ATA Trusted commands-How to set libata allow_tpm

linux security ata
tdQuang picture tdQuang · Dec 10, 2013 · Viewed 11.8k times · Source

I want to send trusted send/trusted receive to my hard drive. I found this page: ATA Trusted commands in Linux. (Thanks you ephemient and Dmitry Obukhov).

For now, my trouble is how to set libata allow_tpm = 1. I'm using Ubuntu 13.10. My code is same as Dmitry Obukhov (It works perfectly for Identify and all other commands, but not for trusted commands.)

After looking in another side, these are what I did:

- In BIOS, set AHCI mode.

In terminal:

- sudo dmesg -c:

   [    0.157207] SCSI subsystem initialized.

   [    0.157209] ACPI: bus type ATA registered.

   [    0.157236] libata version 3.00 loaded.

   [    0.878999] ahci 0000:00:1f.2: AHCI 0001.0300 32 slots 6 ports 6
   Gbps 0x3 impl SATA mode.

   [    0.887125] ata1: SATA max UDMA/133 abar m2048@0xf7c16000 port
   0xf7c16100 irq 41.

   [    0.887127] ata2: SATA max UDMA/133 abar m2048@0xf7c16000 port
   0xf7c16180 irq 41.

   [    1.205449] ata2: SATA link up 3.0 Gbps (SStatus 123 SControl
   300).

   [    1.205477] ata1: SATA link up 3.0 Gbps (SStatus 123 SControl
   300).

   [    1.206127] ata2.00: supports DRM functions and may not be fully
   accessible.

   [    1.206131] ata2.00: ATA-8: ST500LT025-1A5142, 0001SDM7, max
   UDMA/133.

   [    1.206133] ata2.00: 976773168 sectors, multi 1: LBA48 NCQ (depth
   31/32).

   [    1.206159] ata1.00: supports DRM functions and may not be fully
   accessible.

   [    1.206163] ata1.00: ATA-8: ST500LT025-1A5142, 0001SDM7, max
   UDMA/133.

   [    1.206165] ata1.00: 976773168 sectors, multi 1: LBA48 NCQ (depth
   31/32).



- systool -a -v -m libata

  Module = "libata"

  Attributes:
    uevent              = <store method only>
    version             = "3.00"

  Parameters:
    acpi_gtf_filter     = "7"
    allow_tpm           = "0"
    ata_probe_timeout   = "0"
    atapi_an            = "0"
    atapi_dmadir        = "0"
    atapi_enabled       = "1"
    atapi_passthru16    = "1"
    dma                 = "7"
    fua                 = "0"
    ignore_hpa          = "0"
    noacpi              = "0"
    zpodd_poweroff_delay= "30"

- sudo nano /etc/modprobe.d/local.conf.
  Add this line: options libata allow_tpm=1

- sudo nano /boot/grub/menu.lst.
  Add this line: combined_mode=libata

- sudo update-initramfs -u&& sudo update-grub2

After reboot, I run systool -a -v -m libata again, nothing change with allow_tpm. What should I do to change allow_tpm?

Answer

magic_al picture magic_al · Jun 14, 2016

If you want to change allow_tpm permanently tell grub doing so by adding libata.allow_tpm=1 to GRUB_CMDLINE_LINUX_DEFAULT in /etc/default/grub. For example:

GRUB_CMDLINE_LINUX_DEFAULT="quiet splash libata.allow_tpm=1"

Afterwards run sudo update-grub and reboot.

Related questions

Using openssl to get the certificate from a server

I am trying to get the certificate of a remote server, which I can then use to add to my keystore and use within my java application. A senior dev (who is on holidays :( ) informed me I can run this: …

Read More
How to reset Jenkins security settings from the command line?

Is there a way to reset all (or just disable the security settings) from the command line without a user/password as I have managed to completely lock myself out of Jenkins?

Read More
Best practices when running Node.js with port 80 (Ubuntu / Linode)

I am setting up my first Node.js server on a cloud Linux node and I am fairly new to the details of Linux admin. (BTW I am not trying to use Apache at the same time.) Everything is installed …

Read More