SATA DOMs and UFM write protection

[afge23]

I have motherboards that have a SATA DOM and also others that have UFM, which is a USB type header specific for flash modules.

My question is, do these modules usually incorporate a write protection switch? I see many of them advertised as having one, but I have never seen one, can anyone post pictures or video of this switch, or documentation which describes how it functions?

Are these modules basically unused at this point? Has m.2 replaced it? It seems like they are very expensive and hard to find.

 

[Stevie_1der]

I have never actually come across a SATA module or USB thumb drive with a write protection switch.
The vast majority of USB thumb and SATA DOM drives donesn't have that switch, although there exist some (even available as M.2 SATA from for example Innodisk) if you're willing to pay the extra fee.

The functionality would be as follows (simplified):
Either the controller inside the drive will query the switch (for some brands, you can even set the write protection per ATA command) and simply deny write operations if set.
Another option which I found is using some sort of shadow copies. The actual write protected contents is saved, the drive permits writes, but doesn't actually write them to the same location, so after a power cycle they are gone and replaced with the previously saved shadow copy.

But even that doesn't provide 100% security.
If you have physical access, you can just flip the switch, or flash a new firmware onto the drive if you're a skilled enough cracker.

 

[Chris Moore]

and also others that have UFM

Like this?

They are not very popular because they are pretty expensive, but I have a couple systems at work that came that way from the vendor.
They don't have write protect switches because the OS uses that device interactively, not only to boot from but also to store all the system settings and logs.
Why would you want a write protect switch?

 

[Chris Moore]

Are these modules basically unused at this point?

Application specific. Some systems use them exclusively.

Has m.2 replaced it?

No. Completely different technology for a different purpose.

It seems like they are very expensive and hard to find.

Hard to find because they are expensive because they are not widely used because it is usually easier to get and use a SATA DOM but SATA DOM devices are expensive also for similar reasons.

 

[afge23]

My understanding was if there was a way to prevent writes, you could have a VM loader os which cannot be modified through software. Is Sata DOM more general purpose (like low energy), whereas UFM more proprietary implementations based on vendor solutions (bios, hardware, software).

 

[Chris Moore]

My understanding was if there was a way to prevent writes, you could have a VM loader os which cannot be modified through software. Is Sata DOM more general purpose (like low energy), whereas UFM more proprietary implementations based on vendor solutions (bios, hardware, software).

The USB Flash Module (UFM) devices I have seen were used in systems that were intended to be appliances. They just plug into a standard USB header on the system board, although some system vendors make the connector look different. I have used some of these:
https://www.memorydepot.com/ssd/listcat.html?catid=usbh-2me
The 32GB modules, in FreeNAS servers where I work. The main purpose in my case was to not use a SATA port and these are much more durable than a regular USB memory stick. I have some 8GB ones that are almost five years old and still working fine.