TRUSTED NON-DATA command (5Bh) - ATA Trusted Commands

TRUSTED NON-DATA (5Bh)

Inputs:

Register	7	6	5	4	3	2	1	0
Feature	Security Protocol
Sector Count	Reserved
LBA Low(7:0)	Reserved
LBA Mid(15:8)	SP Specific(7:0) - Security Protocol Specific
LBA High(23:16)	SP Specific(15:8) - Security Protocol Specific
Device	obs	N/A	obs	TD	LBA(27:24) Reserved
Command	5Bh

Transfer Length:The Transfer Length is security protocol specific

TD: Transport Dependent - All bits and fields that are labelled transport dependent are defined in the transport standards.

Generic Extended Normal Outputs:

Register		7	6	5	4	3	2	1	0
Error		Reserved
Sector Count	HOB = 0	Reserved
	HOB = 1	Reserved
LBA Low	HOB = 0	Reserved
	HOB = 1	Reserved
LBA Mid	HOB = 0	Reserved
	HOB = 1	Reserved
LBA High	HOB = 0	Reserved
	HOB = 1	Reserved
Device		obs	na	obs	TD	Reserved
Status		TD	TD	DF	na	TD	na	na	ERR

Security Protocol

The Security Protocol field identifies which security protocol is being used. This determines the format of the SP Specific field and of the data that is transferred. If the Security Protocol field is set to a reserved value, the device shall return command aborted.

TRUSTED RECEIVE Security Protocol field description table

Value	Description
00h	Return security protocol information
01h – 06h	Defined by TCG
07h – 1Fh	Reserved
20h	Reserved for T10
21h-EDh	Reserved
EEh	Defined by IEEE 1667
EFh	Reserved for T10
F0h – FFh	Vendor Specific.

The meaning of the SP Specific field is defined by each security protocol.

Security Protocol 00h - SP Specific field descriptions for Protocol 00h

SP Specific	Description	Support
0000h	Return supported security protocol list	Mandatory
0001h	Return a certificate	Mandatory
0002h-FFFFh	Reserved

Supported security protocols list description

When the Security Protocol field is set to 00h, and SP Specific is set to 0000h in a TRUSTED RECEIVE command, the parameter data shall have the format shown in table.

byte                              bit	7	6	5	4	3	2	1	0
0	Reserved
1	Reserved
2	Reserved
3	Reserved
4	Reserved
5	Reserved
6	List Length (M-7) bits (15:8)
7	List Length (M-7) bits (7:0)
8	Supported Security Protocol List
M
M+1	Pad bytes (if any)
511

The List Length field indicates the total length, in bytes, of the supported security protocol list.

The Supported Security Protocol List field shall contain a list of all supported Security Protocol field values. Each byte indicates a supported Security Protocol field value.  The values shall be in ascending order starting with 00h.

The total data length shall be 512 bytes. Pad bytes are appended as needed to meet this requirement. Pad bytes shall have a value of 00h.

Certificate data description

A certificate is either an X.509 Attribute Certificate or an X.509 Public Key Certificate depending on the capabilities of the device.

When the Security Protocol field of the TRUSTED RECEIVE command is set to 00h, and SP Specific is 0001h, the parameter data shall have the format shown in table 70.

byte                              bit	7	6	5	4	3	2	1	0
0	Reserved
1	Reserved
2	(MSB)       CERTIFICATE LENGTH (M - 3) (LSB)
3
4	X.509 certificate bytes
M
M+1	Pad bytes (if any)
511

The CERTIFICATE LENGTH indicates the total length, in bytes, of the certificate(s).  This length includes one or more certificates. If the device has no certificate to return, the certificate length is set to 0000h and only the 4 byte header and 508 pad bytes are returned.

The total data length shall conform to the Transfer Length field requirements.

Public Key certificate description

RFC 3280 defines the certificate syntax for certificates consistent with the X.509v3 Public Key Certificate Specification.

Attribute certificate description

RFC 3281 defines the certificate syntax for certificates consistent with the X.509v2 Attribute Certificate Specification.