#42 Data length not set in CDB for security commands


When a ATA PASSTHROUGH security command is issued to a drive via an HBA using SGIO in hdparm, the command is rejected by the HBA's SAT code because the command's data length is not filled in. The Flags field in the CDB of the ATA PASSTHROUGH (16 byte) command indicates that the length of the data transfer (aka. the security password), in blocks, is specified in the SECTOR COUNT field, but the SECTOR COUNT field is 0 (visible using verbose mode). The HBA and drive will accept the same security commands if I send the command with '1' in the SECTOR COUNT field.

A similar problem occurred with IDENTIFY DEVICE ATA commands (-I) as of version 9.33, but was fixed as of 9.35. This fix should be applied to security commands as well.


  • Nobody/Anonymous

    Shows security-set-pass command and response in hdparm 9.35, note the '0' in the SECTOR COUNT field of the outgoing CDB

  • Nobody/Anonymous

    sgio always does 512 byte blocks, so sector count must be set to 1
    and yes, static void do_set_security (int fd) in hdparm.c does not set
    r->oflags.lob.nsect = 1
    r->lob.nsect to = 1
    that would fix the issue, but i do not know if it breaks something with old ata code.

  • Mark Lord

    Mark Lord - 2012-09-28
    • status: open --> closed-fixed
  • Mark Lord

    Mark Lord - 2012-09-28

    hdparm 9.42


Log in to post a comment.