On Tue, 29 Aug 2017, Tejun Heo wrote: > On Tue, Aug 29, 2017 at 09:08:05AM -0600, David Ahern wrote: > > On 8/29/17 6:42 AM, Christoph Hellwig wrote: > > > --- > > > From e661047ec3a25587648b07c02a687a7dac778f3b Mon Sep 17 00:00:00 2001 > > > From: Christoph Hellwig <[email protected]> > > > Date: Tue, 29 Aug 2017 14:35:50 +0200 > > > Subject: libata: check for trusted computing in IDENTIFY DEVICE data > > > > > > ATA-8 and later mirrors the TRUSTED COMPUTING SUPPORTED bit in word 48 of > > > the IDENTIFY DEVICE data. Check this before issuing a READ LOG PAGE > > > command to avoid issues with buggy devices. The only downside is that > > > we can't support Security Send / Receive for a device with an older > > > revision due to the conflicting use of this field in earlier > > > specifications. > > Christoph, I'm gonna revert the horkage patch and apply this one. If > you can think of a better way to do this, please let me know.
The one thing that comes to mind would be an additional patch to allow people with ATA-7 to bypass the identify device data, and rely just on the read log page check, based on a kernel command line parameter. If we get enough sucessful reports to make it worth it, an whitelist could be added... -- Henrique Holschuh
