SCSI Commands: 43BSECURITY PROTOCOL IN
Field
Bytes
ENCRYPTION
5
MODE
DECRYPTION
6
MODE
ALGORITHM
7
INDEX
KEY
8-11
INSTANCE
COUNTER
RDMD
12
(Raw
decryption
mode
disabled)
CEEMS
12
(Check
external
encryption
mode status)
The Key-Associated Data Descriptors List shall contain the descriptors which were present in the Set
Data Encryption page sent by the I_T nexus requesting the Data Encryption Status page. These may
include any of the following descriptors:
Authenticated
16
Key-
bytes
Associated
Data
Descriptor
Unauthenticat
36
ed Key-
bytes
Associated
Data
Descriptor
Metadata Key-
68
Associated
bytes
Data
Descriptor
If the currently-loaded medium does not support encryption, then the fields of the
Data Encryption Status page shall have the following values:
Field
Page Length
Key Scope
I_T Nexus Scope
Encryption Mode
Decryption Mode
Algorithm Index
Key Instance Counter
Key-Associated Data Descriptors List
Bits
Description
Value from the encryption mode in the saved data encryption
parameters currently associated with the I_T nexus on which
this command was received.
Value from the decryption mode in the saved data encryption
parameters currently associated with the I_T nexus on which
this command was received.
00h = AES-256/GCM.
Value of the key instance counter assigned to the key indicated by
the KEY SCOPE field value.
Set to one if the device server is configured to mark each
0
encrypted record as disabled for raw read operations based on the
RDMC_C value and the raw decryption mode disable parameter in
the saved data encryption parameters. See the Set Data
Encryption page of the SECURITY PROTOCOL OUT command.
2-1
Contains the value from the check external encryption mode
parameter in the saved data encryption parameters. See the Set
Data Encryption page of the SECURITY PROTOCOL OUT
command.
Key-Associated Data Descriptors List
Contents of the authenticated key-associated data (A-KAD)
descriptor included (if any) when the key was established in the
device server.
Contents of the unauthenticated key-associated data (U-KAD)
descriptor included (if any) when the key was established in the
device server.
Contents of the metadata key-associated data (M-KAD) descriptor
included (if any) when the key was established in the device
server.
Value
0014h
0h
0h
0h
0h
00h
0h
None returned
Page 190