问题描述

同事们，

我正在实现对 ATA 可信命令的支持

I'm implementing support for ATA trusted commands

0x5C, TRUSTED RECEIVE,
0x5D, TRUSTED RECEIVE DMA,
0x5E, TRUSTED SEND
0x5F, TRUSTED SEND DMA,

Linux(两台主机，Fedora 12 和 14)支持自加密驱动器.我从这个页面上取了一个代码 http://www.jukie.net/bart/blog/ata-via-scsi 作为基本代码.对于可信接收(在这一层，它与 IDENTIFY, 0xEC 相同):

for Linux (two hosts, Fedora 12 and 14) to support self-encrypting drives. I took a code from this page http://www.jukie.net/bart/blog/ata-via-scsi as the base code. For trusted receive (on this layer it is identical to IDENTIFY, 0xEC):

sg_io.interface_id    = 'S';
sg_io.cmdp            = cdb;
sg_io.cmd_len         = sizeof(cdb);
sg_io.dxferp          = data_in_buffer;
sg_io.dxfer_len       = data_in_length;         // multiple of 512
sg_io.dxfer_direction = SG_DXFER_FROM_DEV;
sg_io.sbp             = sense;
sg_io.mx_sb_len       = sizeof(sense);
sg_io.timeout         = 5000;                   // 5 seconds


cdb[0] = 0x85;           // pass-through ATA16 command (no translation)
cdb[1] = (4 << 1);       // data-in
cdb[2] = 0x2e;           // data-in
cdb[4] = feature_id;     // ATA feature ID
cdb[6] = 1;              // number of sectors
cdb[7] = lba_low >> 8;
cdb[8] = lba_low;
cdb[9] = lba_mid >> 8;
cdb[10] = lba_mid;
cdb[11] = lba_high >> 8;
cdb[12] = lba_high;
cdb[14] = 0x5C;           // TRUSTED RECEIVE

rc = ioctl (fd, SG_IO, &sg_io);

它非常适用于识别和所有其他命令，但不适用于受信任的命令.当我连接协议分析器时，我看到这些命令没有发送到 SATA 总线.适配器能够发送它们，因为它们在 Windows 下运行正常(不是我的代码，但我认为使用 ATA_PASS_THROUGH).是的，我以 root 身份运行此代码.

It works perfectly for Identify and all other commands, but not for trusted commands. When I connect protocol analyzer, I see that these commands are not sent to SATA bus. The adaptor is capable to send them, because they are coming OK under Windows (not my code, but I think using ATA_PASS_THROUGH). And yes, I'm running this code as root.

请帮助解开这个谜:)

推荐答案

参见 /usr/src/linux/drivers/ata/libata-scsi.c:

/*
 * Filter TPM commands by default. These provide an
 * essentially uncontrolled encrypted "back door" between
 * applications and the disk. Set libata.allow_tpm=1 if you
 * have a real reason for wanting to use them. This ensures
 * that installed software cannot easily mess stuff up without
 * user intent. DVR type users will probably ship with this enabled
 * for movie content management.
 *
 * Note that for ATA8 we can issue a DCS change and DCS freeze lock
 * for this and should do in future but that it is not sufficient as
 * DCS is an optional feature set. Thus we also do the software filter
 * so that we comply with the TC consortium stated goal that the user
 * can turn off TC features of their system.
 */
if (tf->command >= 0x5C && tf->command <= 0x5F && !libata_allow_tpm)
        goto invalid_fld;

这篇关于Linux 中的 ATA 可信命令的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！