OSDev.org

The Place to Start for Operating System Developers
http://f.osdev.org/

SSD Vulnerability

http://f.osdev.org/viewtopic.php?t=56075

Page 1 of 1

SSD Vulnerability

Posted: Sat Jan 01, 2022 2:01 pm
by azblue
I just encountered this: https://www.tomshardware.com/news/ssd-o ... cebook.com
Malware can hide in the over-provision area of a SSD.

The proposed fix from the article:
The researchers suggest implementing a pseudo-erase algorithm that physically deletes data on an SSD without affecting real-world performance to counter the first attack model.

It is recommended to implement a new monitoring system that can closely watch the over-provisioned size of the SSDs in real-time to counter the second attack model.
If you're writing code for SSDs, this is stuff you'll want to know about!

Re: SSD Vulnerability

Posted: Sat Jan 01, 2022 2:41 pm
by Octocontrabass
Is this any different from using HPA and/or DCO to hide data on the drive?

Though the author's suggested fix (monitoring the drive's reported capacity) is a good idea anyway, since it can be used to identify failing drives.
All times are UTC-06:00
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited