"Linux IDE Guy" Wants Option to Disable CPRM

Andre Hedrick, maintainer of the Linux ATA subsystem and a member of the standards committee for ATA drives, has asked the committee to add an on/off switch to a controversial proposed feature called CPRM if CPRM becomes part of the ATA standard. (ATA drives are also known as IDE.) Under Hedrick's propsed change, the operating system, presumably under the control of the user, would be able to disa

Linux already disables the Processor Serial Number on Intel CPUs to prevent applications from reading it, and Hedrick's proposal would make a similar containment policy possible for CPRM.

In an interview with Linux Journal, Hedrick explained that CPRM, intended as a copy restriction feature, would create problems with important functionality such as making backups. And Alan Cox says CPRM will make it impossible to use disk defragmenting tools.

The following is Hedrick's mail to the T13 committee. Contact information for T13 committee officers and minutes of previous T13 meetings are available on the T13 home page.

Mr. Chairman,

I am request a Proposal Number to present the content below at the February meeting. Of course I am aware that I will need to get a 2/3 support in a roll-call vote of approval to allow adoption in to ATA-6; however, this is only necessary if "e00148rX" is adopted in the same fashion and rules during the February meeting.

Upon receiving the number I will submit the document to be reviewed by all.

The purpose of this offensive crossover feature set is to prevent a valid JAVA type CPRM tool from attempting to perfrom a CPRM action without the HOST first giving notice for enduser certification of the process.

Upon applying this method, T13 may prevent issues that may be deemed actionable by forcing the customer to choose to allow CPRM actions to be performed on their HOST. They must issue the passcode to unlock the feature block to allow CPRM HOST action to be performed.

Apply this constraint against the "e00148rX" and make it a feature that can be disabled and locked out if desired, then you will see better acceptance. This will provide the MPAA people with a method of stopping CPRM content from going to a device that does not allow CPRM features to be enabled. Everybody wins.

Finally, if CPRM proposal is removed from possible adoption, I will withdraw this proposal due to lack of symbiotic requirements. Additionally if this can be ammended to "e00148rX", then a new document will not be needed.

quoted material from another T13 member deleted - Ed.

I went full tilt to successfully stop/postpone this from being adopted at the last meeting in Irvine. If you look at the orginal unsanitized version of this proposal the e00148r0 (note totally rejected in October) verses the stripped down almost technical version of e00148r2, you get the real picture.

Now if you guys want to get me off the topic, you make e00148r3/4 for the meeting in February at Dell contain this addition.

New Command Pair:
Set Features CPRM Lock. 0x4C and 0xAC
        (Yes I cleverly picked the pair to reflect their true nature)
----------------------------------------------------
These commands SHALL be included in all devices that support/enable the
CPRM "e00148rX", which is now defined as OPTIONAL.  Regardless if the CPRM
key locks are supported, CPRM Enable:Disable SHALL be supported.
----------------------------------------------------
The Enable Feature command SHALL be set only by embedded HOST that do not
have an External HOST to overide the feature.  The Enable Feature command
SHALL set a concatenated 32-bit passcode to hold the enable lock.
INPUTS:                         Enable CPRM Mode Lock
        Feature                         0x4C
        Sector Count                    .c3
        Sector Number                   .c2
        Cylinder Low                    .c1
        Cylinder High                   .c0
        Device Head             obs|na|obs|DEV|na|na|na|na
        Command                         0xEF
Sector Count -
Sector Number -
Cylinder Low -
Cylinder High -
        The .c3 .c2 .c1 .c0 SHALL compose a valid lock which will
        comprise and be limited to a 32-bit word size.  The Enable
        concatenated passcode SHALL have two RESERVED Values
        0xFFFFFFFF and 0x00000000.
Device/Head -
        DEV is to indicate device selection.
NORMAL OUTPUTS:
        Error                           na
        Sector Count                    .d3
        Sector Number                   .d2
        Cylinder Low                    .d1
        Cylinder High                   .d0
        Device Head             obs|na|obs|DEV|na|na|na|na
        Status                  BSY|DRDY|DF|na|DRQ|na|na|ERR
Sector Count -
Sector Number -
Cylinder Low -
Cylinder High -
        The .d3 .d2 .d1 .d0 SHALL return the accepted passcode in the same
        format that was issued.
Device/Head -
        DEV is to indicate device selection.
Status register -
        BSY: shall be clear to zero indicating command completion
        DRDY: shall be clear to zero
        DF: (Device Fault) shall be clear to zero
        DRQ: shall be clear to zero
        ERR: shall be clear to zero
        
ERROR OUTPUTS:
        Error                   na|UNC|na|IDNF|na|na|ABRT|na
        Sector Count                    reserved
        Sector Number                   reserved
        Cylinder Low                    reserved
        Cylinder High                   reserved
        Device Head             obs|na|obs|DEV|na|na|na|na
        Status                  BSY|DRDY|DF|na|DRQ|na|na|ERR
Error -
        UNC: shall be set to one if the passcode is not accepted.
        IDNF: shall be set to one if the passcode was never set.
        ABRT: shall be set to one if this command is not supported, if
        the passcode is not accepted, or if the passcode was never set.
Sector Count -
Sector Number -
Cylinder Low -
Cylinder High -
        Reserved:
Device/Head -
        DEV: is to indicate device selection.
Status register -
        BSY: shall be clear to zero indicating command completion
        DRDY: shall be clear to one.
        ERR: shall be clear to one if an Error register bit is set to one.
----------------------------------------------------
The Disable Feature command MAY be set only by any HOST. The Disable
Feature command SHALL set a concatenated 32-bit passcode to hold the STATE
of the lock and SHALL NOT be cleared to enable except by the External HOST.
INPUTS:                         Disable CPRM Mode Lock
        Feature                         0xAC
        Sector Count                    .c3
        Sector Number                   .c2
        Cylinder Low                    .c1
        Cylinder High                   .c0
        Device Head             obs|na|obs|DEV|na|na|na|na
        Command                         0xEF
Sector Count -
Sector Number -
Cylinder Low -
Cylinder High -
        The .c3 .c2 .c1 .c0 SHALL compose a valid lock which will
        comprise and be limited to a 32-bit word size.  The Disable
        concatenated passcode SHALL have two RESERVED Values
        0xFFFFFFFF and 0x00000000.
Device/Head -
        DEV: is to indicate device selection
NORMAL OUTPUTS:
        Error                           na
        Sector Count                    .d3
        Sector Number                   .d2
        Cylinder Low                    .d1
        Cylinder High                   .d0
        Device Head             obs|na|obs|DEV|na|na|na|na
        Status                  BSY|DRDY|DF|na|DRQ|na|na|ERR
Sector Count -
Sector Number -
Cylinder Low -
Cylinder High -
        The .d3 .d2 .d1 .d0 SHALL return the accepted passcode in the same
        format that was issued.
Device/Head -
        DEV: is to indicate device selection.
Status register -
        BSY: shall be clear to zero indicating command completion
        DRDY: shall be clear to zero
        DF: (Device Fault) shall be clear to zero
        DRQ: shall be clear to zero
        ERR: shall be clear to zero
ERROR OUTPUTS:
        Error                   na|UNC|na|IDNF|na|na|ABRT|na
        Sector Count                    reserved
        Sector Number                   reserved
        Cylinder Low                    reserved
        Cylinder High                   reserved
        Device Head             obs|na|obs|DEV|na|na|na|na
        Status                  BSY|DRDY|DF|na|DRQ|na|na|ERR
Error -
        UNC: shall be set to one if the passcode is not accepted.
        IDNF: shall be set to one if the passcode was never set.
        ABRT: shall be set to one if this command is not supported, if
        the passcode is not accepted, or if the passcode was never set.
Sector Count -
Sector Number -
Cylinder Low -
Cylinder High -
        Reserved:
Device/Head -
        DEV: is to indicate device selection.
Status register -
        BSY: shall be clear to zero indicating command completion
        DRDY: shall be clear to one.
        ERR: shall be clear to one if an Error register bit is set to one.
----------------------------------------------------
Standard Non-Data will be issued and the same error handling SHALL be
observed; however the follow execption SHALL report with the content in
the sub-set-features registers.
----------------------------------------------------
Additionally the Feature Support and Feature Enable Bits of the CPRM
"e00148rX" proposal reflect in a manner that standard in the reported mode
of IDENTIFY DEVICE.
Once the Set Features CPRM Lock command is set, the bits in Words 83 and
86 SHALL be effected in the following manner, as it relates to the newly
to be created "Copy Protection Feature Set Supported/Enabled".
Word 83 "Set Features CPRM Lock Support" shall be set to one,
if Word 83 for "Copy Protection Feature Set Supported" is set to one.
Word 86 "SetFeatures CPRM Lock Enable" shall be set to one, if the HOST
has issued a "Set Features CPRM Lock Disable Command" succesfully.  The
result of which set the "Set Features CPRM Lock Disable Enable" to one
will also set and lock the "Copy Protection Feature Set Enabled" to zero.
Therefore "Copy Protection Feature Set Supported" shall issue an ABORT to
any HOST request to activate the "Copy Protection Feature Set" until the
"Set Features CPRM Lock Disable" is cleared by the HOST.
-------------------------------------------------

Regards,

Andre HedrickCTO Timpanogas Research GroupEVP Linux Development, TRGLinux ATA Development

______________________

White Paper
Linux Management with Red Hat Satellite: Measuring Business Impact and ROI

Linux has become a key foundation for supporting today's rapidly growing IT environments. Linux is being used to deploy business applications and databases, trading on its reputation as a low-cost operating environment. For many IT organizations, Linux is a mainstay for deploying Web servers and has evolved from handling basic file, print, and utility workloads to running mission-critical applications and databases, physically, virtually, and in the cloud. As Linux grows in importance in terms of value to the business, managing Linux environments to high standards of service quality — availability, security, and performance — becomes an essential requirement for business success.

Learn More

Sponsored by Red Hat

White Paper
Private PaaS for the Agile Enterprise

If you already use virtualized infrastructure, you are well on your way to leveraging the power of the cloud. Virtualization offers the promise of limitless resources, but how do you manage that scalability when your DevOps team doesn’t scale? In today’s hypercompetitive markets, fast results can make a difference between leading the pack vs. obsolescence. Organizations need more benefits from cloud computing than just raw resources. They need agility, flexibility, convenience, ROI, and control.

Stackato private Platform-as-a-Service technology from ActiveState extends your private cloud infrastructure by creating a private PaaS to provide on-demand availability, flexibility, control, and ultimately, faster time-to-market for your enterprise.

Learn More

Sponsored by ActiveState