Document T10/ rev. 1

Similar documents
Assignments for Trusted Computing Group

Document T10/ rev. 0

Assignments for Trusted Computing Group

Public Key Infrastructures

Security Protocols and Infrastructures

Security Protocols and Infrastructures. Winter Term 2015/2016

TO: FROM: DATE: SUBJECT: Revisions General 2.1 The Mismatch does

1 Overview. T10/ revision 0

Public Key Infrastructures. Andreas Hülsing

Null second level LUN (0000h) (LSB) Null third level LUN (0000h) Null fourth level LUN (0000h)

1 Overview. 2 Changes to SPC-4. T10/ revision 5

Information technology Open Systems Interconnection The Directory Part 8: Public-key and attribute certificate frameworks

10.2 SCSI application layer

Category: Standards Track W. Ford VeriSign D. Solo Citigroup April 2002

Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile draft-ietf-pkix-rfc3280bis-04.

Machine Readable Travel Documents

TrustedFlash Security System Mapping for ATA-ACS8

Related Documents ses2r00 - SCSI Enclosure Services - 2 revision r0 - SES-2 INVOP for Threshold In page

Unless otherwise indicated additions are shown in blue, deletions in red strikethrough, and comments in green.

ISO/IEC INTERNATIONAL STANDARD

SHS Version 1.2 CA. The Swedish Agency for Public Management oct This version:

The next page shows the questions asked in revision 0 of this proposal and the answers supplied by the May SCSI Working Group meeting.

1) Revision history Revision 0 (Oct 29, 2008) First revision (r0)

Add the following section to REPORT SUPPORTED OPERATION CODES command.

6 May 2008 T10/08-018r3

TCG. TCG Storage Interface Interactions Specification. Specification Version 1.0. January 27, Contacts:

03-388r0 SBC-2 Nonvolatile caches 11 December 2003

ISO/IEC INTERNATIONAL STANDARD

Suggested Changes. Add to Clause 8 8.AA SECURITY PROTOCOL IN command 8.BB SECURITY PROTOCOL OUT command. Jim Hatfield (Seagate) Page 1 of 5

September 11, T10 Technical Committee John Lohmeyer, LSI Logic Principal Member of T10 Expander Communication Protocol. Revision 3 changes:

2 May r2 SAS-2 WWN-based Attached Device Name for SATA

T10/05-142r3 SAT - LOG SENSE command and SMART

draft-ietf-smime-cert-06.txt December 14, 1998 Expires in six months S/MIME Version 3 Certificate Handling Status of this memo

Request for Comments: TIS Labs March Storing Certificates in the Domain Name System (DNS)

ETSI TS V1.2.1 ( ) Technical Specification

ERRATA FOR. TCG Platform Attribute Credential Profile. Errata Version Published. Specification Version 1.0 Revision January 2018

04-082r0 SBC-2 Replace Notch and Partition mode page with READ CAPACITY 5 March 2004

500 disc CD-ROM Changer DRM-5004x series Changer Mechanism Controller SCSI Specifications

04-374r0 SES-2 Define a SAS Expander element 7 November 2004

PKI Services. Text PKI Definition. PKI Definition #1. Public Key Infrastructure. What Does A PKI Do? Public Key Infrastructures

Request for Comments: 2459 Category: Standards Track VeriSign W. Polk NIST D. Solo Citicorp January 1999

W. Polk (NIST) D. Solo (Citigroup) expires in six months October Internet X.509 Public Key Infrastructure. Certificate and CRL Profile

CONTENTS ISO/IEC:2005(E)

Revision History Related Documents Overview 1. iscsi port names and device names Suggestion 2. iscsi logical unit names Suggestion

Expires October 2005 Updates RFC 3280 April 2005

November 1998 Expires May Storing Certificates in the Domain Name System (DNS)

INTERNATIONAL STANDARD

COPYRIGHT DISCLAIMER TRADEMARK NOTICES PART NUMBER REVISION HISTORY CONTACTING TANDBERG DATA CORPORATION

04-218r1 SAT SPC-3 INQUIRY contents 29 July 2004

Internet Engineering Task Force (IETF) Category: Experimental Helsinki Institute for Information Technology ISSN: May 2011

04-352r0 SAS-1.1 Phy test functions for SMP 29 October 2004

PKCS #10 v1.7: Certification Request Syntax Standard (Final draft)

CI Plus ECP Specification v1.0 ( )

Internet Engineering Task Force (IETF) Request for Comments: 6403 Category: Informational ISSN: M. Peck November 2011

ISO/IEC INTERNATIONAL STANDARD

Item 2) In clause PL_OC2:Overall_Control state frame transmission cancellations: change the text to be as follows:

Subject SMC-3 TapeAlert enhancements

FCD Information Technology - Small Computer System Interface - Part 381: Optical Memory Card Device Commands (SCSI OMC)

Validation Policy r tra is g e R ANF AC MALTA, LTD

IBM System Storage TS3310 Tape Library. Reference GA

TCG Storage Interface Interactions Specification (SIIS) Specification Version 1.02 Revision December, 2011 TCG

Revision History Revision 0 (09 December 2007) first revision

Revisions. Introduction. Proposal

6 June r0 SAM-4 SCSI Initiator Port and Target Port capabilities attributes

06-378r0: SAT - Miscellaneous changes 18 August 2006

4.3 The Command Descriptor Block (CDB)

X.509 Certificate and Certificate Revocation List (CRL) Extensions Profile for Personal Identity Verification Interoperable (PIV-I) Cards

Internet Engineering Task Force (IETF) Request for Comments: 6818 Updates: 5280 January 2013 Category: Standards Track ISSN:

1 Overview. T10/ revision 6

ISO/IEC INTERNATIONAL STANDARD

Internet Engineering Task Force (IETF) Request for Comments: 5917 Category: Informational June 2010 ISSN:

Subject Report Volume Information. This command is a companion to , Report Element Information. Full background is available in that proposal.

CONTENTS. vii. Chapter 1 TCP/IP Overview 1. Chapter 2 Symmetric-Key Cryptography 33. Acknowledgements

Storage Maintenance (StorM) Working Group. Intended status: Standards Track. December 2011

The author believes that this revision of this document addresses the following previously unresolved OSD Letter Ballot comments:

Capability based Command Security

1 Overview. T10/ revision 8

Draft ETSI EN V ( )

Mode/ Log/ VPD Pages For Describing Solid State Storage (Revision 3.0 Draft 4)

This proposal attempts to correct that by defining FLUSH xxx commands for all object types.

Category: Informational January 2010 ISSN:

IBM System Storage TS3100 Tape Library and TS3200 Tape Library. Reference. Machine Type 3573 GA

August 14, T10 Technical Committee John Lohmeyer, LSI Logic Principal Member of T10 Expander Communication Protocol. Revision 1 changes:

16 January r3 SAM-4 SPC-4 SBC-3 Unit attention condition queuing

Block Data is the data transferred to or from the device using SCT Command Transport feature set capabilities.

Internet Engineering Task Force (IETF) Obsoletes: 6485 Category: Standards Track August 2016 ISSN:

Signtrust. ISIS-MTT Assessment Report

03-347r0 SES-2 Reporting peer enclosure service processes 15 October 2003

REMOVABLE / RE-WRITABLE MEDIA SPECIFICATION. Draft Proposal DOCUMENT STATUS. Universal Command Set for Removable/Re-Writable Media T10/97-227r0

Subject Report Element Information

03-388r2 SPC-3 SBC-2 Nonvolatile caches 10 March 2004

T10/06-119r0 SAS-2 BREAK_REPLY 28 February 2006

ADT Frame Format Notes (Paul Suhler) ADI ADT Frame Format Proposal (Rod Wideman)

T10/01-134r Page 1 of 13

Subject Report Element Information

Revision History Revision 0 (2 November 2002) first revision Revision 1 (31 December 2002) incorporated comments from November CAP WG.

26 April r0 SAT-2 WRITE LONG to WRITE UNCORRECTABLE EXT

9 January r0 SAS-2 SPC-4 Enabling and disabling Transport Layer Retries

PKI-An Operational Perspective. NANOG 38 ARIN XVIII October 10, 2006

Network Working Group S. Santesson Request for Comments: 3039 AddTrust Category: Standards Track W. Polk NIST. Barzin SECUDE. Nystrom RSA.

Transcription:

To: T10 Committee From: Gerry Houlder, Seagate Technology, gerry_houlder@seagate.com Developed for Trusted Computing Group, www.trustedcomputinggroup.org Subj: SPC-3 Security Commands proposal Date: June 27, 2005 This document presents a proposal for defining an industry standard set of interface commands for a trusted device, which is a component of an overall trusted system. A trusted device provides a horizontal security product embedded in devices whose behavior may be authorized via interaction with a trusted host system. This proposal uses two commands: TRUSTED OUT and TRUSTED IN. These commands provide for variable length data transfers. These commands are 12 byte CDBs to provide portability between SCSI and ATAPI implementations. The CDB parameters shall be defined by T10. The data payload and subsequent actions resulting from these commands are defined by Security Protocol identified in the CDB. The intent is to standardize this data content so it is identical across both ATA and SCSI. This proposal refers to the data payload format as restricted to indicate that the format shall conform to the definition established by the outside group that owns the particular SPID (Security Protocol ID) value. Page 1 of 8

0.1 Reference documents RFC 3280, Internet X.509 Public Key Infrastructure: Certificate and Certificate Revocation List (CRL) Profile, IETF, 2002. RFC 3281, An Internet Attribute Certificate: Profile for Authorization, IETF, 2002. ITU-T RECOMMENDATION X.509 ISO/IEC 9594-8, Information technology - Open Systems Interconnection - The Directory: Public-key and attribute certificate frameworks, ITU, 2000. 0.2 Definitions 0.2.a Trusted Action: A group of bytes that describe a security procedure that a device server is requested to perform. 0.2.b Trusted Result: A group of bytes that contain the results of a requested trusted action or the status from processing a requested trusted action. 0.3 Abbreviations 0.3.a TCG: Trusted Computing Group. 6.x Trusted Out command The TRUSTED OUT command (see table 1) is used to send trusted data to the device server. The data sent contains one or more trusted actions to be performed by the device server. The application client shall use TRUSTED IN command to retrieve any trusted results derived from the trusted actions. Byte Bit Table 1 Trusted Out command 7 6 5 4 3 2 1 0 0 OPERATION CODE (B5h) 1 KEY_EXT RESERVED SPID 2 PKT_TYP SP_CTRL IPID PROT_TYPE 3 KEY REFERENCE 4 5 RESERVED 6 7 8 (MSB) TRANSFER LENGTH 9 10 RESERVED 11 CONTROL (LSB) A KEY_EXT (Key Extended) bit set to one indicates that the key reference value is too large to fit in the KEY REFERENCE field. The KEY REFERENCE field is ignored and the key reference is included in the data bytes. A KEY_EXT bit set to 0 indicates that the KEY REFERENCE field in the CDB is valid and that no key reference is included in the data bytes. The SPID (Security Protocol Identification) field identifies which security protocol is being used. This determines the format of the data that is transferred. The meaning of the SPID value is described in table 2. Page 2 of 8

Table 2 Security Protocol ID field description Value Description 0h Request for an X.509 certificate (see 1.3) 1h 6h Reserved. 7h Ch Restricted to TCG. Dh Eh Reserved. Fh Vendor Specific. A PKT_TYP (packet type) bit set to one indicates that multiple trusted actions may be sent in the payload. A PKT_TYP bit set to zero indicates that a single trusted action shall be sent. The SP_CTRL (Security Protocol Control) field provides security protocol specific control information. The meaning of these bits is defined by each security protocol. The IPID (Integrity Protocol Identification) field identifies which integrity protocol is being used to protect the data. If PROT_TYPE is set to zero, the IPID field is ignored. The meaning of the IPID values is described in table 3. Value 0h 1h 2h 6h 7h Table 3 Integrity Protocol ID field description Description SHA-1 SHA-256 Reserved Vendor specific. The PROT_TYPE (Protection Type) field identifies which type of protection is applied to the data. The meaning of the PROT_TYPE values is described in table 4. Value 0h 1h 2h 3h Table 4 Protection Type field description Description No integrity protection. Hashed. Keyed hashed (HMAC). Reserved If the KEY_EXT bit is set to zero, the KEY REFERENCE field provides a pointer to the key used with the integrity protocol to validate the data. The TRANSFER LENGTH field specifies the number of blocks of data to be transferred. The block size for this command shall be 512 bytes regardless of the actual logical block size reported by the READ CAPACITY command. The device server shall return GOOD status as soon as it determines the data has been correctly received. This does not indicate that the data has been parsed or that any trusted actions have been processed. These indications are only obtained by sending a TRUSTED IN command and receiving the results in the associated data transfer. The data is organized as one or more trusted actions. For SPID set to zero, The TRANSFER LENGTH shall be zero and no data is transferred. In this case, if the transfer length is non-zero the command is terminated with CHECK CONDITION status with sense key set to ILLEGAL Page 3 of 8

REQUEST and ASC set to Illegal Bit or Byte in CDB. The format of the trusted actions for other SPID values is restricted. The format is documented by the group that owns the associated SPID value (e.g., the data format for a value of 7h is documented by TCG). 6.y Trusted In command 6.y.1 Trusted In command description The TRUSTED IN command (see table 5) is used to retrieve trusted results from trusted actions that were sent in a previous TRUSTED OUT command. Byte Bit Table 5 Trusted In command 7 6 5 4 3 2 1 0 0 OPERATION CODE (A2h) 1 KEY_EXT RESERVED SPID 2 PKT_TYP SP_CTRL IPID PROT_TYPE 3 KEY REFERENCE 4 5 RESERVED 6 7 8 (MSB) TRANSFER LENGTH 9 10 RESERVED 11 CONTROL (LSB) A KEY_EXT (Key Extended) bit set to one indicates that the key reference value is too large to fit in the KEY REFERENCE field. The KEY REFERENCE field is ignored and the key reference is included in the data bytes. A KEY_EXT bit set to 0 indicates that the KEY REFERENCE field in the CDB is valid and that no key reference is included in the data bytes. The SPID (Security Protocol Identification) field identifies which security protocol is being used. This determines the format of the data that is transferred. The meaning of the SPID values is defined in table 2. A PKT_TYP (packet type) bit set to one indicates that multiple trusted results may be returned by the device server. A PKT_TYP bit set to zero indicates that only one trusted result shall be returned. The SP_CTRL (Security Protocol Control) field provides security protocol specific control information. The meaning of these bits is defined by each security protocol. The IPID (Integrity Protocol Identification) field identifies which integrity protocol is being used to protect the data. If PROT_TYPE is set to zero, the IPID field is ignored. The meaning of the IPID values is described in table 3. The PROT_TYPE (Protection Type) field identifies which type of protection is applied to the data. The meaning of the PROT_TYPE values is described in table 4. If the KEY_EXT bit is set to zero, the KEY REFERENCE field provides a pointer to the key used with the integrity protocol to validate the data. Page 4 of 8

The TRANSFER LENGTH field describes the number of blocks of data to be transferred. The block size for this command shall be 512 bytes regardless of the actual logical block size reported by the READ CAPACITY command. If the length is not sufficient to return all of the blocks the device server has available to send, the device server shall send as many complete trusted results as possible without exceeding the transfer length. The device server shall only return trusted results that were requested by a previous TRUSTED OUT command that: a) specified the same key reference value (i.e., KEY_EXT=0 and KEY REFERENCE field value or KEY_EXT=1 and key reference value in data bytes), b) specified the same SPID value, and c) specified the same PROT_TYPE and IPID values. A single TRUSTED IN command may return trusted results requested in one or more previous TRUSTED OUT commands. A TRUSTED IN command may also return partial trusted results requested in a previous TRUSTED OUT command. If the device server has no trusted results to send (e.g., trusted results for a previously requested trusted action are not ready yet), the device server shall return a trusted result indicating it has no data to return and the command shall end with GOOD status. The returned data is organized as one or more trusted results. For SPID set to zero, the returned data is a certificate. The format for this data is described in 1.3. The format of the trusted results for other SPID values is restricted. The format is documented by the group that owns the associated SPID value (e.g., the data format for a value of 7h is documented by TCG). It is the application client s responsibility to have an outstanding TRUSTED IN command whenever it believes there are trusted results pending in the device server. The device server shall retain trusted result data resulting from a TRUSTED OUT command awaiting retrieval by a TRUSTED IN command until one of the following events occurs: a) a matching TRUSTED IN command; b) logical unit reset; c) I_T nexus loss associated with the I_T nexus that sent the TRUSTED OUT command; d) processing any of the following task management functions (see SAM-3): A) CLEAR TASK SET; B) ABORT TASK SET. If the trusted result data is lost due to one of these events and the application client still wants to perform the trusted action, the application client is required to resend the trusted action in a new TRUSTED OUT command. 6.y.2 Certificate descriptions 6.y.2.1 Certificate header When the SPID field of the TRUSTED IN command specifies an X.509 certificate, a header and the certificate bytes shall be returned as shown in Table 6. Page 5 of 8

Byte Bit Table 6 X.509 header and certificate description 7 6 5 4 3 2 1 0 0 RESERVED 1 RESERVED 2 (MSB) CERTIFICATE LENGTH 3 4 N X.509 CERTIFICATE BYTES The CERTIFICATE LENGTH indicates the total length, in bytes, of the certificate. This length includes one or more certificates. If the device server doesn t have a certificate to return, the certificate length is set to zero and only the 4 byte header is returned. (LSB) 6.y.2.2 Certificate description 6.y.2.2.1 Certificate overview The instantiation of a X.509 conformant credential is either through an X.509 Attribute Certificate or an X.509 Public Key Certificate depending on the capabilities of the device. A X.509 Attribute Certificate shall be issued for any device not capable of asymmetric key operations or any device for which the credential issuer does not want to include any public key information in the credential. A X.509 Public Key Certificate shall be issued for any device capable of asymmetric key operations and for which the certificate issuer wants to bind the public key to the device. Page 6 of 8

6.y.2.2.2 Public Key certificate description RFC 3280 defines the certificate syntax for certificates consistent with X.509v3 Public Key Certificate Specification. Table 7 describes the SCSI usage of the X.509 public key certificate fields and the relationship of that usage to the definitions of RFC 3280. Table 7 SCSI usage of X.509 certificate values in RFC 3280 context Certificate Field [1] Details SignatureAlgorithm As described in RFC 3280. SignatureValue As described in RFC 3280. Version Shall be version 3. SerialNumber As described in RFC 3280. Signature As described in RFC 3280. Issuer As described in RFC 3280 with the added constraint that UTF8String encoding of DirectoryString shall be used. Validity As described in RFC 3280. It is recommended to set Begin Date to the time of credential issuance and the Expiration Date to the Begin Date plus one hundred years if the intent is not to indicate an expiration date. Subject As described in RFC 3280. Information contained in this field shall either be populated with a non-empty distinguished name identifying the device or a null value. SubjectPublicKeyInfo As described in RFC 3280. subject Alternate Name As described in RFC 3280, but may be ignored. This specification restricts the use to the following options only: othername; directoryname. One and only one of the following values is allowed for subjectaltname: The device serial number using directoryname; The device serial number using othername. If this field is used then subject field shall contain a null value. basicconstraints As described in RFC 3280. crldistributionpoints As described in RFC 3280. subjectdirectoryattributes : protocols SEQUENCE OF OID Defines supported Security and Integrity Protocols [1] Certificate field names are as described in RFC 3280. Page 7 of 8

6.y.2.2.3 Attribute certificate description RFC 3281 defines the certificate syntax for certificates consistent with X.509v2 Attribute Certificate Specification. Certificates for SCSI may use the RFC 3281 certificate syntax. Table 8 describes the SCSI usage of the X.509 attribute certificate fields and the relationship of that usage to the definitions of RFC 3281. Table 8 SCSI usage of X.509 certificate values in RFC 3281 context Certificate Field [1] Details SignatureAlgorithm As described in RFC 3281. SignatureValue As described in RFC 3281. Version Shall be version 2. Holder As described in RFC 3281 with the added constraint that entityname option be used in the Holder field containing one and only one of the of the following values: an URI using uniformresourceidentifier; the device serial number using directoryname or othername; a null value. issuer As described in RFC 3281. signature As described in RFC 3281. serialnumber As described in RFC 3281. attrcertvalidityperiod As described in RFC 3281. It is recommended to set Begin Date to the time of credential issuance and the Expiration Date to the Begin Date plus one hundred years if the intent is not to indicate an expiration date. attributes: SEQUENCE OF OID protocols Defines supported Security and Integrity Protocols. basicattconstraints As described in RFC 3281. crldistributionpoints As described in RFC 3281. [1] Certificate field names are as described in RFC 3281. Page 8 of 8

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback