[T10] Determining an SED Drive

Amir Dagan1 AMIRDA at il.ibm.com
Sun Apr 10 01:49:06 PDT 2016 

Thanks - where do think that would be in the extended INQUIRY (which 
field)? I'd like to relay on a generic structure of INQUIRY - not 
necessarily vendor-specific. 



From:   Curtis Stevens <curtis.stevens at wdc.com>
To:     "John Geldman (jgeldman)" <jgeldman at micron.com>, Amir 
Dagan1/Israel/IBM at IBMIL
Cc:     "T10, Reflector" <T10 at t10.org>
Date:   2016-04-08 01:51
Subject:        RE: [T10] Determining an SED Drive



Agreed! Go 1667 J
 
 
 
 
-------------------------------------------------
Curtis E. Stevens
Director, Standards & Features Technology
3355 Michelson Dr. #100
Office: 1-1041
Irvine, Ca. 92612
 
Phone: 949-672-7933
Cell: 949-307-5050
E-Mail: Curtis.Stevens at WDC.com
 
Remember, you may only be blamed for something if you are actually doing 
something.
 
From: John Geldman (jgeldman) [mailto:jgeldman at micron.com] 
Sent: Thursday, April 7, 2016 3:11 PM
To: Amir Dagan1 <AMIRDA at il.ibm.com>; Curtis Stevens 
<curtis.stevens at wdc.com>
Cc: T10, Reflector <T10 at t10.org>
Subject: RE: [T10] Determining an SED Drive
 
One more bit of complexity. If you are working with a SED that was 
designed to support Microsoft?s BitLocker, it would support IEEE 1667 to 
communicate with the TCG functionality. 
 
IEEE 1667 support/version information and/or TCG support/version may show 
up in extended INQUIRY responses. 
 
John
 
From: t10-bounces at t10.org [mailto:t10-bounces at t10.org] On Behalf Of Amir 
Dagan1
Sent: Thursday, April 07, 2016 2:19 PM
To: Curtis Stevens
Cc: T10, Reflector
Subject: Re: [T10] Determining an SED Drive
 
(Adding John's final note to keep it single-threaded)

Thank you John, Curtis and Gerry for your useful notes.

I was looking after a method which will be as generic as possible - for a 
"HW-agnostic" environment - where the type of drive and FW is not known in 
advance (some enterprise drive spec do have a SED bit - but I cannot trust 
that).

Combining all the comments I realise now that if the system SW is designed 
to do TCG SED, then the right way would be to send a level 0 discovery to 
all the devices and rule out those who do not allow to proceed with the 
process.

I tend to agree with Curtis' bottom line...

Many thanks,
Amir

--

Amir, 
 
While there has been a fair amount of advice for you, I?m not sure it is 
on target. 
What did you mean by a SED device? Did you have a specific type in mind 
(e.g., TCG implementations)? 
 
Thank you,
John Geldman
 
 

John Geldman
Director, Industry Standards, 

Micron Technology, Inc.
Office +1 (408) 822-0348  Mobile +1 (510) 449-3597

jgeldman at micron.com 



From:        Curtis Stevens <curtis.stevens at wdc.com>
To:        Gerry Houlder <gerry.houlder at seagate.com>, "Otte, Olga" <
olga.otte at hpe.com>
Cc:        "T10, Reflector" <T10 at t10.org>
Date:        2016-04-07 20:31
Subject:        Re: [T10] Determining an SED Drive
Sent by:        t10-bounces at t10.org




Actually, TCG is one way to do SED, there are others that do not use TCG. 
Depending on a command to fail is really not a reliable we to determine 
that some underlying functionality is available.
 
This was handled on the T13 side by adding a SED bit.  The only use case 
is for customers that get custom configurations and know what they are 
getting in advance.  Due to the nature of the problem, there is no 
reliable/universal detection method.  Whatever you define can be spoofed. 
Including Model # and Manufacturer.
 
 
 
-------------------------------------------------
Curtis E. Stevens
Director, Standards & Features Technology
3355 Michelson Dr. #100
Office: 1-1041
Irvine, Ca. 92612
 
Phone: 949-672-7933
Cell: 949-307-5050
E-Mail: Curtis.Stevens at WDC.com
 
Remember, you may only be blamed for something if you are actually doing 
something.
 
From: t10-bounces at t10.org [mailto:t10-bounces at t10.org] On Behalf Of Gerry 
Houlder
Sent: Thursday, April 7, 2016 9:17 AM
To: Otte, Olga <olga.otte at hpe.com>
Cc: T10, Reflector <T10 at t10.org>
Subject: Re: [T10] Determining an SED Drive
 
If you get drive not ready, then the drive is not spun up yet.
If you get invalid command, then the drive is not SED.
There may be exceptions where an SED uses vendor specific protocols (not 
SECURITY PROTOCOL IN and SECURITY PROTOCOL OUT commands) that you can't 
determine from this method.
 
On Thu, Apr 7, 2016 at 10:31 AM, Otte, Olga <olga.otte at hpe.com> wrote:
Do we expect ?drive not ready? or ?Invalid command? check condition if 
drive is not spin up yet? I think I am getting timing issue and not sure 
what is expected behavior.
 
Olga Otte HPE
 
From: t10-bounces at t10.org[mailto:t10-bounces at t10.org] On Behalf Of Saha, 
Soumit
Sent: Thursday, April 07, 2016 7:35 AM
To: Amir Dagan1
Cc: T10, Reflector
Subject: Re: [T10] Determining an SED Drive
 
You have to send SPC trusted receive (IF-RECV) SCSI primary command with 
discovery payload and handle illegal requests if the drive is not an SED.
There are no vital data pages for SED specific attributes.
On 7 Apr 2016 12:39, Amir Dagan1 <AMIRDA at il.ibm.com> wrote:
Hello,

Is there a "SCSI" way (non vendor specific) to tell whether a device is an 
SED one (Self Encrypting Drive)?
I do not mean by P/N etc., but a designated field in a logpage, inquiry, 
etc.

Thanks,
Amir Dagan
IBM

_______________________________________________
T10 mailing list
T10 at t10.org
http://www.t10.org/mailman/listinfo/t10
 _______________________________________________
T10 mailing list
T10 at t10.org
http://www.t10.org/mailman/listinfo/t10


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.t10.org/pipermail/t10/attachments/20160410/76793ca7/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/png
Size: 6277 bytes
Desc: not available
URL: <http://www.t10.org/pipermail/t10/attachments/20160410/76793ca7/attachment.png>

More information about the T10 mailing list