Skip to content

v24.08

Compare
Choose a tag to compare
@vonericsen vonericsen released this 28 Aug 22:14

This release has been a long time coming, but it is finally here!

A major focus of this release has been on security of the source code in this project, and it has been a very large task to assess and update many different parts of it to improve overall security of openSeaChest.

The most important pieces of the security updates that were worked on came from a third-party audit and warnings from various SAST tools and LOTS of testing through DAST tools like valgrind and dr memory to make sure everything worked as intended.

Security Improvements

  • Removed all use of atoi/atol/atoll and sscanf as identified as unnecessary risk by third-party
  • atoX functions were replaced with strtol/stroul/etc with all recommendations from ISO C secure coding standards around checking errno with these functions as well as catching out of range errors when converting to smaller types (uint8, uint16, etc)
  • New functions that better catch errors parsing command line inputs to guard against buffer overflows and other undefined behavior
  • Fixed TOCTOU (Time of check, time of use) issues when reading some Linux system files (getting version info and other low-level device information)
  • Fixed a few memory leaks that were identified
  • Many new functions were added to the library opensea-common to guard against undefined and system unique behavior in the std-c library to ensure consistency across platforms.
  • All meson project files updated with recommended warning/linker flags recommended by OpenSSF and OWASP for GCC, Clang, and MSVC compilation to better detect issues and compile a more secure executable.
  • All warnings from these new flags have been resolved on all platforms we have been able to test (Windows, Linux, FreeBSD)
  • A secure-file access API has been written for all platforms based on recommendations from Cert-C coding standard to ensure files cannot be tampered with before accessing them.
  • When reading system environment variables, Cert-C's recommendation to check for tampering has been implemented.

There are many other security improvements we will look into for the future, and this is just a high-level overview of all the work that was done.

While not directly related to security, we have tagged all files with appropriate SPDX comments to note the license(s) that apply to help with SBOM creation. We do not have a generated SBOM yet as we are still exploring the different tools to see which works best.

Seagate has also implemented SLSA level 3 on openSeaChest to allow users to check both the source_with_submodules packages and the binary executables to ensure they came from the source: This github project. Visit SLSA.org for more information about this project!
SLSA verification outputs are available and can be run through the SLSA verifier project on Github!

Functionality changes in openSeaChest

New Utilities

  • openSeaChest_Raw can be used to issue raw CDBs to SCSI/SAS/SAT devices. It also supports issuing raw TFR's to ATA devices.
  • openSeaChest_Defect is used to view standardized defect lists on SAS and SATA drives. It also has functionality to create flagged errors and psuedo-uncorrectable errors for testing purposes.

Both of these utilities were part of Seagate's internal toolset and have been moved to openSeaChest!

New Functions

  • Support for new ability to change a drive's Model Number while changing the maxLBA to a new value.
    Example: A 30TB drive can be set to 26TB and update the model number it reports to show as 26TB instead of the original 30TB.
    This is only supported on some of the latest drives with ACS-6 support.
  • Ability to configure and view the ATA Write-Read-Verify feature (WRV)
  • Improved configuring and viewing ATA Power Up In Standby feature (PUIS).
  • PUIS feature control is moving to openSeaChest_PowerControl going forward. Existing support in openSeaChest_Configure remains in place for this release.
  • Refactored Sanitize command support
  • Sanitize support for Zone-No-Reset or No-Deallocate functions for ZBD/NVMe devices that support these features.
  • Sanitize support for Allow Unrestricted Sanitize Exit (AUSE) is also supported as an optional flag in sanitize going forward. By default, sanitize still runs in restricted mode.
  • Sanitize Overwrite support for specifying how many overwrite passes to perform, between 1-16 for SATA and NVMe and 1-32 for SAS. Default of a single pass remains.
  • Detection of Write After Crypto Erase Required and Write After Block Erase Required now output in sanitize info for SAS drives as well as PI detection to warn that an overwrite will be necessary before reading back from these devices.
  • Added old ATA SMART-offline routine support
  • Added Seagate Unique Device statistics to --deviceStatistics output. Many of these related to Sanitize erasures and when they were last completed. This is for both SAS and SATA devices that support these statistics.
  • Added showing SATA Phy Event counters page
  • Added SFF-8055 style SMART trip warning message about backing up data when a SMART trip is detected.
  • Added CCISS RAID support in Linux. This support is for HBA's running the following drivers: CCISS, HPSA, SmartPQI
  • Some default SAT CDB creation rules were added for known SAT translators based on Vendor/Product ID/Revision reported on SAT VPD 89h page. This improves support on Broadcom, Avago, LSI, Microchip, Adaptec, PMC, and HPE controllers we have been able to test and reduces the number of retries used in the code to work around issues with SAT passthrough CDBs.

Bug Fixes

  • Fixed a rare bug in --smartCheck when a nominal or worst ever value is zero and a threshold value is specified. This was generating a false-positive trip on some USB devices. This is not a common issue.
  • Fixed ATA Security Erase time estimate calculation
  • Fixed a bug reading supported SCSI PI types
  • Fixed a bug reading SCSI relative humidity levels
  • Fixed a bug generating a binary log file name in openSeaChest_Logs
  • Refactored drive info and device discovery to better handle legacy devices and modern devices. This primarily affects ATA style device reporting. This also improves USB device performance.
  • Fixed a bug reading ATA long logical sector sizes. No known real-world impacts, but an incorrect macro was used so it could have truncated this field.
  • Fixed a bug reading NVMe format for NVMe 2.0 devices with more than 16 formats supported
  • Fixed issuing Sanitize Crypto and Sanitize Block erase in Windows 10 and Windows 11 to NVMe devices
  • Fixed verbose CSMI scan in Windows due to improperly initialized structure
  • Special case to work around Microsoft Virtual Disks in Windows during scan and avoid commands that are known to not be supported.
  • Fixed a bug where some ATA PIO-In commands were marked as failures when they actually passed due to incorrect status interpretation.
  • Fixed a bug setting the TPSIU field for some SAT CDBs
  • Fixed a bug where specifying a large transfer size for firmware updates could cause a failure on SATA drives due to a low-level SAT translation work-around.
  • Improved the ATA checksum function to better handle overflows as intended by the ATA specifications.
  • Fixed sanitizing ATA Security Passwords in memory before releasing the memory (both stack and heap uses).
  • Improved performance concatenating strings. This is most noticable in the ATA SMART attributes output where this is used a lot.