ATA Trusted commands in Linux

匿名 (未验证) 提交于 2019-12-03 10:24:21

问题:

Colleagues,

I'm implementing support for ATA trusted commands

0x5C, TRUSTED RECEIVE,  0x5D, TRUSTED RECEIVE DMA,  0x5E, TRUSTED SEND 0x5F, TRUSTED SEND DMA,  

for Linux (two hosts, Fedora 12 and 14) to support self-encrypting drives. I took a code from this page http://www.jukie.net/bart/blog/ata-via-scsi as the base code. For trusted receive (on this layer it is identical to IDENTIFY, 0xEC):

sg_io.interface_id    = 'S'; sg_io.cmdp            = cdb; sg_io.cmd_len         = sizeof(cdb); sg_io.dxferp          = data_in_buffer; sg_io.dxfer_len       = data_in_length;         // multiple of 512 sg_io.dxfer_direction = SG_DXFER_FROM_DEV; sg_io.sbp             = sense; sg_io.mx_sb_len       = sizeof(sense); sg_io.timeout         = 5000;                   // 5 seconds   cdb[0] = 0x85;           // pass-through ATA16 command (no translation) cdb[1] = (4 << 1);       // data-in cdb[2] = 0x2e;           // data-in cdb[4] = feature_id;     // ATA feature ID cdb[6] = 1;              // number of sectors cdb[7] = lba_low >> 8; cdb[8] = lba_low; cdb[9] = lba_mid >> 8; cdb[10] = lba_mid; cdb[11] = lba_high >> 8; cdb[12] = lba_high; cdb[14] = 0x5C;           // TRUSTED RECEIVE  rc = ioctl (fd, SG_IO, &sg_io); 

It works perfectly for Identify and all other commands, but not for trusted commands. When I connect protocol analyzer, I see that these commands are not sent to SATA bus. The adaptor is capable to send them, because they are coming OK under Windows (not my code, but I think using ATA_PASS_THROUGH). And yes, I'm running this code as root.

Please help to resolve this mystery :)

回答1:

See /usr/src/linux/drivers/ata/libata-scsi.c:

/*  * Filter TPM commands by default. These provide an  * essentially uncontrolled encrypted "back door" between  * applications and the disk. Set libata.allow_tpm=1 if you  * have a real reason for wanting to use them. This ensures  * that installed software cannot easily mess stuff up without  * user intent. DVR type users will probably ship with this enabled  * for movie content management.  *  * Note that for ATA8 we can issue a DCS change and DCS freeze lock  * for this and should do in future but that it is not sufficient as  * DCS is an optional feature set. Thus we also do the software filter  * so that we comply with the TC consortium stated goal that the user  * can turn off TC features of their system.  */ if (tf->command >= 0x5C && tf->command <= 0x5F && !libata_allow_tpm)         goto invalid_fld; 


标签
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!