make: Adding meson build option for ability to set ATA security passw…

…ord in openSeaChest_Security Adding a meson build option to make it easier to turn on the ability to set an ATA security password. This option is off by default since it can make a system unbootable, a drive unlockable, or cause other issues that the OS/BIOS/HAB are unable to handle properly. Signed-off-by: Tyler Erickson <[email protected]>
vonericsen · May 1, 2023 · 64ae424 · 64ae424
1 parent 2964e98
commit 64ae424
Show file tree

Hide file tree

Showing 3 changed files with 23 additions and 11 deletions.
diff --git a/meson.build b/meson.build
@@ -28,7 +28,8 @@ if c.get_id().contains('gcc') or c.get_id().contains('clang')
   '-Wstrict-prototypes',
   '-Wmissing-declarations',
   '-Wmissing-prototypes',
-  '-Wchar-subscripts'
+  '-Wchar-subscripts',
+  '-Wundef'
   ]
 elif c.get_id().contains('msvc')
   #See here for enabling/disabling msvc warnings:
@@ -39,7 +40,7 @@ elif c.get_id().contains('msvc')
     #This is likely not an issue with meson, but matching VS project files for now
     '/wd4214', # nonstandard extension used : bit field types other than int
     '/wd4201', # nonstandard extension used : nameless struct/union
-    '/wd4668', # 'symbol' is not defined as a preprocessor macro, replacing with '0' for 'directives'
+    '/wd4668', # 'symbol' is not defined as a preprocessor macro, replacing with '0' for 'directives'. While like -Wundef, this creates too many warnings in system headers to use
     '/wd4820', # 'bytes' bytes padding added after construct 'member_name'
     '/wd4710', # 'function' : function not inlined
     #'/wd4255', # 'function' : no function prototype given: converting '()' to '(void)' #NOTE: Only needed for /Wall, otherwise enabling can be good-TJE
@@ -105,6 +106,10 @@ if not get_option('tcg').enabled()
   add_project_arguments('-DDISABLE_TCG_SUPPORT', language : 'c')
 endif
 
+if get_option('atasecsetpass').enabled()
+  add_project_arguments('-DENABLE_ATA_SET_PASSWORD', language : 'c')
+endif
+
 if get_option('debug')
   add_project_arguments('-D_DEBUG', language : 'c')
 endif

diff --git a/meson_options.txt b/meson_options.txt
@@ -16,3 +16,10 @@ option('tools', type : 'array', choices : [
 ])
 option('tcg', type : 'feature', value : 'disabled')
 option('libc_musl', type : 'boolean', value : 'false')
+#openSeaChest_Security can set the password, however this is not enabled by default
+#because enabling it may make the system unable to boot, the drive may not show up
+#in the OS if it DOES boot or if the drive it hotplugged in, or it may not be possible
+#for the user to enter the password they have set because the system, BIOS, or HBA has
+#sent the ATA security freeze-lock command to the drive.
+#if you really want to enable this option, you can do it, but you have been warned!
+option('atasecsetpass', type : 'feature', value : 'disabled')
diff --git a/utils/C/openSeaChest/openSeaChest_Security.c b/utils/C/openSeaChest/openSeaChest_Security.c
@@ -120,7 +120,7 @@ int32_t main(int argc, char *argv[])
     ATA_SECURITY_MASTER_PW_CAPABILITY_VAR
     ATA_SECURITY_MASTER_PW_ID_VAR
     ATA_SECURITY_SET_PASSWORD_OP_VAR
-#endif
+#endif //ENABLE_ATA_SET_PASSWORD
     ATA_SECURITY_FORCE_SAT_VARS
     ATA_SECURITY_UNLOCK_OP_VAR
     ATA_SECURITY_DISABLE_OP_VAR
@@ -187,7 +187,7 @@ int32_t main(int argc, char *argv[])
         ATA_SECURITY_SET_PASSWORD_OP_LONG_OPT,
         ATA_SECURITY_MASTER_PW_CAPABILITY_LONG_OPT,
         ATA_SECURITY_MASTER_PW_ID_LONG_OPT,
-#endif
+#endif //ENABLE_ATA_SET_PASSWORD
         ATA_SECURITY_UNLOCK_OP_LONG_OPT,
         ATA_SECURITY_DISABLE_OP_LONG_OPT,
         ATA_SECURITY_FREEZELOCK_OP_LONG_OPT,
@@ -447,7 +447,7 @@ int32_t main(int argc, char *argv[])
                 }
                 ATA_SECURITY_MASTER_PW_ID = C_CAST(uint16_t, masterIDOut);
             }
-#endif
+#endif //ENABLE_ATA_SET_PASSWORD
             else if (strncmp(longopts[optionIndex].name, ATA_SECURITY_FORCE_SAT_LONG_OPT_STRING, M_Min(strlen(longopts[optionIndex].name), strlen(ATA_SECURITY_FORCE_SAT_LONG_OPT_STRING))) == 0)
             {
                 ATA_SECURITY_FORCE_SAT_VALID = true;
@@ -915,7 +915,7 @@ int32_t main(int argc, char *argv[])
         || ATA_SECURITY_UNLOCK_OP
 #if defined ENABLE_ATA_SET_PASSWORD
         || ATA_SECURITY_SET_PASSWORD_OP
-#endif
+#endif //ENABLE_ATA_SET_PASSWORD
         || ATA_SECURITY_ERASE_OP
        ))
     {
@@ -1613,7 +1613,7 @@ int32_t main(int argc, char *argv[])
             }
         }
 #if defined ENABLE_ATA_SET_PASSWORD
-        if(ATA_SECURITY_SET_PASSWORD_OP)
+        if (ATA_SECURITY_SET_PASSWORD_OP)
         {
             ataSecurityPassword ataPassword;
             memset(&ataPassword, 0, sizeof(ataSecurityPassword));
@@ -1638,7 +1638,7 @@ int32_t main(int argc, char *argv[])
                 break;
             }
         }
-#endif
+#endif //ENABLE_ATA_SET_PASSWORD
 
         if (ATA_SECURITY_ERASE_OP)
         {
@@ -1800,19 +1800,19 @@ void utility_Usage(bool shortUsage)
     print_ATA_Security_Force_SAT_Security_Protocol_Help(shortUsage);
 #if defined ENABLE_ATA_SET_PASSWORD
     print_ATA_Security_Master_Password_Capability_Help(shortUsage);
-#endif
+#endif //ENABLE_ATA_SET_PASSWORD
     print_ATA_Security_Freezelock_Help(shortUsage);
 #if defined ENABLE_ATA_SET_PASSWORD
     print_ATA_Security_Master_Password_ID_Help(shortUsage);
-#endif
+#endif //ENABLE_ATA_SET_PASSWORD
     print_ATA_Security_Password_Help(shortUsage);
     print_ATA_Security_Password_Type_Help(shortUsage);
     print_ATA_Security_Password_Modifications_Help(shortUsage);
     print_ATA_Security_Info_Help(shortUsage);
     print_Disable_ATA_Security_Password_Help(shortUsage, util_name);
 #if defined ENABLE_ATA_SET_PASSWORD
     print_ATA_Security_Set_Password_Help(shortUsage);
-#endif
+#endif //ENABLE_ATA_SET_PASSWORD
     print_ATA_Security_Unlock_Help(shortUsage);
 
     //data destructive commands - alphabetized