[T10] Determining an SED Drive

Curtis Stevens curtis.stevens at wdc.com
Thu Apr 7 15:51:50 PDT 2016


Agreed! Go 1667 :)




-------------------------------------------------
Curtis E. Stevens
Director, Standards & Features Technology
3355 Michelson Dr. #100
Office: 1-1041
Irvine, Ca. 92612

Phone: 949-672-7933
Cell: 949-307-5050
E-Mail: Curtis.Stevens at WDC.com<mailto:Curtis.Stevens at WDC.com>

Remember, you may only be blamed for something if you are actually doing something.

From: John Geldman (jgeldman) [mailto:jgeldman at micron.com]
Sent: Thursday, April 7, 2016 3:11 PM
To: Amir Dagan1 <AMIRDA at il.ibm.com>; Curtis Stevens <curtis.stevens at wdc.com>
Cc: T10, Reflector <T10 at t10.org>
Subject: RE: [T10] Determining an SED Drive

One more bit of complexity. If you are working with a SED that was designed to support Microsoft's BitLocker, it would support IEEE 1667 to communicate with the TCG functionality.

IEEE 1667 support/version information and/or TCG support/version may show up in extended INQUIRY responses.

John

From: t10-bounces at t10.org<mailto:t10-bounces at t10.org> [mailto:t10-bounces at t10.org] On Behalf Of Amir Dagan1
Sent: Thursday, April 07, 2016 2:19 PM
To: Curtis Stevens
Cc: T10, Reflector
Subject: Re: [T10] Determining an SED Drive

(Adding John's final note to keep it single-threaded)

Thank you John, Curtis and Gerry for your useful notes.

I was looking after a method which will be as generic as possible - for a "HW-agnostic" environment - where the type of drive and FW is not known in advance (some enterprise drive spec do have a SED bit - but I cannot trust that).

Combining all the comments I realise now that if the system SW is designed to do TCG SED, then the right way would be to send a level 0 discovery to all the devices and rule out those who do not allow to proceed with the process.

I tend to agree with Curtis' bottom line...

Many thanks,
Amir

--

Amir,

While there has been a fair amount of advice for you, I'm not sure it is on target.
What did you mean by a SED device? Did you have a specific type in mind (e.g., TCG implementations)?

Thank you,
John Geldman


[cid:image001.png at 01D123AF.225CEFA0]<http://www.micron.com/>
John Geldman
Director, Industry Standards,

Micron Technology, Inc.
Office +1 (408) 822-0348  Mobile +1 (510) 449-3597

jgeldman at micron.com<mailto:jgeldman at micron.com>



From:        Curtis Stevens <curtis.stevens at wdc.com<mailto:curtis.stevens at wdc.com>>
To:        Gerry Houlder <gerry.houlder at seagate.com<mailto:gerry.houlder at seagate.com>>, "Otte, Olga" <olga.otte at hpe.com<mailto:olga.otte at hpe.com>>
Cc:        "T10, Reflector" <T10 at t10.org<mailto:T10 at t10.org>>
Date:        2016-04-07 20:31
Subject:        Re: [T10] Determining an SED Drive
Sent by:        t10-bounces at t10.org<mailto:t10-bounces at t10.org>
________________________________



Actually, TCG is one way to do SED, there are others that do not use TCG.  Depending on a command to fail is really not a reliable we to determine that some underlying functionality is available.

This was handled on the T13 side by adding a SED bit.  The only use case is for customers that get custom configurations and know what they are getting in advance.  Due to the nature of the problem, there is no reliable/universal detection method.  Whatever you define can be spoofed.  Including Model # and Manufacturer.



-------------------------------------------------
Curtis E. Stevens
Director, Standards & Features Technology
3355 Michelson Dr. #100
Office: 1-1041
Irvine, Ca. 92612

Phone: 949-672-7933
Cell: 949-307-5050
E-Mail: Curtis.Stevens at WDC.com<mailto:Curtis.Stevens at WDC.com>

Remember, you may only be blamed for something if you are actually doing something.

From: t10-bounces at t10.org<mailto:t10-bounces at t10.org> [mailto:t10-bounces at t10.org] On Behalf Of Gerry Houlder
Sent: Thursday, April 7, 2016 9:17 AM
To: Otte, Olga <olga.otte at hpe.com<mailto:olga.otte at hpe.com>>
Cc: T10, Reflector <T10 at t10.org<mailto:T10 at t10.org>>
Subject: Re: [T10] Determining an SED Drive

If you get drive not ready, then the drive is not spun up yet.
If you get invalid command, then the drive is not SED.
There may be exceptions where an SED uses vendor specific protocols (not SECURITY PROTOCOL IN and SECURITY PROTOCOL OUT commands) that you can't determine from this method.

On Thu, Apr 7, 2016 at 10:31 AM, Otte, Olga <olga.otte at hpe.com<mailto:olga.otte at hpe.com>> wrote:
Do we expect "drive not ready" or "Invalid command" check condition if drive is not spin up yet? I think I am getting timing issue and not sure what is expected behavior.

Olga Otte HPE

From: t10-bounces at t10.org<mailto:t10-bounces at t10.org>[mailto:t10-bounces at t10.org<mailto:t10-bounces at t10.org>] On Behalf Of Saha, Soumit
Sent: Thursday, April 07, 2016 7:35 AM
To: Amir Dagan1
Cc: T10, Reflector
Subject: Re: [T10] Determining an SED Drive


You have to send SPC trusted receive (IF-RECV) SCSI primary command with discovery payload and handle illegal requests if the drive is not an SED.

There are no vital data pages for SED specific attributes.
On 7 Apr 2016 12:39, Amir Dagan1 <AMIRDA at il.ibm.com<mailto:AMIRDA at il.ibm.com>> wrote:
Hello,

Is there a "SCSI" way (non vendor specific) to tell whether a device is an SED one (Self Encrypting Drive)?
I do not mean by P/N etc., but a designated field in a logpage, inquiry, etc.

Thanks,
Amir Dagan
IBM

_______________________________________________
T10 mailing list
T10 at t10.org<mailto:T10 at t10.org>
http://www.t10.org/mailman/listinfo/t10
 _______________________________________________
T10 mailing list
T10 at t10.org<mailto:T10 at t10.org>
http://www.t10.org/mailman/listinfo/t10
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.t10.org/pipermail/t10/attachments/20160407/fa1b7bbe/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 6277 bytes
Desc: image001.png
URL: <http://www.t10.org/pipermail/t10/attachments/20160407/fa1b7bbe/attachment-0001.png>


More information about the T10 mailing list