Table of Contents
Advertisement
SCSI Commands: 44BSECURITY PROTOCOL OUT
Field
Bytes
Bits
RDMC
5
4-5
Raw
Decryption
Mode Control
CEEM
5
6-7
Check
External
Encryption
Mode
ENCRYPTION
6
MODE
DECRYPTION
7
MODE
ALGORITHM
8
INDEX
KEY FORMAT
9
Description
00= Each encrypted block is marked per the default setting for the
algorithm.
01= Reserved
10= Each encrypted block is marked in a format specific manner
as enabled for raw decryption mode operations.
11= Each encrypted block is marked in a format specific manner
as disabled for raw decryption mode operations.
00= Vendor specific.
01= Encryption mode used when the block was written is not
checked.
10= For READ or VERIFY commands the encryption mode in use
when the block was written is checked. Error reported if the
block was written in EXTERNAL mode.
11= For READ or VERIFY commands the encryption mode in use
when the block was written is checked. Error reported if the
block was written in ENCRYPT mode.
0 = DISABLE (Data encryption is disabled.)
1 = EXTERNAL (The data associated with the WRITE(6)
command has been encrypted by a system that is compatible
with the algorithm specified by the ALGORITHM INDEX field.)
2 = ENCRYPT (The device server shall encrypt all data that it
receives for a WRITE(6) command using the algorithm
specified in the ALGORITHM INDEX field and the key
specified in the KEY field.)
0 = DISABLE (Data decryption is disabled. If the device server
encounters an encrypted logical block while reading, it shall
not allow access to the data.)
1 = RAW (Data decryption is disabled. If the device server
encounters an encrypted logical block while reading, it shall
pass the encrypted block to the host without decrypting it. The
encrypted block may contain data that is not user data.)
2 = DECRYPT (The device server shall decrypt all data that is
read from the medium in response to a READ(6) command or
verified when processing a VERIFY(6) command. The data
shall be decrypted using the algorithm specified in the
ALGORITHM INDEX field and the key specified in the KEY
field.)
3 = MIXED (The device server shall decrypt all data that is read
from the medium that
it determines was encrypted
to a READ(6) command or verified when processing a
VERIFY(6) command. The data shall be decrypted using the
algorithm specified in the ALGORITHM INDEX field and the
key specified in the KEY field. If the device server encounters
unencrypted data when processing a READ(6) or VERIFY(6)
command, the data shall be processed without decrypting.)
00h = AES-256/GCM.
If any other value, then the device server shall terminate the
command with CHECK CONDITION status, with the sense key set
to ILLEGAL REQUEST, and the additional sense code set to
INVALID FIELD IN PARAMETER DATA.
00h = The KEY field contains the key to be used to encrypt or
decrypt data.
If any other value, then the device server shall terminate the
command with CHECK CONDITION status, with the sense key set
to ILLEGAL REQUEST, and the additional sense code set to
INVALID FIELD IN PARAMETER DATA.
Page 198
in response
Advertisement
Table of Contents
