ATA Trusted commands-How to set libata allow_tpm

Question

I want to send trusted send/trusted receive to my hard drive. I found this page: ATA Trusted commands in Linux. (Thanks you ephemient and Dmitry Obukhov).

For now, my trouble is how to set libata allow_tpm = 1. I'm using Ubuntu 13.10. My code is same as Dmitry Obukhov (It works perfectly for Identify and all other commands, but not for trusted commands.)

After looking in another side, these are what I did:

- In BIOS, set AHCI mode.

In terminal:

- sudo dmesg -c:

   [    0.157207] SCSI subsystem initialized.

   [    0.157209] ACPI: bus type ATA registered.

   [    0.157236] libata version 3.00 loaded.

   [    0.878999] ahci 0000:00:1f.2: AHCI 0001.0300 32 slots 6 ports 6
   Gbps 0x3 impl SATA mode.

   [    0.887125] ata1: SATA max UDMA/133 abar m2048@0xf7c16000 port
   0xf7c16100 irq 41.

   [    0.887127] ata2: SATA max UDMA/133 abar m2048@0xf7c16000 port
   0xf7c16180 irq 41.

   [    1.205449] ata2: SATA link up 3.0 Gbps (SStatus 123 SControl
   300).

   [    1.205477] ata1: SATA link up 3.0 Gbps (SStatus 123 SControl
   300).

   [    1.206127] ata2.00: supports DRM functions and may not be fully
   accessible.

   [    1.206131] ata2.00: ATA-8: ST500LT025-1A5142, 0001SDM7, max
   UDMA/133.

   [    1.206133] ata2.00: 976773168 sectors, multi 1: LBA48 NCQ (depth
   31/32).

   [    1.206159] ata1.00: supports DRM functions and may not be fully
   accessible.

   [    1.206163] ata1.00: ATA-8: ST500LT025-1A5142, 0001SDM7, max
   UDMA/133.

   [    1.206165] ata1.00: 976773168 sectors, multi 1: LBA48 NCQ (depth
   31/32).



- systool -a -v -m libata

  Module = "libata"

  Attributes:
    uevent              = <store method only>
    version             = "3.00"

  Parameters:
    acpi_gtf_filter     = "7"
    allow_tpm           = "0"
    ata_probe_timeout   = "0"
    atapi_an            = "0"
    atapi_dmadir        = "0"
    atapi_enabled       = "1"
    atapi_passthru16    = "1"
    dma                 = "7"
    fua                 = "0"
    ignore_hpa          = "0"
    noacpi              = "0"
    zpodd_poweroff_delay= "30"

- sudo nano /etc/modprobe.d/local.conf.
  Add this line: options libata allow_tpm=1

- sudo nano /boot/grub/menu.lst.
  Add this line: combined_mode=libata

- sudo update-initramfs -u&& sudo update-grub2

After reboot, I run systool -a -v -m libata again, nothing change with allow_tpm. What should I do to change allow_tpm?

Answer 1

I have just success in changing value of allow_tpm, so ATA Trusted commands work now.

- cd /sys/module/libata/parameters
- sudo chmod 644 allow_tpm
- sudo nano allow_tpm
  Delete number 0 and write number 1. Save file.

Maybe this is not a exactly way because value in file allow_tpm is reset 0 every time I reboot computer.

Answer 2

If you want to change allow_tpm permanently tell grub doing so by adding libata.allow_tpm=1 to GRUB_CMDLINE_LINUX_DEFAULT in /etc/default/grub. For example:

GRUB_CMDLINE_LINUX_DEFAULT="quiet splash libata.allow_tpm=1"

Afterwards run sudo update-grub and reboot.

Answer 3

I tried this for CentOs 7: Uefi Boot

Add kernel flag: libata.allow_tpm=1

I tried this for CentOs 7 : Uefi Boot & it worked like charm:

1. Edit /etc/default/grub
2. Add GRUB_CMDLINE_LINUX_DEFAULT="quiet splash libata.allow_tpm=1"
3. Save it

4. Run command: grub2-mkconfig -o /boot/efi/EFI/centos/grub.cfg or for non-uefi OS grub2-mkconfig -o /boot/grub2/grub.cfg

5. systemctl reboot

6. cat /proc/cmdline you see as below

BOOT_IMAGE=/vmlinuz-3.10.0-957.27.2.el7.X86_64 root=/dev/mapper/centos-root ro crashkernel=autord.lvm.lv=centos/root rd.lvm.lv=centos/swap rhgb quite splash libata.allow_tpm=1