Monday, April 4, 2016

GeoTime: Android App showing Actual Time Difference Between Two Cities [Sunrise Time Difference]

Features of GeoTimeApp:

  • Shows Actual Time Difference and Time Zone difference between two Cities  
  • Having Inbuilt Offline Database of more than 20,000 Cities of the World  
  • Shows other information about Cities like Location Co-Ordinates [Longitude and Lattitude], Time Zone Name, Time Zone Value, Country Code, ISD Code  
  • User can select any City available in the database"

What is Actual Time Difference:

  • Lets take example of two Indian Cities. Ahmedabad and Kolkata.
  • Both belong to same Time Zone which is 'Asia/Kolkata [5:30]'. So, as per Time Zone, there is no difference in time between these two cities.
  • But, if you go to Kolkata, you will notice that there Sun rises approx. 1 Hour earlier than Ahmedabad.
  • So, if Sun rises at 6:30 AM in Ahmedabad, it will rise at 5:30 AM in Kolkata. This is Actual Time Difference.
  • Most people, experience this but they don't have information about this Actual Time difference. Mostly, time difference data between two Cities is available as per Time Zone.
  • This App show this Actual Time Difference between Two Cities !!!"

GeoTime App Snapshots

Download GeoTime App

  • This App will work fine with Android Version 4.0.3 [IceCreamSandwich] or Higher 

Monday, April 21, 2014

Published Articles Perl GUI Builder Simplifying SoC Verification by communicating between HVL Env and Processor
Before I describe a way to simplify SoC verification, let me clarify what do I mean by SoC. SoC, System on Chip, means a chip which is having different design blocks integrated together, in which the main controlling block is the Processor (Proc). The Proc in SoC will have access to most or all blocks in the chip to control them.
Now, if we need to verify SoC, we have to deal mostly with Proc because most of the things will be controlled by it. We need to initialize/configure registers of different blocks, configure DMA channels for data transfer, handle interrupts and other kinds of exceptions, etc. using Proc only. When we say, we have to do all these things using Proc that means, we need to write C or Assembly Language code which will be converted to hex code (machine code), which Proc can execute.
Since we have to do most of the things in C or Assembly Language, strength of verification will become very limited because we can’t use powerful features of HVL like SystemVerilog (SV), Vera, etc.
Someone might argue that we can use PLI or DPI (of SV) for directly calling C from SV and vice versa. But, you might already know that PLI or DPI is going to make simulation very slow which can’t be afforded if you are verifying a very big chip. Also, Proc might not support syntaxes which are required to use DPI. In case of ARM Proc (which supports very limited set of instructions), it doesn’t even support all syntaxes of C language.
As an alternate way, we can implement our own communication mechanism between Proc and HVL env which is faster than PLI/DPI and flexible also. Since we are developing it on our own, we can customize it as per our requirement.
Using this new mechanism,
  1. We can read/write any register or memory location which can be accessible by Proc (C code), using SV.
  2. We can pass valuable information back and forth from Proc to HVL Env and vice versa, to achieve synchronization between the two. This will be very useful in generating complex SoC scenarios.
From now onwards, we will term this mechanism as SV-C (SystemVerilog-C) mechanism.

Read Complete Article An Effective way to drastically reduce bug fixing time in SoC Verification

Many times we are not aware of very useful EDA tool options which are already available. Even if such options are very well documented, we don't look at them and try them [I partly agree that tool supports MANY options and trying/understanding them is time consuming and boring]. But some options are very useful and if you know them, it makes job of design engineer and/or verification engineer very easy.
Here, I am going to talk about one very powerful and useful VSIM option of QuestaSim. It is VCDSTIM option of VSIM. As per Mentor Graphics Corporation, people didn’t understand the value of this powerful option in bug hunting though it is already in the tool for so long.
[Note: VSIM is last step of 3 step (vlog => vopt => vsim) simulation flow of QuestaSim].
Details of VCDSTIM option
VCDSTIM is one of the options of VSIM of QuestaSim. Here are the details of this option as described in QuestaSim User Manual.

Read Complete Article Basics of Assertion IP

The purpose of this article is to provide some basic information about Assertion IP to people who don’t have much information about it.
As per the name, AIP is having assertions written at interface level.
Mostly, AIP is written following strict design coding guidelines so that it can be synthesizable.
AIP can be used in Functional simulation environment as an interface monitor similar to transaction level monitor which is used to check interface behavior as per interface protocol. But, mainly it is targeted for Formal environment with Formal tool.
In Formal environment with Formal tool, it is used to generate stimulus to design, perform interface level checks and provide coverage in the Formal environment to verify the design with very less efforts.
Inside AIP
One will found following details in most of the AIP
  • Top level module having Inputs and Outputs which is used to connect [or bind] AIP with DUT
  • Parameters to customize AIP to work with customized DUT
  • Having interface checkerswritten in the form of properties
  • Assert / Assume / Cover declarations of the properties
  • Glue logic to help writing complex protocol check conditions in the properties
Bind will be used to connect AIP with DUT without creating separate test bench module or without editing design code.
One can create separate bind file and using bind keyword, AIP can be connected to DUT.
One can use internal signals and parameters of top level DUT module during binding. Binding AIP with DUT using bind keyword is something like one is creating instance of AIP module inside top level DUT module.
Glue logic
Main purpose of the AIP is to run it with Formal tool in Formal environment. So, AIP should be written in such a way that it will be Formal tool friendly and fully synthesizable. There are various coding guidelines to code AIP to make it formal tool friendly. Those details are out of scope for this article.
Glue logic is required in AIP to avoid writing very complex conditions in the properties. Formal tool will find it very hard to converge on properties if they involve very complex conditions. So, one need to write separate glue logic which can take care of complex condition of the property and code in the property will get simplified.
Assert, Assume and Cover
People familiar with SystemVerilog assertions will be mostly aware of assert, assume and cover declarations of the properties.
AIP will be having various properties to perform protocol checks on given interface.
Then, those properties will be declared as “assert” so that it can indicate adherence or violation of the protocol condition in either formal or simulation environment. In Formal environment, one can look at property falsification and in simulation environment, one can look at failing message in the log.

Saturday, August 22, 2009

Ganeshay Dheemahi By Shankar Mahadevan

Following are parts taken from Shankar Mahadevan's Beautiful Song about Bhagavan Ganesha in Bollywood movie Virudh.
Ganeshay Dheemahi Part 1
Ganeshay Dheemahi Part 2
Ganeshay Dheemahi Part 3
Ganeshay Dheemahi Part 1-2-3

Wednesday, October 15, 2008

Installing Windows XP on HP Pavilion DV6707 Laptop

As you know, HP Pavilion dv6707 laptop comes with Windows Vista Pre-Installed. If you want to replace Windows Vista by Windows XP, you need new drivers for WinXP. Recovery DVD or 'SWSETUP' created using Window Vista will not help to install drivers for WinXP. All drivers come with Windows Vista are not compatible with Windows XP.
Refer to any of the following link to get WinXP compatible drivers. These drivers can also work on dv6000, dv9000 and dvxx7x series as per Link1.

Link1: Downgrading Hewlett Packard dv6000 series Notebook from Vista to XP
The Official DV6704nr "Vista to XP" Guide
Download and Install the drivers as mentioned in any of the above link.
Issue with 'Audio Device On HD Bus'
Even after following step 5 as described in above Link1, if 'Audio Device On HD Bus' doesn't show up in device manager, you need to follow step 3 of Link2.
But neither step 5 of Link1 nor step 3 of Link2, helps in resolving 'Audio Driver' issue in Window XP with Service Pack 3. To resolve it, follow the steps as mentioned below.

1. Open 'Start' -> 'Run'
2. Give 'regedit' command to open registry editor
3. Modify Value of 'CSDVersion' key in 'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Windows' from 300 to 200
4. Restart machine
5. Install KB888111xpsp2.exe
6. Modify Value of 'CSDVersion' key in 'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Windows' from 200 to 300
7. Restart machine

These steps are also found here
Now, you will have 'Audio Device On HD Bus' in device manager. Now, you can install 'audio driver' on this device.
Steps mentioned above are tested on HP Pavilion dv6707 with WinXP SP3. They are working perfectly fine.

Sunday, June 1, 2008

VMM Source Code Released Under Apache License

After source code of OVM (Open Verification Methodology) which is based on AVM (Advanced Verification Methodology) by Mentor Graphics, now source code of VMM (Verification Methodology Manual) for SystemVerilog by Synopsys , can also be freely downloaded. Synopsys has released its entire VMM library source code under Apache Open Source License. It can be freely downloaded from
Not only you can download VMM source code, you can modify it also as per your needs. And if you think, your modifications should become part of VMM library, it is also possible. If VMM designer get convinced about your modification, your modification might become part of VMM source code. Read this Verification Martial Arts: Verification Methodology initiated by author of VMM, for more details about how to convey your modification to VMM designer.

Friday, May 16, 2008

Implementing Linked Methods of rvm_env/vmm_env/avm_env/ovm_env

If you have used RVM (Reference Verification Methodology) in Vera or VMM (Verification Methodology Manual), AVM (Advanced Verification Methodology) or OVM (Open Verification Methodology) in SystemVerilog, then you will be familiar with rvm_env, vmm_env, avm_env, etc. base classes. These classes has set of methods build, cfg_dut, run, etc. which are getting called in predefined order. When you call any single method, it will make sure that previous methods in given order set has already called, and if not, it will be called first to ensure ordering. Do you know how this order can be maintained in *_env (rvm_env, vmm_env, avm_env or ovm_env) classes? In this article, I will try to explain one way of implementing this chain of method calls. I don't know how exactly, it is implemented in *_env but they can be implemented as follows also. Who knows they might be implemented as described below in *_env?.

I will try to explain this flow using vmm_env class. vmm_env class has following methods which are executed in the order metioned as below.

    1.  gen_cfg()
    2.  build()
    3.  reset_dut()
    4.  cfg_dut()
    5.  start()
    6.  wait_for_end()
    7.  stop()
    8.  clean()
    9.  report()
    10. run()

When you call build() and if gen_cfg() is not called before that, gen_cfg() will be called first then build will execute.

Same way, if you call gen_cfg() followed by cfg_dut() followed by report(), then cfg_dut() will make sure to call reset_dut() first "before executing itself", report will make sure to call start(), wait_for_end(), stop(), clean(), in the order given, "before executing itself".

There is one more top level method, called run(). If you don't call any of the previous method and just call run(), it will make sure all the previous methods called in the given order "before executing itself". I am giving emphasis on "before executing itself" because it is key of this chain flow of method calling.

This is just an overview of method chaining. Now, let see how it can be implemented. If you look at the implementation, logic is very easy...

Look at the following code.

class vmm_env();

    local bit gen_cfg_done;
    local bit build_done;
    local bit reset_dut_done;
    local bit cfg_dut_done;
    local bit start_done;
    local bit wait_for_end_done;
    local bit stop_done;
    local bit clean_done;
    local bit report_done;

    function new();
        gen_cfg_done      = 0;
        build_done        = 0;
        reset_dut_done    = 0;
        cfg_dut_done      = 0;
        start_done        = 0;
        wait_for_end_done = 0;
        stop_done         = 0;
        clean_done        = 0;
        report_done       = 0;

    function void gen_cfg();
        gen_cfg_done = 1;

    function void build();
        if(gen_cfg_done == 0)
        build_done = 1;

    task reset_dut();
        if(build_done == 0)
        reset_dut_done = 1;

    task cfg_dut();
        if(reset_dut_done == 0)
        cfg_dut_done = 1;

    task start();
        if(cfg_dut_done == 0)
        start_done = 1;

    task wait_for_end();
        if(start_done == 0)
        wait_for_end_done = 1;

    task stop();
        if(wait_for_end_done == 0)
        stop_done = 1;

    task clean();
        if(stop_done == 0)
        clean_done = 1;

    task report();
        if(clean_done == 0)
        clean_done = 1;

    task run();
        if(report_done == 0)


Very easy... Isn't it?
Now see, when you call only run() without calling any other method, following will happen.


I guess do_test() of avm_env/ovm_env might have the same logic.

Now you might also came to know that why super.<method>() (, super.reset_dut(), super.cfg_dut(), etc.) is compulsory at the start of these methods in class extended from *_env. If you don't call super.<method>(), above mentioned internal functionality of base class required for chaining will not execute properly.

I hope this information will be useful to you.

Leave comment if you have any suggestion/question/doubt about his article.


Sunday, May 11, 2008

Print Screen in Windows Vista

If you are running Windows Vista, you might have faced issues in 'Print Screen' or 'Screen Capture' functionality.
In other version of Windows by pressing key 'print screen' or 'Alt + print screen', you can take snapshot of your entire screen or active window, respectively. Then you can paste it into 'Paint' and save it. But in Windows Vista, pressing key 'print screen' or 'Alt + print screen' does not capture the screen. I think they have modified key combination for screen capture.
In Windows Vista you need to press 'Fn + print screen' or 'Fn + Alt + print screen' to capture the entire screen or active window.
In most cases, 'Fn' key is located at bottom left part of keyboard, between 'Ctrl' and 'Window' key.

Wednesday, April 23, 2008

Advanced use of define macro in RVM and VMM of Synopsys

If you have used RVM (Reference Verification Methodology) library for Vera or VMM (Verification Methodology Manual) library for SystemVerilog, implemented by Synopsys, you can recall channel, atomic generator, scenario genertor, rvm_OO_callbacks, vmm_callbacks macros. These macros are generic/reusable macro written using above mentioned two powerful features of define macro.

In VMM for SystemVerilog,
`channel(data_class) // data_class_channel
This macro call creates customized channel class declaration handling object of type data_class.

`atomic_gen(data_class) // data_class_atomic_gen
This macro call creates customized atomic generator class declaration handling object of type data_class.

`scenario_gen(data_class) // data_class_scenario_gen
This macro call creates customized scenario generator class declaration handling object of type data_class.
This macro call all creates classes like 'data_class_scenario', 'data_class_scenario_election', etc.

If you have noticed, implementation of `vmm_callbacks is given in the vmm document.

I hope this information improves your knowledge about using define macro.


Reusable Channel using Define Macro

Now, same code can be implemented using define macro as follows.

`define channel(A) class A``_channel ; // Class of type 'A_channel' \
    A queue[$]; \
    semaphore sem; \
    task put_data(A t); \
        sem.get(1); \
        queue.push_back(t); \
        sem.put(1); \
    endtask \
    task get_data(ref A t); \
        sem.get(1); \
        t = queue.pop_back(t); \
        sem.put(1); \
    endtask \

Using above mentioned code, you can create any type of customized channel between two components.
Channel passing integer data between two components using,
integer_channel int_channel = new();
Channel passing class object of type 'data_class' between two component using,
data_class_channel data_class_channel = new();
As you noted here, `channel(integer) or `channel(data_class) macro calls, creates customized channel class declarations for you and then you can instantiate those class objects.

Another thing to be noticed is the use of `` to create customized data type. In the example above, I have used 'A_``channel'. This expands to 'A_channel'.

Next: Advanced use of define macro in RVM and VMM of Synopsys

Reusable Channel using Parameterized class

Let's consider the example of generic channel using paramerized class,

class channel #(type T = integer);

    T          queue[$];
    semaphore  sem;
    task put_data(T t);
    task get_data(ref T t);
        t = queue.pop_back(t);


Using above mentioned code, you can create any type of customized channel between two components.
Channel passing integer data between two components using,
channel #(integer) int_channel = new();
Channel passing class object of type 'data_class' between two component using,
channel #(data_class) data_class_channel = new();

Next: Reusable Channel using Define Macro

Features of Define Macro in SystemVerilog

Following is the excerpt from SystemVerilog LRM about important features of define macro.

1. In Verilog, the ‘define macro text can include a backslash ( \ ) at the end of a line to show continuation on the next line.

2. In SystemVerilog, the macro text can also include `", `\`" and ``.
An `" overrides the usual lexical meaning of ", and indicates that the expansion should include an actual quotation mark. This allows string literals to be constructed from macro arguments.
A `\`" indicates that the expansion should include the escape sequence \", e.g.
`define msg(x,y) `"x: `\`"y`\`"`"
This expands:
$display(`msg(left side,right side));
$display("left side: \"right side\"");

3. A `` delimits lexical tokens without introducing white space, allowing identifiers to be constructed from arguments,

`define foo(f) f``_suffix
This expands:

These three are most important features because using them we can create customizable data_type and generic or reusable SystemVerilog Components.

For example consider following macro,
`define MY_DATA_TYPE(A) A
Using this macro, I can do following.

Instead of writing,
integer a;
I can write,
`MY_DATA_TYPE(integer) a;

You might think that is it advanced use of Macro? But when you read Reusable Channel using Define Macro of this article, you will realize that how this simple feature of define macro can help in creating generic/reusable components. Here, only intention is to convey that "Using define macro you can 'pass' data_type as argument".
define macro consider its argument as 'text only', it doesn't impose rule of 'keyword' or 'data type' on that. So passing data type as argument to define macro doesn't result into any compilation error.
These features can be used as an alternate option to 'Parameterization feature of SystemVerilog' (Parameterized Classes). If you are using EDA tool or SystemVerilog Compiler that doesn't support 'Parameterized class', you can use define macro as supplement for that, to make generic or reusable components.

Let's go through how to create generic/reusable SystemVerilog components using 'Parameterized Class' and Using 'Define Macro'.

Next: Reusable Channel using Parameterized class

Tuesday, April 22, 2008

ATAUtil: Download ATA Utility

Please read all the information/guideline/usage details given in 'Lock-Unlock Hard Disk', before downloading and running this utility.

This utility doesn't run on 64-bit machine. I have tried it on my laptop which has AMD Athelon 64-bit Processor but it doesn't work. It seems that 64-bit processor doesn't understand the instruction set compiled in the utility.

This is very risky utility. Any mistake done by user results in permanent failure of hard disk. User should be extremely careful while running this utility. If user forgot the password after locking hard disk, his hard disk is of no use, until unlocked. So user should be very very careful. Please digest all the information given, before running this utility.

Try this utility at your own risk. I have tested it on my hard disks. But I don't know how different makes of hard disk behave on this utility. It is sole responsibility of the user, for any damage done this utility, in any case.

  1. ATAUtil.exe - Core of Utility
  2. EGAVGA.BGI - This is Graphics library used by 'C' language. Put this file in the same directory where ATAUtil.exe is located.

I hope it will be useful to you and will improve your knowledge.


ATAUtil: How to Use This Utility - 2

Use arrow key to select the option. Lets go through option one by one.

Using this option, you can select at which interface your hard disk is connected. There are four locations at which your ATA hard disk can be connected. Primary Master, Primary Slave, Secondary Master and Secondary Slave. Select the option which is appropriate in your case. The option you selected will be reflected at the top of Graphic.
The default option selected is Primary Master.

This command is available even if hard disk is locked.

This option gives various details about your device. It gives information about Serial no., Firmware revision no., Model no.. It prints no. of User Addressable Sectors, which version of ATA is supported. Most important information about whether your device supports security feature is not, is displayed. If it says it supports security feature, you can go ahead. If it says it doesn't support security feature, don't play with this utility with device selected.
At the end of display, it prints status of command, whether command completed successfully, with error or aborted. If command doesn't completed successfully, don't play with this utility with the device selected. You can select other device on other channel and try on that.

If you don't know about channels at which your hard disk is connected, you can do trial and error. For example, if you selected primary master and then selected this option. If it says command completed with error or aborted that means at primary master CD/DVD ROM is connected or your hard disk might not able to complete the command. Now, repeat same for primary slave and secondary master and slave.

These option is the safe option because in this option nothing is written to hard disk. It just reads information from hard disk. So during this option, if command completes with error or aborted, just come out and select different channel and master-slave. Almost all subsequent options are one or other way writing to hard disk. So, again saying, don't run any of the below mentioned option for which command completed with error/abort or security feature is not supported on the device.

This command is available even if hard disk is locked.

Once you get the 'Security Supported' in the device information then you can use this option to enable the security and set the user password. After completion of this command, user password will be set in the hard disk and security will be enabled. Once you give hard reset or restart your machine, your hard disk will be locked.
Rules of password:
Length of password can be maximum 32 characters.
Only use alpha-numeric(a-zA-Z0-9) characters only for password.
In this utility, rest of the characters of password is appended with space. Means if you set password as 'thisismypassword' (length 16), rest of the 16 characters of password are 'space'. This is to ensure that no garbage data will be set as password. When you unlock the device, you don't need to append 'space' after password. Utility will automatically append 'space' in your password, while unlocking also.

This command will not be available once hard disk is locked. It will be completed with error, until hard disk is unlocked.

Once you get the 'Security Supported' in the device information then you can use this option to set the master password. After completion of this command, master password will be set in the hard disk but security will NOT be enabled. Only setting user password only enables the security. That means if you only set the master password and do not set the user password, and then give hard reset or restart your machine, your hard disk will be still unlocked. But, master password is set. Later on this master password can be used to unlock the hard disk, when disk will be locked.

Since 'maximum' security level is risky, this utility only sets the security level as 'high', and never set it to 'maximum'. Please read information about 'ATA security' in previous blog for more details about security level.

This command will not be available once hard disk is locked. It will be completed with error, until hard disk is unlocked.

Once hard disk is locked, you can select this option and provide user password which you set previously, to unlock the hard disk. After successfully completion of this command unlocks the hard disk.

This command is available even if hard disk is locked. It must be enabled otherwise how do you unlock.

Once hard disk is locked, you can select this option and provide master password which you set previously, to unlock the hard disk. After successfully completion of this command unlocks the hard disk.

This command is available even if hard disk is locked. It must be enabled otherwise how do you unlock.

Once your 'SET USER PASSWORD' command completes successfully, security will be enabled in your hard disk. You can check 'SECURITY STATUS' command after that. It will show that security is enabled. Upto this point security is enabled but device is not locked (will be locked at hard reset or next power on). But at this point if you want you can disable the security using this command. If this command completes successfully security will get disabled and device will not be locked until 'SET USER PASSWORD' command is run again.

This command is not available when hard disk is locked. It will be completed with error.

Same as 'DISABLE SECURITY USING USER PASSWORD', but in this case you will disable security using master password instead of user password.

This command is not available when hard disk is locked. It will be completed with error.

This command gives information about current security status. It prints whether security enabled or not, security level is high or maximum, security is locked or not, security is freezed or not, security count is expired or not (five wrong attempt of either 'user' or 'master' password cause security count to expire. You need to give hard reset to hard disk to again enter the correct password) and Enhanced security erase is supported or not.

This command will run even if hard disk is locked.

This command is also disable in this utility because it might create memory allocation issue while reading large no. of sectors.

This command is disabled in this utility for possible misuse of this option. This option can be used to create boot sector viruses.

Using this command, you can come out of utility anytime.

ATAUtil: How to Use This Utility - 1


Please read the information given about 'ATA security' in the previous blog before downloading and running this utility.

Once you run this utility in MS-DOS mode, you will see graphical interface that itself says everything about it. But, still I am explaining it here, to avoid any mistake.

After running utility, following options will be displayed.



ATAUtil: Requirement to Run The Utility

Following are the requirements to run the utility.
  1. Bootable CD/floppy using which you can start computer in MS-DOS mode. This utility will not run, when OS (Operating System) is running. Because it is written in pure 'C' language and is using low level APIs of 'C' which are generally blocked by OS.
  2. Copy files (exe and bgi) of this utility to Bootable CD/floppy or you can copy it to your hard disk itself. But copying it in hard disk is risky because once hard disk is locked, you will not be able to access utility from hard disk, after hard reset is applied or computer is restarted. If you have two hard disks, you can store it in other hard disk and make sure that you didn't lock the hard disk in which utility is copied.

In future, I am planning to give image that will contain bootable code + utility, that you can directly burn to your CD or floppy.


ATAUtil: About The Utility

I have coded this utility entirely in 'C' language, which is the best language for accessing any device at low level. It has three layers of code.
1. The top layer deals with graphics for user interaction with the utility.
2. Second layer is for creating command request and completion data, as understood by the ATA protocol.
3. Third layer which is the lowest level deals with actual ATA controller register to perform operation requested by user.

Using this utility user,
1. Can get the information about different device connected to primary (master and slave) and secondary channel (master and slave) of IDE/ATA controller.
2. Will be able to know that whether his hard disk supports Security feature or not.
3. Can set user and master password in his hard disk and lock-unlock hard disk if security feature is supported.
4. Can enable or disable the security feature.
5. Can get information about current security settings.

For any assistance contact me at:
I would encourage to write comment instead of mailing me in case of any issue/query about the utility. So solution will be available to everyone. I will be notified by email whenever you write comment.

Monday, April 21, 2008

Detail of Security Feature of ATA


The optional Security Mode feature set is a password system that restricts access to user data stored on a device. The system has two passwords, User and Master, and two security levels, High and Maximum. The security system is enabled by sending a user password to the device with the SECURITY SET PASSWORD command. When the security system is enabled, access to user data on the device is denied after a power cycle until the User password is sent to the device with the SECURITY UNLOCK command. A Master password may be set in addition to the User password. The purpose of the Master password is to allow an administrator to establish a password that is kept secret from the user, and which may be used to unlock the device if the User password is lost. Setting the Master password does not enable the password system.

The security level is set to High or Maximum with the SECURITY SET PASSWORD command. The security level determines device behavior when the Master password is used to unlock the device. When the security level is set to High the device requires the SECURITY UNLOCK command and the Master password to unlock. When the security level is set to Maximum the device requires a SECURITY ERASE PREPARE command and a SECURITY ERASE UNIT command with the masterpassword to unlock. Execution of the SECURITY ERASE UNIT command erases all user data on the device.

The SECURITY FREEZE LOCK command prevents changes to passwords until a following power cycle. The purpose of the SECURITY FREEZE LOCK command is to prevent password setting attacks on the security system.

A device that implements the Security Mode feature set shall implement the following minimum set of commands:
Support of the Security Mode feature set is indicated in IDENTIFY DEVICE data word 82 and data word 128.

Security mode initial setting
When the device is shipped by the manufacturer, the state of the Security Mode feature shall be disabled. The initial Master password value is not defined by this standard. If the Master Password Revision Code feature is supported, the Master Password Revision Code shall be set to FFFEh by the manufacturer.

User password lost
If the User password sent to the device with the SECURITY UNLOCK command does not match the user password previously set with the SECURITY SET PASSWORD command, the device shall not allow the user to access data. If the Security Level was set to High during the last SECURITY SET PASSWORD command, the device shall unlock if the Master password is received. If the Security Level was set to Maximum during the last SECURITY SET PASSWORD command, the device shall not unlock if the Master password is received. The SECURITY ERASE UNIT command shall erase all user data and unlock the device if the Master password matches the last Master password previously set with the SECURITY SET PASSWORD command.

Attempt limit for SECURITY UNLOCK command
The device shall have an attempt limit counter. The purpose of this counter is to defeat repeated trial attacks. After each failed User or Master password SECURITY UNLOCK command, the counter is decremented. When the counter value reaches zero the EXPIRE bit (bit 4) of IDENTIFY DEVICE data word 128 is set to one, and the SECURITY UNLOCK and SECURITY UNIT ERASE commands are command aborted until the device is powered off or hardware reset. The EXPIRE bit shall be cleared to zero after power-on or hardware reset. The counter shall be set to five after a power-on or hardware reset.