>> Note that this HPA is a good place to store a bootloader too, in fact >> I like to think of it as the big floppy drive of the PC which no more >> have any floppy drive: create a FAT filesystem of 64 Mbytes there and >> copy all the floppy you used to have there. Your bootloader, if it >> is good enough, will be able to run software from this area. > > If your bootloader if the first thing to run in the system, you can > use & protect portion of your hardrive for yourself - just make sure you > lock with set max with password when passing control to 'normal' > OS/loader. > > Aleks.
When my bootloader is installed in an HPA protected partition containning a filesystem (instead of a real primary or extended partition), it is by default not only protecting the HPA by password but also freeze it. To run a trusted application which needs an unprotected IDE disk, you need to have the application in the KGZ kernel form (elf -> objdump -> gzip with the right IDE comment), see: http://marc.theaimsgroup.com/?l=linux-kernel&m=112134577732513 And also uncheck the "ignore kernel IDE options" box in setup. The problem is that you cannot really modify the disk size by the IDE configuration command because BIOS react badly to disks which change their number of LBA after boot, so the bootloader cannot be really transparent. Moreover, if the bootloader is completely hidden, people try to install multiple times the bootloader when they just want to upgrade it - and it does not work as intended. The bootloader can still be configured to set the disk size to the one declared in the MBR if needed and if the IDE disk is currently able to modify its own number of LBA. Same for HPA, if it finds the HPA frozzen - maybe because it has chainloaded itself - it will not try to modify the HPA. Note that the frozzen state I am speaking of here have nothing to do with the "IDE security freeze" command needed before running any OS to protect against disk2brick/blankdisk viruses. Etienne. - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/