also curious which SSDs you are using that you set the password on. ------------- http://valid.x86.fr/48rujh" rel="nofollow"> 
|
someguy wrote:Posted By: someguy
Date Posted: 09 Dec 2016 at 11:04pm
Intel and Micron. This is a huge security oversight and must be fixed immediately. |
Posted By: parsec
Date Posted: 10 Dec 2016 at 12:23am
Actually, you have a problem here. There is a reason for this situation. When you said, "... the Master passwords reset after restart to default", you mean a clearing of the UEFI/BIOS? Regardless, support for the ATA password requires support in the UEFI/BIOS. That is, the ATA master password is set in the UEFI/BIOS itself. As you know, that option does not exist in either board's UEFI. That's why the password is reset, or really simply cleared. Unfortunately, this option is not included in the UEFI because of the number of users that forget their passwords, causing their drives to be unusable. Requests from users to clear the password in that situation becomes a problem, due to the potential of the drives or PC being stolen, or someone trying to break into a PC. Mother board and drive manufactures find themselves in this situation all to often. Regrettably, a way to prevent this is to simply not support the ATA password function. Yes, you are being dragged down by the stupidity of others, but forgotten passwords became such a huge issue that the decision was made long ago to remove this option from the UEFI of all ASRock boards. That means this "issue" will not be generally fixed on your or any ASRock boards. Given that, it might be possible for ASRock to provide a custom UEFI/BIOS version for your boards, that adds the ATA password option. At one time, I tested a UEFI on a different ASRock board, that had the ATA password option, which worked fine. That UEFI version was not made generally available. You will need to explain this to ASRock support, and we will try to help you with this. Of course any other UEFI/BIOS updates for your boards would require another custom version. I'm sorry about this, and I hope you can understand the overall situation. I personally cannot guarantee you will be able to get custom UEFI versions. ------------- http://valid.x86.fr/48rujh" rel="nofollow">
|
Posted By: someguy
Date Posted: 10 Dec 2016 at 8:12am
On the Z170 OC Formula the ATA Security Function can be accessed by: 1.Press Del or F2 when system is started to enter BIOS. 2.Press <Ctrl><Shift><F3> and press F10 to save and exit. 3.The ATA password will be available at BIS, Security. Also, when I said that the "Master Password clears after restart" I meant that the Master password returns to default after the PC is restarted. This should not happen. The user password can be set in BIOS however the master password is set in Linux using HDPARM. |
Posted By: parsec
Date Posted: 10 Dec 2016 at 10:34am
" rel="nofollow -
Now we know we are dealing with Linux. Might have helped to mention that from the start. The Ctrl Shift F3 key combination does nothing in my ASRock Z170 Extreme7+ board's UEFI. If that causes a security feature in Linux to become accessible, great, otherwise it does nothing with Windows. Or perhaps with your mystery Intel and Micron SSDs? The Master password you are referring to, is the ATA Master password, is that correct? Nothing you set in the UEFI, correct? The Admin and User passwords in the UEFI are there to prevent anyone from changing the UEFI option settings, once the Admin password is set. They are unrelated to the ATA password. I still say, until an ATA password option is added to the UEFI, it will be reset every time the PC is restarted. Or at least not clearing that data, if possible, is all you want. Why that data is cleared now is the question. Don't be surprised if ASRock support tells you Linux is not supported on your board. That may be your main problem getting this fixed. ------------- http://valid.x86.fr/48rujh" rel="nofollow">
|
Posted By: wardog
Date Posted: 10 Dec 2016 at 11:17am
|
Anything set using HDPARM and related issues will be a linux OS issue as HDPARM is a linux cmd. At the point HDPARM becomes available, the MB's BIOS has already handed of to the OS. |
Posted By: someguy
Date Posted: 10 Dec 2016 at 11:54am
|
My OS is Windows, I boot into Linux only to use HDPARM only to set the Master Password as that cannot be done in windows. There is an issue with the BIOS that resets the Master Password upon unlocking the SSD by entering the user password upon startup when prompted by the BIOS. This is OS independent. This has also happened in a Z77 Extreme 4 with a ATA enabled BIOS. Also I have noticed that this only happens when the SSD is unlocked at BIOS i.e. if you restart the PC over and over but don't unlock the SSD after initially setting the Master Password and shutting down, the Master password is retained and can be used to unlock the SSD. Therefore the act of unlocking the SSD at startup in BIOS resets the Master Password to default. This is not an OS issue, this is a BIOS issue. |
Posted By: wardog
Date Posted: 10 Dec 2016 at 12:32pm
|
" rel="nofollow - Your refer to "unlocking the SSD" above. How, when, and where are you "unlocking the SSD"? You posts make it sound as if that/this is a separate screen/function other than in the BIOS. I believe that's where mine and parsecs confusion is originating from. Certainly mine. |
Posted By: someguy
Date Posted: 10 Dec 2016 at 12:56pm
|
When ATA Security is enabled on an SSD or HDD and you are using a motherboard that supports it, upon startup you will be met by a prompt from BIOS to input a user password to unlock the "locked" drive. With the Asrock motherboards, if you enter the incorrect user password five times a new prompt will show up asking for a master password. If you incorrectly enter the Master password five times you will get a message saying the SSD/HDD is locked. |
Posted By: wardog
Date Posted: 10 Dec 2016 at 1:11pm
|
A long read yet after your post above describing "unlocking the SSD" I believe your answers are found at: http://www.admin-magazine.com/Archive/2014/19/Using-the-ATA-security-features-of-modern-hard-disks-and-SSDs" rel="nofollow - http://www.admin-magazine.com/Archive/2014/19/Using-the-ATA-security-features-of-modern-hard-disks-and-SSDs |
Posted By: wardog
Date Posted: 10 Dec 2016 at 1:12pm
ie:
|
Posted By: wardog
Date Posted: 10 Dec 2016 at 1:15pm
Can I assume you're using the switch on the back of the PSU or a power strip to kill all power, instead of Sleep or even simply shutting down from the OS, but still leaving the PSU feed the MB? |
Posted By: someguy
Date Posted: 10 Dec 2016 at 1:21pm
That's not necessary. To "Unfreeze" an SSD you simply need to pull out the power cable out of the SSD and plug it back in again. |
Posted By: wardog
Date Posted: 10 Dec 2016 at 1:50pm
Same thing, is it not? Pulling or disconnecting from? |
Posted By: someguy
Date Posted: 10 Dec 2016 at 2:29pm
|
Its quicker to unplug and plug the SSD then suspending the PC |
Posted By: wardog
Date Posted: 10 Dec 2016 at 2:49pm
" rel="nofollow -
Sure. But do you really think that's necessarily a good idea? I know it isn't. Can I ask? Why are you doing it in the first place? That's a respectfully serious question. |
Posted By: someguy
Date Posted: 10 Dec 2016 at 3:11pm
Its perfectly fine to do that. Doing what? |
Posted By: wardog
Date Posted: 10 Dec 2016 at 10:42pm
Ok then, keep doing it your way. I still disagree yet I'm not here to argue either. |