1

Colleagues,

I'm implementing support for ATA trusted commands 

0x5C, TRUSTED RECEIVE, 
0x5D, TRUSTED RECEIVE DMA, 
0x5E, TRUSTED SEND
0x5F, TRUSTED SEND DMA,

for Linux (two hosts, Fedora 12 and 14) to support self-encrypting drives. I took a code from this page http://www.jukie.net/bart/blog/ata-via-scsi as the base code. For trusted receive (on this layer it is identical to IDENTIFY, 0xEC):

sg_io.interface_id    = 'S';
sg_io.cmdp            = cdb;
sg_io.cmd_len         = sizeof(cdb);
sg_io.dxferp          = data_in_buffer;
sg_io.dxfer_len       = data_in_length;         // multiple of 512
sg_io.dxfer_direction = SG_DXFER_FROM_DEV;
sg_io.sbp             = sense;
sg_io.mx_sb_len       = sizeof(sense);
sg_io.timeout         = 5000;                   // 5 seconds


cdb[0] = 0x85;           // pass-through ATA16 command (no translation)
cdb[1] = (4 << 1);       // data-in
cdb[2] = 0x2e;           // data-in
cdb[4] = feature_id;     // ATA feature ID
cdb[6] = 1;              // number of sectors
cdb[7] = lba_low >> 8;
cdb[8] = lba_low;
cdb[9] = lba_mid >> 8;
cdb[10] = lba_mid;
cdb[11] = lba_high >> 8;
cdb[12] = lba_high;
cdb[14] = 0x5C;           // TRUSTED RECEIVE

rc = ioctl (fd, SG_IO, &sg_io);

It works perfectly for Identify and all other commands, but not for trusted commands. When I connect protocol analyzer, I see that these commands are not sent to SATA bus. The adaptor is capable to send them, because they are coming OK under Windows (not my code, but I think using ATA_PASS_THROUGH). And yes, I'm running this code as root.

Please help to resolve this mystery :)

Dmitry Obukhov
  • 31
  • 1
  • 6
  • what are lba_low, lba_mid, and lba_high.. How can I find information about setting these variables? – Nick Oct 16 '12 at 19:10

1 Answers1

5

See /usr/src/linux/drivers/ata/libata-scsi.c:

/*
 * Filter TPM commands by default. These provide an
 * essentially uncontrolled encrypted "back door" between
 * applications and the disk. Set libata.allow_tpm=1 if you
 * have a real reason for wanting to use them. This ensures
 * that installed software cannot easily mess stuff up without
 * user intent. DVR type users will probably ship with this enabled
 * for movie content management.
 *
 * Note that for ATA8 we can issue a DCS change and DCS freeze lock
 * for this and should do in future but that it is not sufficient as
 * DCS is an optional feature set. Thus we also do the software filter
 * so that we comply with the TC consortium stated goal that the user
 * can turn off TC features of their system.
 */
if (tf->command >= 0x5C && tf->command <= 0x5F && !libata_allow_tpm)
        goto invalid_fld;
ephemient
  • 198,619
  • 38
  • 280
  • 391
  • It seems like "modprobe libata allow_tpm=1" doesn't work on my Fedora 14. – Dmitry Obukhov Jan 16 '11 at 21:59
  • @Dmitry: It doesn't work if `libata` is already loaded. You'll have to boot with `libata.allow_tpm=1` on the kernel command line or with `options libata allow_tpm=1` in `/etc/modprobe.conf` or `/etc/modprobe.d/*.conf`, depending on how the system is set up. – ephemient Jan 16 '11 at 22:08
  • For those who might be interested in a tool to configure TCG drives: https://sourceforge.net/projects/tcgparm/ – Dmitry Obukhov Apr 12 '11 at 19:50
  • What are the lba_low, lba_mid and lba_high variables? HOw to set their values? – Nick Oct 16 '12 at 19:11
  • Can anyone expand the TPM acronym used here? – Wilbur Whateley Jan 30 '18 at 19:11
  • @Wilbur Trusted Platform Module (TPM) – Perdi Estaquel May 29 '19 at 06:42
  • @PerdiEstaquel no, I don't think that's it. That's why I asked. This is ATA, not TCG Trusted Platform. – Wilbur Whateley May 30 '19 at 00:20
  • See ATA specs: Trusted Security Protocol field 01h-06h: Defined by TCG – Perdi Estaquel May 30 '19 at 05:04
  • @PerdiEstaquel if that's the case, it would be TCG, no TPM. What TPM relevant information could POSSIBLY be put in a field in an ATA command? – Wilbur Whateley May 30 '19 at 17:25
  • 1
    Found it: libata_allow_tpm is a flag that serves effectively to indiscriminately block ATA TRUSTED SEND/RECV commands (opcodes 0x5C-0x5F). See [this commit](https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/drivers/ata/libata-scsi.c?id=ae8d4ee7ff429136c8b482c3b38ed994c021d3fc). If the 'tpm' here really was meant as Trusted Platform Module, I think it represents a gross misunderstanding of terminology by the kernel developer. – Wilbur Whateley May 30 '19 at 17:56