Month: September 2011

Posted on

Hard Disk Password feature for the Asus M4A78-EM (under Ubuntu Linux)

The Asus M4A78-EM’s native AMIBIOS, like most desktop BIOSes, lacks support for ATA security features. Under such a BIOS, disks with built-in encryption that relies on ATA security can only function as normal hard disks.

The ATA Security eXtension BIOS is a BIOS extension that provides what the name says: the ATA security features for a BIOS previously lacking them. It can be added onto the M4A78-EM’s BIOS; I did it, and I figured I might as well document the process in case someone else is considering doing the same.

Flashing firmware is never a simple task, and if you screw it up, you might end up with your motherboard in need of costly repair. So please, do not attempt this if you’re in the slightest unsure of what you’re doing. And if you do attempt this, make sure you do know what you’re doing each step of the way.

I did this using Ubuntu 10.04.1, with Wine 1.2.3 from the Ubuntu Wine Team’s PPA. The steps shouldn’t differ much if you’re using another OS, just as long as you can run the necessary (Microsoft Windows) apps.

The general steps are

  1. get your existing BIOS ROM file either from Asus’ website or by other means
  2. download and unpack the extension package
  3. download and unpack MMTool
  4. configure the extension
  5. run MMTool and replace the existing ethernet ROM with the extension
  6. flash the resulting BIOS ROM file onto the motherboard

The specifics for each step are:

  1. Download the BIOS you want to add the extension to. I was running the latest currently published revision 2101 (dated 31.12.2010) for the M4A78-EM from Asus, so I grabbed that and unpacked the .ROM file from it.
  2. Download the ATA Security eXtension from the official website. I used v2.11 (dated 8.8.2006), the latest at the time. Unpack it.
  3. Download MMTool. I used 3.19 (dated 19.1.2009), the latest at the time. Unpack it.
  4. Configure the extension. For this, in Ubuntu, you’ll need to use DOSBox.
    1. Using the command-line, change to the extension’s directory and run dosbox .
    2. Inside DOSBox, run BROMCFG.EXE ATASX.ROM
    3. Answer Y to change configuration.
    4. Answer P for PCI-ROM.
    5. Answer 10EC for Vendor ID. (This is Realtek’s ID.)
    6. Answer 8168 for Device ID. (This is the M4A78-EM’s Ethernet adapter’s ID.)
    7. Answer 020000 for PCI device type. (This is an Ethernet device.)
    8. Answer questions about default and setup password as well as delay for Ctrl+S according to you needs.
    9. Exit DOSBox by typing exit
    1. Start MMTool (with the help of Wine).
    2. Select ‘Load ROM’. Select the BIOS ROM file you acquired at step 1.
    3. Go to the ‘Delete’ tab. From the list at the bottom, select the PCI Option ROM with ‘RunLoc’ 10EC:8168 (the Ethernet ROM).
    4. Select ‘Delete’. The list should refresh itself.
    5. Go back to the ‘Insert’ tab.
    6. Select ‘Browse’. Select the ATASX.ROM file configured at main step 4.
    7. For ‘Module ID’, enter 20. For ‘Offset/VID’, enter 10EC. For ‘Seg./DID’, enter 8168.
    8. Select ‘Insert’. The list should refresh itself again. Make sure that it again has a ‘PCI Option ROM’ with the ‘RunLoc’ 10EC:8168.
    9. Save the new BIOS ROM file with either ‘Save ROM’ or ‘Save ROM as…’.
    10. Exit MMTool.
  6. Flash the BIOS ROM file you saved in MMTool with your flashing tool of choice. I used Flashrom.

Final note: once you have the new ROM file in, you’ll need to enable ‘Onboard LAN Boot ROM’ in your BIOS settings for the extension to kick in during boot.

Posted on

Encryption and SSDs

I’ve been contemplating on getting a SSD for my desktop. At the same time, I’ve been meaning to once again get my entire system partition encrypted (for now, I’ve only encrypted a directory within my home directory). I used to run an entirely encrypted system from a traditional hard disk, but I know an SSD is a different beast.

According to Wikipedia, when software-based disk encryption (such as dm-crypt) is used, using the TRIM command reveals information about which blocks are in use. This means you either have to disable TRIM and risk performace degradation to gain security, or keep TRIM and risk exposing information about your data.

And at least according to one user on StackExchange, even enabling TRIM won’t help protect the drive’s performance due to how software encryption works.

So my best bet would be hardware-based encryption such as the one offered by the Kingston SSDNow V+ 100E Series. According to Kingston’s FAQ, the encryption on their disks utilizes the hard disk password feature of the BIOS. From what I gather, that password is used as the encryption key, which means unauthorized access cannot be gained by simply bypassing the disk’s locking mechanism, unlike in drives with no built-in encryption. (It also means once you lose the password, there’s no way to recover your data, as it should be in a truly secure system.)

Edit: My ASUS M4A78-EM doesn’t seem to support setting a HD password, so it looks like I’m out of luck until I upgrade my motherboard. :(

Edit: I flashed the mobo with ATA Security eXtension -enabled BIOS and now I can haz hdd passwords.

Posted on

Fixing checkgmail in Ubuntu 10.04 (Lucid Lynx)

Note: This is an as of yet untested solution. I applied it remotely and haven’t had a chance to verify that it actually works. Also, these aren’t the exact steps I took but a sketch. Please try to understand what you’re doing with each command before executing it.

  1. sudo checkgmail -update # answer yes to update
  2. wget 'http://ur1.ca/5284y' -O /tmp/checkgmail.patch # [1]
  3. sudo patch `which checkgmail` /tmp/checkgmail.patch

I based this on the thread with the patch over at SourceForge and some other thread on Ubuntu Forums (I think), which I don’t have the link to right now.

[1] The shortened url points to http://sourceforge.net/tracker/download.php?group_id=137480&atid=738663&file_id=423104&aid=3406322 (where the patch lies).

Posted on

First notes of Drupal

  1. Contrary to what Quick install for beginners claims, Drupal does not require a “new, empty database”. Your old database with data from other apps such as WordPress will do just fine. Drupal will even allow you to set a table prefix during installation, so it’s not the database hog it’s made out to be by that claim in the installation guide.
  2. Pay attention to your choice of language during installation! Technically you can change it via the interface later on, but the change will be incomplete: some strings are generated during installation time and can only be edited by hand.
  3. Apropos, also the changing of an article’s language after publishing requires a bit of weird trickery.
  4. Displaying full articles instead of teasers: Home » Administration » Structure » Content types » Basic page » Custom Display Settings: Switch from ‘Teaser’ to ‘Full content’. (Not in a million years would I have deduced this from “Use custom display settings for the following view modes”.) You’re still stuck with the “Read more” link, however.
  5. Cache clearing button is in Home » Administration » Configuration » Development » Performance.