I'm looking for a solution to write-protect the contents of a USB key. The idea is to prevent its contents from being inadvertently removed by the user or changed by malicious programs -- not to restrict the re-cycling of the key for something else.
Here is a summary of my findings so far:
Some keys have a switch which makes them read-only. Unfortunately this is not always the case.
With a FAT32 filesystem the only solution seems to be setting the files "read-only". But this protection is too weak. There is a slightly stronger write-protection available for NTFS, which can be achieved by removing write privileges from "All Users" it will make the files read-only to every account, except "Administrator". Formatting the disk as UDF makes it read-only under Windows XP SP3, but read-write in Windows Vista, Windows 7, Linux and Mac OS X. Formatting as ISO9660/CDFS makes it read-only under Linux and Mac OS X, but unfortunately the contents are not readable anymore from Windows.
With microcontroller-specific software is possible (if supported by the chip) to re-partition the key so it displays for example a write-protected and a read-write partition. The problem is that it is very confusing for the users: the write-protected partition can appear as a CD-ROM drive (which it is not), after insertion some drivers are apparently installed on the computer (in fact they are not really drivers), and it can lead to prompting for reboot. Besides, this solution cannot be applied universally because it requires knowing which chip is used in the drive, and the existence of publicly available tools to re-program the device.
John Reasor mentions utilities able to fill all free space on the device, making it impossible to create new files (see below).
Does there exist a general solution to store non-modifiable contents on a USB key?
It protects the contents from modifications typically done from the shell (e.g. delete, rename, move) or from the files and folders being modified by a standard applications (e.g. save-as)
It should work with most of the devices
The user can still re-format the device into a regular key to re-cycle it for another usage (for example, with fdisk)
Answer
Your findings are correct and there is no general solution that can help. Sorry.
I can only rephrase what you said:
Either they have a write protector switch or they don't
File System level protection that can vary between OSs and implementations
Microchip/key specific features, no easy way to know in advance - typically you would ask and get it manufactured to the specification e.g. I had one client who purchased some that were locked to read only after being duplicated. There was no way around this.
No comments:
Post a Comment