What is a Host Protected Area?

Today computers come with large hard drives. Some can be 1 terabyte and other can be up to 4 terabytes (a terabyte is 1000 Gigabytes.) If a computer is purchased and the specs say that it has a 30 GB hard drive chances are that that actual useable space is smaller than that. Say around 27 GB, but when the user checks how much space is on the hard drive the OS will also say that it has 27 GB. This computer most likely has either a host protected area or a disk configuration overlay.

When a hard drive is made the vendor will set aside space at the end of the drive to be used as either a DCO (Disk configuration overlay) or HPA (Host protected area). This section of the hard drive is used to store data like system restoration files, or security software.

The concept of a disk configuration overlay was first seen in the ATA-4 standard and the host protected area was first seen in the ATA-6 standard. These concepts allow vendors to purchase hard drives of different sizes and essentially make them the same exact size so they can be used in their products.

The HPA and DCO cannot be accessed using normal commands or the operating system (the operating system does not see the HPA or DCO.) Some ATA commands are used to access these hidden areas. Examples of ATA commands are:

  • IDENTIFY DEVICE
    • Operating systems use this command to see what space on a hard drive can be used to store data.
  • SET MAX ADDRESS
    • This command can be used to create an HPA or DCO. As an example let’s say the maximum size of a hard drive is 1000GB. I use the SET MAX ADDRESS command to set the max address at 950GB. I just created an HPA; the last 50GB of the disk will not be seen by the OS since the max address according to the OS is 950GB.
  • READ NATIVE MAX ADDRESS
    • Certain pieces of hardware and firmware (i.e. the BIOS) use the READ NATIVE ADDRESS ATA command to see the true size of the hard drive. These devices are known as “HPA aware”

HPAs and DCOs have many uses some examples are:

  • Using an HPA to set a large hard drive to a smaller size so that older BIOS and boot loader programs can run.
  • The HPA can contain recovery programs or a preloaded OS set by the vendor
  • The HPA can also contain either root kits that are hiding or malicious code that can avoid detection by residing in the HPA.

For more information on HPAs and DCOs check the Wikipedia article at:

So the next time you check the size of your hard drive it may not be what the OS is showing you. Thanks for reading!

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s