[Wylug-help] Readonly option in hdparm

[Julian Church]

Hi Nicholas

This problem has come up on the LEAF project list (it's an embedded
firewall system, and read-only boot media is preferred because it gives
miscreants less options when trying to crack the box).

On Tue, 5 Aug 2003 05:59:48 -0600, Thomas, Nicholas
<nick.thomas at eldon.co.uk> wrote:

> If this is not possible with a conventional hard drive, is it possible
> with
> a compact flash card + IDE adaptor?

The IDE specification doesn't include any provision for write-protecting
drives.

Some CF manufacturers offer write protectable cards, but when used in an
IDE adapter they don't work as predicted.  There's no mechanism in the
kernel to deal with a protected IDE device. So attempting to write to the
disc seems to work whenever you try it, even though the data never makes it
onto the CF.  I seem to remember that this can lead to unpredictable
behaviour later, when the kernel's idea of what's on the disc doesn't match
what it finds there.

Write-protectable (by jumper) SCSI drives are pretty common though, and the
write protection works properly with the kernel; that's an option for you,
although it's potentially a bit expensive.

Another option is to get the filesystem set up the way you need it, create
an image then, burn it onto write-once media such as a CDR or DVDR; this is
probably the favourite with LEAF-project users at the moment.

regards

Julian
--
Shameless plug:  Need a lightweight but highly secure linux-based firewall?
 Try LEAF.  http://leaf.sourceforge.net