Security Protocol Out Command
222 T10000: Interface Reference Manual August 2016
The drive shall terminate the command with CHECK CONDITION status, with
the sense key set to ILLEGAL REQUEST, and the additional sense code set to
INVALID COMMAND OPERATION CODE.
• If the SPOUT command is sent to a drive that has not been configured for DPKM
support.
The drive shall terminate the command with CHECK CONDITION status, with
the sense key set to ILLEGAL REQUEST, and the additional sense code set to
INVALID FIELD IN CDB (such as the Security Protocol field).
The PAGE LENGTH field specifies the number of bytes of parameter data to follow.
If the page length value results in the truncation of any field the device server shall
terminate the command with CHECK CONDITION status, with the sense key set to
ILLEGAL REQUEST, and the additional sense code set to INVALID FIELD IN
PARAMETER LIST.
The device server shall terminate the SECURITY PROTOCOL OUT command with
CHECK CONDITION status, with the sense key set to ILLEGAL REQUEST, and the
additional sense code set to INVALID FIELD IN PARAMETER DATA if the CEEM
field is set to either 10b or 11b, and:
a. The DECRYPTION MODE field is set to DISABLE.
The device server shall terminate the command with CHECK CONDITION status,
with the sense key set to ILLEGAL REQUEST and the additional sense key set to
INVALID FIELD IN PARAMETER DATA if:
a. The ENCRYPTION MODE field is set to ENCRYPT;
b. The RDMC field is set to 10b or 11b; and
c. The RDMC_C field in the algorithm descriptor for the encryption algorithm
selected by the value in the ALGORITHM INDEX field is set to 1h, 6h, or 7h.
• If the clear key on demount (CKOD) bit is set to one the physical device shall set
the data encryption parameters to default values upon completion of a volume
demount.
If the CKOD bit is set to zero, the demounting of a volume CKOD shall not affect
the data encryption parameters.
If the bit is set to one and there is no volume mounted the device server shall
terminate the command with CHECK CONDITION status and set the sense key to
ILLEGAL REQUEST and the additional sense code to INVALID FIELD IN
PARAMETER DATA.
• If the clear key on reservation preempt (CKORP) bit is set to one.
The physical device shall set the data encryption parameters to default values
when a persistent reservation is preempted (for example, a PERSISTENT
RESERVE OUT command specifying a service action of PREEMPT or PREEMPT
AND ABORT is processed).
If the bit is set to zero, a preemption of a persistent reservation shall not affect the
data encryption parameters.
To Next Page
Loading...
Need help?
General