From: Jethro Beekman <kernel@jbeekman.nl>
To: Christoph Hellwig <hch@infradead.org>
Cc: keith.busch@intel.com, axboe@fb.com,
linux-nvme@lists.infradead.org, linux-kernel@vger.kernel.org
Subject: Re: [PATCH 0/3] nvme: Don't add namespaces for locked drives
Date: Fri, 24 Jun 2016 00:45:08 -0700 [thread overview]
Message-ID: <576CE504.5020101@jbeekman.nl> (raw)
In-Reply-To: <20160624073728.GA30277@infradead.org>
On 24-06-16 00:37, Christoph Hellwig wrote:
> On Sun, Jun 19, 2016 at 04:06:31PM -0700, Jethro Beekman wrote:
>> Hi all,
>>
>> If an NVMe drive is locked with ATA Security, most commands sent to the drive
>> will fail. This includes commands sent by the kernel upon discovery to probe
>> for partitions. The failing happens in such a way that trying to do anything
>> with the drive (e.g. sending an unlock command; unloading the nvme module) is
>> basically impossible with the high default command timeout.
>
> Do you have any spec that defines this ATA security protocol and how
> it applies to NVMe? The NVMe spec just referes to SPC4 for security
> protocols, and I haven't been able to find a reference to an ATA
> security protocol in it either, but I haven't tried hard yet.
As you found NVMe points to SPC-4. SPC-4 lists protocol 0xEF "ATA Device Server
Password Security" as part of the SECURITY PROTOCOL IN command, pointing to
SAT-2. In one SAT-2 draft I could find there is are these sections
12 SAT-specific SCSI extensions
12.5 SAT-specific Security Protocols
12.5.1 ATA Device Server Password Security Protocol
which provide a pretty straightforward translation of the ATA SECURITY feature
set (except that there is a new command to gather information that would
normally be part of ATA IDENTIFY). I have implemented all this and it seems to
work on my drive.
Jethro
next prev parent reply other threads:[~2016-06-24 7:45 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-06-19 23:06 [PATCH 0/3] nvme: Don't add namespaces for locked drives Jethro Beekman
2016-06-19 23:06 ` [PATCH 1/3] nvme: When scanning namespaces, make sure the drive is not locked Jethro Beekman
2016-06-24 8:12 ` Christoph Hellwig
2016-06-19 23:06 ` [PATCH 2/3] nvme: Add function for NVMe security receive command Jethro Beekman
2016-06-19 23:06 ` [PATCH 3/3] nvme: Check if drive is locked using ATA Security Jethro Beekman
2016-06-24 8:09 ` Christoph Hellwig
2016-06-20 6:46 ` [PATCH 0/3] nvme: Don't add namespaces for locked drives Sagi Grimberg
2016-06-24 8:09 ` Christoph Hellwig
2016-06-20 15:26 ` Keith Busch
2016-06-20 18:21 ` Jethro Beekman
2016-06-20 22:54 ` Keith Busch
2016-06-21 3:50 ` Jethro Beekman
2016-06-24 7:43 ` Christoph Hellwig
2016-06-24 8:11 ` Christoph Hellwig
2016-06-24 7:37 ` Christoph Hellwig
2016-06-24 7:45 ` Jethro Beekman [this message]
2016-06-24 8:00 ` Christoph Hellwig
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=576CE504.5020101@jbeekman.nl \
--to=kernel@jbeekman.nl \
--cc=axboe@fb.com \
--cc=hch@infradead.org \
--cc=keith.busch@intel.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-nvme@lists.infradead.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox