Hi all,
I want to make a disk filter driver for cryptograph to SCSI disks, can I
use diskperf as start of my project or need I make a SCSI miniport driver?
Thanks in advance,
Fernando.
Probably a disk filter is fine, but there are a lot of questions that come
to mind, like does your crypto change the size of the data? Are you only
trying to protect the physical disk itself, and you don’t care about the
various plaintext caches of your data? Most ‘disk encryption’ schemes
actually are focused on the filesystem level. You might want to search ntfsd
for the various discussions of encryption over there before designing
anything.
=====================
Mark Roddy
Hollis Technology Solutions
www.hollistech.com
xxxxx@hollistech.com
-----Original Message-----
From: Fernando Roberto da Silva [mailto:xxxxx@scuasecurity.com.br]
Sent: Tuesday, August 05, 2003 1:43 PM
To: Windows System Software Developers Interest List
Subject: [ntdev] Cryptograph and SCSI HDs
Hi all,
I want to make a disk filter driver for cryptograph to SCSI disks, can I
use diskperf as start of my project or need I make a SCSI miniport driver?
Thanks in advance,
Fernando.
Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256
You are currently subscribed to ntdev as: xxxxx@stratus.com
To unsubscribe send a blank email to xxxxx@lists.osr.com
There are many ways to implement encryption. You can encrypt at the
following levels:
- Entire disk drive
- Partition
- Files
Each requires a driver at a different level within the file system or
storage stack. What do you want? Booting from an encrypted drive is also
possible and there are products available that do it.
“Fernando Roberto da Silva” wrote in message
news:xxxxx@ntdev…
Hi all,
I want to make a disk filter driver for cryptograph to SCSI disks, can I
use diskperf as start of my project or need I make a SCSI miniport driver?
Thanks in advance,
Fernando.
I want encrypt the partition table at MBR. I already have a filter driver
that make this in IDE controler and I got “INACESSIBLE_BOOT_DEVICE” at SCSI
controler.
Sorry my English and thanks for your help.
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com]On Behalf Of David J. Craig
Sent: ter?a-feira, 5 de agosto de 2003 15:39
To: Windows System Software Developers Interest List
Subject: [ntdev] Re: Cryptograph and SCSI HDs
There are many ways to implement encryption. You can encrypt at the
following levels:
- Entire disk drive
- Partition
- Files
Each requires a driver at a different level within the file system or
storage stack. What do you want? Booting from an encrypted drive is also
possible and there are products available that do it.
“Fernando Roberto da Silva” wrote in message
news:xxxxx@ntdev…
Hi all,
I want to make a disk filter driver for cryptograph to SCSI disks, can I
use diskperf as start of my project or need I make a SCSI miniport driver?
Thanks in advance,
Fernando.
—
Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256
You are currently subscribed to ntdev as: xxxxx@scuasecurity.com.br
To unsubscribe send a blank email to xxxxx@lists.osr.com
You got to decrypt the MBR and partition table BEFORE the OS loads!
Jamey
-----Original Message-----
From: xxxxx@lists.osr.com [mailto:xxxxx@lists.osr.com]
On Behalf Of Fernando Roberto da Silva
Sent: Tuesday, August 05, 2003 11:56 AM
To: Windows System Software Developers Interest List
Subject: [ntdev] Re: Cryptograph and SCSI HDs
I want encrypt the partition table at MBR. I already have a filter
driver
that make this in IDE controler and I got “INACESSIBLE_BOOT_DEVICE” at SCSI
controler.
Sorry my English and thanks for your help.
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com]On Behalf Of David J. Craig
Sent: ter?a-feira, 5 de agosto de 2003 15:39
To: Windows System Software Developers Interest List
Subject: [ntdev] Re: Cryptograph and SCSI HDs
There are many ways to implement encryption. You can encrypt at the
following levels:
- Entire disk drive
- Partition
- Files
Each requires a driver at a different level within the file system or
storage stack. What do you want? Booting from an encrypted drive is also
possible and there are products available that do it.
“Fernando Roberto da Silva” wrote in message
news:xxxxx@ntdev…
Hi all,
I want to make a disk filter driver for cryptograph to SCSI disks, can I
use diskperf as start of my project or need I make a SCSI miniport driver?
Thanks in advance,
Fernando.
—
Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256
You are currently subscribed to ntdev as: xxxxx@scuasecurity.com.br
To unsubscribe send a blank email to xxxxx@lists.osr.com
—
Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256
You are currently subscribed to ntdev as: xxxxx@storagecraft.com
To unsubscribe send a blank email to xxxxx@lists.osr.com
Not all MBR, only the partition table. We did write a virus that make this
for us.
Fernando.
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com]On Behalf Of Jamey Kirby
Sent: ter?a-feira, 5 de agosto de 2003 16:06
To: Windows System Software Developers Interest List
Subject: [ntdev] Re: Cryptograph and SCSI HDs
You got to decrypt the MBR and partition table BEFORE the OS loads!
Jamey
-----Original Message-----
From: xxxxx@lists.osr.com [mailto:xxxxx@lists.osr.com]
On Behalf Of Fernando Roberto da Silva
Sent: Tuesday, August 05, 2003 11:56 AM
To: Windows System Software Developers Interest List
Subject: [ntdev] Re: Cryptograph and SCSI HDs
I want encrypt the partition table at MBR. I already have a filter
driver
that make this in IDE controler and I got “INACESSIBLE_BOOT_DEVICE” at SCSI
controler.
Sorry my English and thanks for your help.
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com]On Behalf Of David J. Craig
Sent: ter?a-feira, 5 de agosto de 2003 15:39
To: Windows System Software Developers Interest List
Subject: [ntdev] Re: Cryptograph and SCSI HDs
There are many ways to implement encryption. You can encrypt at the
following levels:
- Entire disk drive
- Partition
- Files
Each requires a driver at a different level within the file system or
storage stack. What do you want? Booting from an encrypted drive is also
possible and there are products available that do it.
“Fernando Roberto da Silva” wrote in message
news:xxxxx@ntdev…
Hi all,
I want to make a disk filter driver for cryptograph to SCSI disks, can I
use diskperf as start of my project or need I make a SCSI miniport driver?
Thanks in advance,
Fernando.
—
Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256
You are currently subscribed to ntdev as: xxxxx@scuasecurity.com.br
To unsubscribe send a blank email to xxxxx@lists.osr.com
—
Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256
You are currently subscribed to ntdev as: xxxxx@storagecraft.com
To unsubscribe send a blank email to xxxxx@lists.osr.com
—
Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256
You are currently subscribed to ntdev as: xxxxx@scuasecurity.com.br
To unsubscribe send a blank email to xxxxx@lists.osr.com
Alrighty, it seems my translation filter is broken. What does “we did write
a virus that make this for us” mean?
I’m surprised that encrypting the partition table will boot without bios
support (INT13) to decrypt it, but if you say so…
=====================
Mark Roddy
Hollis Technology Solutions
www.hollistech.com
xxxxx@hollistech.com
-----Original Message-----
From: Fernando Roberto da Silva [mailto:xxxxx@scuasecurity.com.br]
Sent: Tuesday, August 05, 2003 3:28 PM
To: Windows System Software Developers Interest List
Subject: [ntdev] Re: Cryptograph and SCSI HDs
Not all MBR, only the partition table. We did write a virus that make this
for us.
Fernando.
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com]On Behalf Of Jamey Kirby
Sent: ter?a-feira, 5 de agosto de 2003 16:06
To: Windows System Software Developers Interest List
Subject: [ntdev] Re: Cryptograph and SCSI HDs
You got to decrypt the MBR and partition table BEFORE the OS loads!
Jamey
-----Original Message-----
From: xxxxx@lists.osr.com [mailto:xxxxx@lists.osr.com]
On Behalf Of Fernando Roberto da Silva
Sent: Tuesday, August 05, 2003 11:56 AM
To: Windows System Software Developers Interest List
Subject: [ntdev] Re: Cryptograph and SCSI HDs
I want encrypt the partition table at MBR. I already have a filter
driver that make this in IDE controler and I got “INACESSIBLE_BOOT_DEVICE”
at SCSI controler.
Sorry my English and thanks for your help.
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com]On Behalf Of David J. Craig
Sent: ter?a-feira, 5 de agosto de 2003 15:39
To: Windows System Software Developers Interest List
Subject: [ntdev] Re: Cryptograph and SCSI HDs
There are many ways to implement encryption. You can encrypt at the
following levels:
- Entire disk drive
- Partition
- Files
Each requires a driver at a different level within the file system or
storage stack. What do you want? Booting from an encrypted drive is also
possible and there are products available that do it.
“Fernando Roberto da Silva” wrote in message
news:xxxxx@ntdev… Hi all,
I want to make a disk filter driver for cryptograph to SCSI disks, can I
use diskperf as start of my project or need I make a SCSI miniport driver?
Thanks in advance,
Fernando.
—
Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256
You are currently subscribed to ntdev as: xxxxx@scuasecurity.com.br To
unsubscribe send a blank email to xxxxx@lists.osr.com
—
Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256
You are currently subscribed to ntdev as: xxxxx@storagecraft.com To
unsubscribe send a blank email to xxxxx@lists.osr.com
—
Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256
You are currently subscribed to ntdev as: xxxxx@scuasecurity.com.br To
unsubscribe send a blank email to xxxxx@lists.osr.com
—
Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256
You are currently subscribed to ntdev as: xxxxx@stratus.com To
unsubscribe send a blank email to xxxxx@lists.osr.com
Hi,
MBR must have valid signature (0x55, 0xAA) and partition table. In the
other case ROM BIOS will refuse to accept hard disk as bootable one. Some
time ago we’ve completed a project like this one. Own MBR code was
responsible for real mode int 13h hooking and on-the-fly data
ecnryption/decryption until the operating system will not go into the
protected mode and will start routing disk I/O traffic thru the own
storage device driver stack (in our particular case that was special ATA
hard disk driver with the embedded encryption/decryption engine and in
this guy’s case I think this can be combination of the generic drivers +
custom filter driver). However after some time we’ve moved real mode part
of the software compex to the own ROM BIOS extension module (custom
ISA-based board with 32K of the flash memory to keep the code and 1K or 2K
of CMOS to store configuration – encrypted user passwords, keys, disk map
etc etc etc). That idea worked better (no risk that somebody will
overwrite your program image and data located in “secret” place).
However I do not see any market for this solution. Very difficult to
install and confugure. Encrypted partition or something like this work
just great and are easier to implement. I do not understand why somebody
could want to keep bootable slice encrypted. Just to hide what OS was used
to work with? Does it cost tons of problems? Not sure…
Regards,
Anton Kolomyeytsev
Alrighty, it seems my translation filter is broken. What does “we did =
write
a virus that make this for us” mean?I’m surprised that encrypting the partition table will boot without =
bios
support (INT13) to decrypt it, but if you say so…=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
Mark Roddy
Hollis Technology Solutions
www.hollistech.com
xxxxx@hollistech.com-----Original Message-----
From: Fernando Roberto da Silva [mailto:xxxxx@scuasecurity.com.br]=20
Sent: Tuesday, August 05, 2003 3:28 PM
To: Windows System Software Developers Interest List
Subject: [ntdev] Re: Cryptograph and SCSI HDsNot all MBR, only the partition table. We did write a virus that make =
this
for us.Fernando.
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com]On Behalf Of Jamey Kirby
Sent: ter=E7a-feira, 5 de agosto de 2003 16:06
To: Windows System Software Developers Interest List
Subject: [ntdev] Re: Cryptograph and SCSI HDsYou got to decrypt the MBR and partition table BEFORE the OS loads!
Jamey
-----Original Message-----
From: xxxxx@lists.osr.com =
[mailto:xxxxx@lists.osr.com]
On Behalf Of Fernando Roberto da Silva
Sent: Tuesday, August 05, 2003 11:56 AM
To: Windows System Software Developers Interest List
Subject: [ntdev] Re: Cryptograph and SCSI HDsI want encrypt the partition table at MBR. I already have a filter
driver that make this in IDE controler and I got =
“INACESSIBLE_BOOT_DEVICE”
at SCSI controler.Sorry my English and thanks for your help.
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com]On Behalf Of David J. Craig
Sent: ter=E7a-feira, 5 de agosto de 2003 15:39
To: Windows System Software Developers Interest List
Subject: [ntdev] Re: Cryptograph and SCSI HDsThere are many ways to implement encryption. You can encrypt at the
following levels:
- Entire disk drive
- Partition
- Files
Each requires a driver at a different level within the file system or
storage stack. What do you want? Booting from an encrypted drive is =
also
possible and there are products available that do it.“Fernando Roberto da Silva” wrote in =
> message
> news:xxxxx@ntdev… Hi all,
>
> I want to make a disk filter driver for cryptograph to SCSI disks, =
> can I
> use diskperf as start of my project or need I make a SCSI miniport =
> driver?
>
> Thanks in advance,
> Fernando.
>
>
>
> —
> Questions? First check the Kernel Driver FAQ at
> http://www.osronline.com/article.cfm?id=3D256
>
> You are currently subscribed to ntdev as: xxxxx@scuasecurity.com.br =
> To
> unsubscribe send a blank email to xxxxx@lists.osr.com
>
>
>
> —
> Questions? First check the Kernel Driver FAQ at
> http://www.osronline.com/article.cfm?id=3D256
>
> You are currently subscribed to ntdev as: xxxxx@storagecraft.com To
> unsubscribe send a blank email to xxxxx@lists.osr.com
>
>
>
> —
> Questions? First check the Kernel Driver FAQ at
> http://www.osronline.com/article.cfm?id=3D256
>
> You are currently subscribed to ntdev as: xxxxx@scuasecurity.com.br =
> To
> unsubscribe send a blank email to xxxxx@lists.osr.com
>
>
>
> —
> Questions? First check the Kernel Driver FAQ at
> http://www.osronline.com/article.cfm?id=3D256
>
> You are currently subscribed to ntdev as: xxxxx@stratus.com To
> unsubscribe send a blank email to xxxxx@lists.osr.com
Use diskperf.
Maxim Shatskih, Windows DDK MVP
StorageCraft Corporation
xxxxx@storagecraft.com
http://www.storagecraft.com
----- Original Message -----
From: Fernando Roberto da Silva
To: Windows System Software Developers Interest List
Sent: Tuesday, August 05, 2003 9:42 PM
Subject: [ntdev] Cryptograph and SCSI HDs
Hi all,
I want to make a disk filter driver for cryptograph to SCSI disks, can I use diskperf as start of my project or need I make a SCSI miniport driver?
Thanks in advance,
Fernando.
Questions? First check the Kernel Driver FAQ at http://www.osronline.com/article.cfm?id=256
You are currently subscribed to ntdev as: xxxxx@storagecraft.com
To unsubscribe send a blank email to xxxxx@lists.osr.com
> I’m surprised that encrypting the partition table will boot without bios
support (INT13) to decrypt it, but if you say so…
If the decryptor code is in the physical sector 0 - then it will.
Maxim Shatskih, Windows DDK MVP
StorageCraft Corporation
xxxxx@storagecraft.com
http://www.storagecraft.com