1 files changed, 18 insertions, 0 deletions
diff --git a/drivers/ata/libata-scsi.c b/drivers/ata/libata-scsi.c
index 14daf4848f09..f802dbce41ae 100644
--- a/drivers/ata/libata-scsi.c
+++ b/drivers/ata/libata-scsi.c
@@ -2690,6 +2690,24 @@ static unsigned int ata_scsi_pass_thru(struct ata_queued_cmd *qc)
        if ((tf->protocol = ata_scsi_map_proto(cdb[1])) == ATA_PROT_UNKNOWN)
                goto invalid_fld;
+        /*
+         * Filter TPM commands by default. These provide an
+         * essentially uncontrolled encrypted "back door" between
+         * applications and the disk. Set libata.allow_tpm=1 if you
+         * have a real reason for wanting to use them. This ensures
+         * that installed software cannot easily mess stuff up without
+         * user intent. DVR type users will probably ship with this enabled
+         * for movie content management.
+         *
+         * Note that for ATA8 we can issue a DCS change and DCS freeze lock
+         * for this and should do in future but that it is not sufficient as
+         * DCS is an optional feature set. Thus we also do the software filter
+         * so that we comply with the TC consortium stated goal that the user
+         * can turn off TC features of their system.
+         */
+        if (tf->command >= 0x5C && tf->command <= 0x5F && !libata_allow_tpm)
+                goto invalid_fld;
        /* We may not issue DMA commands if no DMA mode is set */
        if (tf->protocol == ATA_PROT_DMA && dev->dma_mode == 0)
                goto invalid_fld;

diff --git a/drivers/ata/libata-scsi.c b/drivers/ata/libata-scsi.c index 14daf4848f09..f802dbce41ae 100644 --- a/drivers/ata/libata-scsi.c +++ b/drivers/ata/libata-scsi.c
@@ -2690,6 +2690,24 @@ static unsigned int ata_scsi_pass_thru(struct ata_queued_cmd *qc)
2690	if ((tf->protocol = ata_scsi_map_proto(cdb[1])) == ATA_PROT_UNKNOWN)	2690	if ((tf->protocol = ata_scsi_map_proto(cdb[1])) == ATA_PROT_UNKNOWN)
2691	goto invalid_fld;	2691	goto invalid_fld;
2692		2692
		2693	/*
		2694	* Filter TPM commands by default. These provide an
		2695	* essentially uncontrolled encrypted "back door" between
		2696	* applications and the disk. Set libata.allow_tpm=1 if you
		2697	* have a real reason for wanting to use them. This ensures
		2698	* that installed software cannot easily mess stuff up without
		2699	* user intent. DVR type users will probably ship with this enabled
		2700	* for movie content management.
		2701	*
		2702	* Note that for ATA8 we can issue a DCS change and DCS freeze lock
		2703	* for this and should do in future but that it is not sufficient as
		2704	* DCS is an optional feature set. Thus we also do the software filter
		2705	* so that we comply with the TC consortium stated goal that the user
		2706	* can turn off TC features of their system.
		2707	*/
		2708	if (tf->command >= 0x5C && tf->command <= 0x5F && !libata_allow_tpm)
		2709	goto invalid_fld;
		2710
2693	/* We may not issue DMA commands if no DMA mode is set */	2711	/* We may not issue DMA commands if no DMA mode is set */
2694	if (tf->protocol == ATA_PROT_DMA && dev->dma_mode == 0)	2712	if (tf->protocol == ATA_PROT_DMA && dev->dma_mode == 0)
2695	goto invalid_fld;	2713	goto invalid_fld;