Linux 中的 ATA 可信命令 [英] ATA Trusted commands in Linux

问题描述

同事们，

我正在实现对 ATA 可信命令的支持

I'm implementing support for ATA trusted commands

0x5C, TRUSTED RECEIVE, 
0x5D, TRUSTED RECEIVE DMA, 
0x5E, TRUSTED SEND
0x5F, TRUSTED SEND DMA, 

Linux(两台主机，Fedora 12 和 14)支持自加密驱动器.我从这个页面上取了一个代码 http://www.jukie.net/bart/blog/ata-via-scsi 作为基本代码.对于可信接收(在这一层，它与 IDENTIFY, 0xEC 相同):

for Linux (two hosts, Fedora 12 and 14) to support self-encrypting drives. I took a code from this page http://www.jukie.net/bart/blog/ata-via-scsi as the base code. For trusted receive (on this layer it is identical to IDENTIFY, 0xEC):

sg_io.interface_id    = 'S';
sg_io.cmdp            = cdb;
sg_io.cmd_len         = sizeof(cdb);
sg_io.dxferp          = data_in_buffer;
sg_io.dxfer_len       = data_in_length;         // multiple of 512
sg_io.dxfer_direction = SG_DXFER_FROM_DEV;
sg_io.sbp             = sense;
sg_io.mx_sb_len       = sizeof(sense);
sg_io.timeout         = 5000;                   // 5 seconds


cdb[0] = 0x85;           // pass-through ATA16 command (no translation)
cdb[1] = (4 << 1);       // data-in
cdb[2] = 0x2e;           // data-in
cdb[4] = feature_id;     // ATA feature ID
cdb[6] = 1;              // number of sectors
cdb[7] = lba_low >> 8;
cdb[8] = lba_low;
cdb[9] = lba_mid >> 8;
cdb[10] = lba_mid;
cdb[11] = lba_high >> 8;
cdb[12] = lba_high;
cdb[14] = 0x5C;           // TRUSTED RECEIVE

rc = ioctl (fd, SG_IO, &sg_io);

它非常适用于识别和所有其他命令，但不适用于受信任的命令.当我连接协议分析器时，我看到这些命令没有发送到 SATA 总线.适配器能够发送它们，因为它们在 Windows 下运行正常(不是我的代码，但我认为使用 ATA_PASS_THROUGH).是的，我以 root 身份运行此代码.

It works perfectly for Identify and all other commands, but not for trusted commands. When I connect protocol analyzer, I see that these commands are not sent to SATA bus. The adaptor is capable to send them, because they are coming OK under Windows (not my code, but I think using ATA_PASS_THROUGH). And yes, I'm running this code as root.

请帮助解开这个谜:)

推荐答案

参见 /usr/src/linux/drivers/ata/libata-scsi.c:

/*
 * Filter TPM commands by default. These provide an
 * essentially uncontrolled encrypted "back door" between
 * applications and the disk. Set libata.allow_tpm=1 if you
 * have a real reason for wanting to use them. This ensures
 * that installed software cannot easily mess stuff up without
 * user intent. DVR type users will probably ship with this enabled
 * for movie content management.
 *
 * Note that for ATA8 we can issue a DCS change and DCS freeze lock
 * for this and should do in future but that it is not sufficient as
 * DCS is an optional feature set. Thus we also do the software filter
 * so that we comply with the TC consortium stated goal that the user
 * can turn off TC features of their system.
 */
if (tf->command >= 0x5C && tf->command <= 0x5F && !libata_allow_tpm)
        goto invalid_fld;

这篇关于Linux 中的 ATA 可信命令的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！