ATA Security eXtension BIOS


Deutsche Version


Intro:

The most modern ATA- and SATA hard disks (IDE=ATA) support the "ATA Security Mode Feature Set". This include special functions to:

These "ATA Security Mode Feature Set" functions were originally developed for Laptops / Notebooks. Since Microsoft has used these functions for the XBOX, the most 3.5" hard disks support them.

The BIOS versions of the most computers has no or only partial support of the "ATA Security Mode Feature Set" functions. This is a security hole that is usable for malware which can set a hard disk password in background to lockout the user after the next power on and prevent the loading of the Operating System and any further hard disk access.

The "Heise Verlag" has published a really interesting article about hard disk security in the c't 8/2005 - article: "AT Your Disservice" It is suggested to check the computer and if necessary to update your BIOS.


Because many mainboard vendors update their BIOS versions only for a short time, I have written a BIOS Extension that

So, the ATASX (ATA Security eXtension) BIOS was introduced.

This BIOS Extension can be integrated in a PC/Notebook in two methods.

Download:
ATA Security eXtension BIOS v2.11 [56.0KB] 08.08.06
(free for individual use)


Older Versions:

ATA Security eXtension BIOS v2.10 [55.7KB] 01.08.06
(free for individual use)

ATA Security eXtension BIOS v2.02 [55.0KB] 06.05.06
(free for individual use)

ATA Security eXtension BIOS v2.01 [23.3KB] 23.12.05
(free for individual use)

ATA Security eXtension BIOS v2.00 [23.2KB] 03.10.05
(free for individual use)

ATA Security eXtension BIOS v1.00 [9.2KB] 27.06.05
(free for individual use)


other Tools:

ADDATASX v2 [6.6KB] 09.08.06
Tool to merge the ATASX Code to an other Option-ROM


Preparation:

The ATASX BIOS is provided in a not configured format. It has to be setup before it can be adapt in some simple steps to your hardware.

This can be done with the included program: BROMCFG

With BROMCFG If a PCI Extension BIOS shall be used, BROMCFG asks for the Vendor ID and Device ID. So, you need the four numeric character IDs of the used Network board with the BootROM socket for the ATASX BIOS.

Vendor ID and Device ID can be read in the manual and/or got from vendor via telephone/eMail. Also some hardware diagnostic programs, like PC-Analyser, Dr. Hardware or Everest show the IDs.
The Vendor, Device IDs and names of (all) the devices in your computer will also be shown on boot.:

Animation by: Borg Number One -- click to view the animation.
Click to view the animation. Animation by: Borg Number One.


ATASX BIOS as "PCI Extension BIOS": ATASX BIOS as "ISA Extension BIOS":

Method 1 - ATASX BIOS as network BOOTROM

Many network cards have a socket, for small memory chips (ROMs, PROMs, EPROMs, EEPROMs/FLASH-(E)EPROMs) In normal condition a memory chip is already installed and programmed with a software (Firmware, BOOTROM, ETHERBOOT), to support a system boot over network from another computer.

This memory can also be used to integrate other executable Code, in this case the ATASX BIOS, to run on boot.

Network cards should be supplied with a driver package. In this package there should be a small tool to write to the BOOTROM chip. This is normally used for software updates of the BOOTROM firmware.

With this program the ATA Security eXtension BIOS will be written to the BOOTROM chip. After a sucessful programming, the ATASX BIOS is available at every boot.

If not, you have to activate the ability to boot from network card

If you have got a P-/EP-/EEP-/FLASH-EP-/FLASH-EEP- ROM programmer, it can also be used to program the ATASX BIOS to the BOOTROM chip.

Notes:
Pro:
+ Method 1 is a simple and cheap one to add and use a ROM Extension to/with a PC.
+ The ISA/PCI network card with the ATASX BIOS can be shared with and integrated into other ISA/PCI mainboards.

Contra:
- You need a network card with a BOOTROM Socket and BOOTROM chip.
- The fact about the portability of a network card is not so good for the mainboard and the network card itself.
- Not usable for notebooks.



Method 2 - ATASX BIOS as part of the mainboard BIOS

The most of available BIOS files/updates are similar to a packed archive, it consists of packed modules with different functions. The Award, Phoenix - Award and Phoenix BIOS still have the abilities to integrate a "ISA Extension BIOS" module. In this case the ATASX BIOS can be used as "ISA Extension BIOS" without any problems.

The AMIBIOS has no possibility to add a "ISA BIOS" module. Here you can use the ATASX BIOS only as a "PCI Extension BIOS" for adding it to an AMIBIOS.

This requires that the ATASX BIOS, stored as a "PCI Extension BIOS" using BROMCFG, has the same Vendor and Device ID like the real device on the mainboard.

Example:
A computer with an AMIBIOS has a (onboard)/PCI network card (without BOOTROM chip) with Device ID 1234 and Vendor ID 5678. To use the ATASX BIOS you have to configure it with BROMCFG as a "PCI Extension BIOS" with the Device ID 1234 and Vendor ID 5678 to integrate it to the AMIBIOS.


Award BIOS / Phoenix - Award BIOS


Necessary tools:
CBROM / CBROM32, backup image of the mainboard BIOS / BIOS Update file.

Copy the configured ATASX ISA BIOS or ATASX PCI BIOS, CBROM and the mainboard BIOS file to a working directory and run the dos shell.

Change to the working directory and read the CBROM commands and help page.

CBROM /? >Enter<

Now add the ATASX-BIOS as ISA/PCI-BIOS-Modul to the mainboard BIOS file.


After this, a flash of the modificated mainboard BIOS file to the mainboard's "BIOS chip" is necessary.

For additional information about integrating the ATASX BIOS to a mainboard BIOS, you can get in contact with Borg Number One here.



Now the computer should show the extension at boot:

Thx to  # Borg Number One #  for regenerating the pictures. Click for source photo.
Click for source photo.
 
The Fujitsu hard disk doesn't support the ATA Security Mode Feature Set.
The IBM hard disk is password locked with a password so the ATASX ask for it.


Press CTRL+S to enter the ATASX BIOS Setup

Thx to  # Borg Number One #  for regenerating the pictures. Click for source photo.
Click for source photo

At this place you can change the security settings of you hard disks.

Check also the FAQ of Heise, (Sorry it was/is not released in English.)
And also my Forum(You can post your questions and suggestions in German and in English.) You can contact me via the message-system of my forum.
Go to forum



Links

BNOBTC - Borg Number One Bios Tools Collection
Hints and tools to integrate own modules to mainboard bios




Thx to  # Borg Number One #  for regenerating the pictures. Click for source photo.

K6-2 with additional Highpoint 370 Controller


Thx to  # Borg Number One #  for regenerating the pictures. Click for source photo.

A7N8X-E with nVidia P-ATA and SiI 3112 S-ATA Raid on board


Thx to  # Borg Number One #  for regenerating the pictures. Click for source photo.

MSI Neo2-F with nVidia P-ATA and 4x nVidia S-ATA (Raid) on board


Thx to  # Borg Number One #  for regenerating the pictures. Click for source photo.

Old 486 without PCI Bus, ATASX BIOS scannt 01F0 and 0170



Thx to: Borg Number One for