ANSI INCITS 467-2011 Information Technology C SCSI Stream Commands - 3 (SSC-3).pdf

1、American National StandardDeveloped byfor Information Technology SCSI Stream Commands - 3(SSC-3)INCITS 467-2011INCITS 467-2011INCITS 467-2011American National Standardfor Information Technology SCSI Stream Commands - 3(SSC-3)SecretariatInformation Technology Industry CouncilApproved June 14, 2011Ame

2、rican National Standards Institute, Inc.AbstractThis standard specifies the device model and functional requirements for the SCSI sequential-accessdevice type. This standards permits the SCSI sequential-access device type to attach to computers andprovides the definitions for their use.This standard

3、 does not contain material related to any service delivery subsystem which is used totransport the commands, command parameter logical block, command response logical block, andstatus specified in this standard.Approval of an American National Standard requires review by ANSI that therequirements fo

4、r due process, consensus, and other criteria for approval havebeen met by the standards developer.Consensus is established when, in the judgement of the ANSI Board ofStandards Review, substantial agreement has been reached by directly andmaterially affected interests. Substantial agreement means muc

5、h more thana simple majority, but not necessarily unanimity. Consensus requires that allviews and objections be considered, and that a concerted effort be madetowards their resolution.The use of American National Standards is completely voluntary; theirexistence does not in any respect preclude anyo

6、ne, whether he has approvedthe standards or not, from manufacturing, marketing, purchasing, or usingproducts, processes, or procedures not conforming to the standards.The American National Standards Institute does not develop standards andwill in no circumstances give an interpretation of any Americ

7、an NationalStandard. Moreover, no person shall have the right or authority to issue aninterpretation of an American National Standard in the name of the AmericanNational Standards Institute. Requests for interpretations should beaddressed to the secretariat or sponsor whose name appears on the title

8、page of this standard.CAUTION NOTICE: This American National Standard may be revised orwithdrawn at any time. The procedures of the American National StandardsInstitute require that action be taken periodically to reaffirm, revise, orwithdraw this standard. Purchasers of American National Standards

9、mayreceive current information on all standards by calling or writing the AmericanNational Standards Institute.American National StandardPublished byAmerican National Standards Institute, Inc.25 West 43rd Street, New York, NY 10036Copyright 2011 by Information Technology Industry Council (ITI)All ri

10、ghts reserved.No part of this publication may be reproduced in anyform, in an electronic retrieval system or otherwise,without prior written permission of ITI, 1101 K Street NW, Suite 610 Washington, DC 20005. Printed in the United States of AmericaCAUTION: The developers of this standard have reque

11、sted that holders of patents that may be re-quired for the implementation of the standard disclose such patents to the publisher. However, nei-ther the developers nor the publisher have undertaken a patent search in order to identify which, ifany, patents may apply to this standard. As of the date o

12、f publication of this standard, followingcalls for the identification of patents that may be required for the implementation of the standard,notice of one or more such claims has been received. By publication of this standard, no positionis taken with respect to the validity of this claim or of any

13、rights in connection therewith. The knownpatent holder(s) has (have), however, filed a statement of willingness to grant a license underthese rights on reasonable and nondiscriminatory terms and conditions to applicants desiring to ob-tain such a license. Details may be obtained from the publisher.

14、No further patent search is con-ducted by the developer or publisher in respect to any standard it processes. No representation ismade or implied that this is the only license that may be required to avoid infringement in the use ofthis standard.iContentsIntroduction xii1 Scope .12 Normative referen

15、ces .22.1 Normative references overview.22.2 Approved references.22.3 References under development22.4 Other references.23 Definitions, acronyms, keywords, and conventions 43.1 Definitions43.2 Acronyms83.3 Keywords.93.4 Editorial Conventions103.5 Notation Conventions113.5.1 Notation for state diagra

16、ms.114 General Concepts .134.1 Overview.134.2 Sequential-access device model.134.2.1 Sequential-access device model overview.134.2.2 Physical elements.134.2.3 Removable volumes164.2.4 Device entity164.2.5 Early-warning194.2.6 Programmable early warning194.2.7 Partitions within a volume.204.2.8 Logic

17、al objects224.2.8.1 Logical objects within a partition.224.2.8.2 Logical object identifier.234.2.9 Logical files.234.2.9.1 Logical files within a partition234.2.9.2 Logical file identifier234.2.10 Object buffering.234.2.11 Synchronize operation behavior244.2.12 Direction and position definitions244.

18、2.13 Error reporting.254.2.13.1 Overview.254.2.13.2 Stream commands sense data descriptor254.2.13.3 Information sense data descriptor.254.2.13.4 Error conditions.264.2.14 Write protection.274.2.14.1 Write protection introduction.274.2.14.2 Write protection additional sense code use284.2.14.3 Softwar

19、e write protection for the device server.294.2.14.4 Associated write protection.294.2.14.5 Persistent write protection.294.2.14.6 Permanent write protection.29ii4.2.15 Progress indication304.2.16 Tagged command queuing.314.2.16.1 Tagged command queuing overview314.2.16.2 Explicit address mode tagged

20、 write sequences314.2.17 Block address mode314.2.17.1 Block address mode overview314.2.17.2 Block address mode selection324.2.17.3 Block address mode state diagrams.324.2.18 TapeAlert application client interface414.2.18.1 TapeAlert introduction.414.2.18.2 TapeAlert usage model.444.2.18.2.1 TapeAler

21、t usage model introduction.444.2.18.2.2 TapeAlert polling usage model.454.2.18.2.3 TapeAlert informational exception usage model.454.2.18.2.4 TapeAlert threshold usage model.464.2.18.3 TapeAlert flag activation and deactivation464.2.18.4 WORM TapeAlert flags.474.2.18.5 TapeAlert Response log page474

22、.2.19 READ ATTRIBUTE and WRITE ATTRIBUTE command support.484.2.20 Reservations.494.2.21 WORM volume and WORM mode514.2.21.1 WORM overview.514.2.21.2 WORM volume514.2.21.3 WORM mode514.2.22 Logical block encryption524.2.22.1 Logical block encryption overview524.2.22.2 Encrypting logical blocks on the

23、 medium524.2.22.3 Reading encrypted logical blocks on the medium.524.2.22.4 Exhaustive-search attack prevention534.2.22.5 Keyless copy of encrypted logical blocks544.2.22.6 Managing logical block encryption keys within the device entity554.2.22.7 Logical block encryption capabilities.574.2.22.8 Key

24、instance counters.574.2.22.9 Encryption mode locking.574.2.22.10 Nonce generation584.2.22.11 Unauthenticated key-associated data (U-KAD) and authenticated key-associated data (A-KAD)584.2.22.12 Metadata key-associated data (M-KAD).584.2.22.13 Logical block encryption information per I_T_L nexus594.2

25、.22.14 Logical block encryption parameters614.2.22.15 Effects of reservation loss on logical block encryption parameters624.2.22.15.1 Effects of reservation loss on logical block encryption parameters overview.624.2.22.15.2 Effects of reservation loss on logical block encryption parameters with a lo

26、gical block encryption scope of LOCAL624.2.22.15.3 Effects of reservation loss on logical block encryption parameters with a logical block encryption scope of ALL I_T NEXUS.624.2.22.16 Effects of reservation preempt on logical block encryption parameters624.2.22.16.1 Effects of reservation preempt o

27、n logical block encryption parameters overview.624.2.22.16.2 Effects of reservation preempt on logical block encryption parameters with a logical block encryption scope of LOCAL.634.2.22.16.3 Effects of reservation preempt on logical block encryption parameters with a logical block encryption scope

28、of ALL I_T NEXUS634.2.23 External data encryption control63iii4.2.23.1 External data encryption control overview634.2.23.2 External data encryption control of data encryption capabilities.634.2.23.2.1 External data encryption control of data encryption capabilities overview634.2.23.2.2 External data

29、 encryption control detection644.2.23.2.3 External data encryption control of encryption algorithm support.644.2.23.3 External data encryption control of logical block encryption parameters654.2.23.3.1 External data encryption control of logical block encryption parameters overview654.2.23.3.2 Logic

30、al block encryption parameters request policy.654.2.23.3.3 Logical block encryption parameters request indicators.674.2.23.3.4 Logical block encryption parameters period settings684.2.23.4 Exclusive control of logical block encryption parameters by external data encryption control694.2.23.5 External

31、 data encryption control error conditions694.2.24 Logical block encryption key protection704.2.24.1 Logical block encryption key protection overview.704.2.24.2 Logical block encryption key protection using security associations704.2.24.3 Key wrapping using public key cryptography704.2.25 Appending d

32、ata to a volume containing encrypted logical blocks.704.2.26 Self-test operations.714.2.27 Capability-based command (CbCS) security714.2.27.1 Capability-based command security overview714.2.27.2 Association between commands and permission bits715 Explicit address command descriptions for sequential-

33、access devices .735.1 Summary of commands for explicit address mode.735.2 ERASE(16) command.775.3 READ(16) command.795.4 READ REVERSE(16) command.825.5 VERIFY(16) command835.6 WRITE(16) command855.7 WRITE FILEMARKS(16) command876 Implicit address command descriptions for sequential-access devices .8

34、96.1 Summary of commands for implicit address mode.896.2 ERASE(6) command.926.3 LOCATE(10) command.936.4 READ(6) command.946.5 READ REVERSE(6) command.966.6 SPACE(6) command.966.7 VERIFY(6) command996.8 WRITE(6) command1006.9 WRITE FILEMARKS(6) command1027 Common command descriptions for sequential-

35、access devices 1047.1 FORMAT MEDIUM command.1047.2 LOAD UNLOAD command1057.3 LOCATE(16) command.1077.4 PREVENT ALLOW MEDIUM REMOVAL command.1097.5 READ BLOCK LIMITS command1107.6 READ POSITION command.111iv7.6.1 READ POSITION command description.1117.6.2 READ POSITION DATA format, short form1137.6.3

36、 READ POSITION data format, long form1157.6.4 READ POSITION data format, extended form1177.7 RECOVER BUFFERED DATA command.1187.8 REPORT DENSITY SUPPORT command1197.8.1 REPORT DENSITY SUPPORT command description.1197.8.2 REPORT DENSITY SUPPORT header1207.8.3 Density support report.1207.8.4 Medium ty

37、pe support report1237.9 REWIND command.1257.10 SET CAPACITY command1267.11 SPACE(16) command.1278 Parameters for sequential-access devices .1318.1 Diagnostic parameters1318.2 Log parameters.1318.2.1 Log parameters overview1318.2.2 Sequential-Access Device log page1328.2.3 TapeAlert log page1348.2.4

38、Device Statistics log page.1358.2.4.1 Device Statistics log page overview1358.2.4.2 Device statistics data counter log parameter1368.2.4.3 Medium type log parameter1378.2.5 Tape Diagnostic Data log page.1388.2.6 Current Service Information log page.1418.2.6.1 Current Service Information log page ove

39、rview1418.2.6.2 Vendor-specific service information descriptor.1438.2.6.3 DEVICE INFORMATION DESCRIPTOR1448.2.6.4 Volume information descriptor1458.2.6.5 TapeAlert flag specific information1478.2.7 Requested Recovery log page1478.2.7.1 Requested Recovery log page overview1478.2.7.2 Recovery procedur

40、es log parameter.1488.3 Mode parameters1508.3.1 Mode parameters overview.1508.3.2 Data Compression mode page.1558.3.3 Device Configuration mode page1598.3.4 Medium Partition mode page1638.3.5 Read-Write Error Recovery mode page1678.3.6 Informational Exceptions Control mode page.1698.3.7 Medium Confi

41、guration mode page1718.3.8 Device Configuration Extension mode page.1728.4 Vital product data (VPD) parameters1748.4.1 VPD parameters overview and page codes1748.4.2 Sequential-access Device Capabilities VPD page1748.4.3 Manufacturer-assigned Serial Number VPD page1758.4.4 TapeAlert Supported Flags

42、VPD page1758.4.5 Automation Device Serial Number VPD page.1768.5 Security protocol parameters1768.5.1 Security protocol overview1768.5.2 SECURITY PROTOCOL IN command specifying Tape Data Encryption security protocol176v8.5.2.1 SECURITY PROTOCOL IN command specifying Tape Data Encryption security pro

43、tocol overview.1768.5.2.2 Tape Data Encryption In Support page.1788.5.2.3 Tape Data Encryption Out Support page1788.5.2.4 Data Encryption Capabilities page1798.5.2.5 Supported Key Formats page.1858.5.2.6 Data Encryption Management Capabilities page1858.5.2.7 Data Encryption Status page1878.5.2.8 Nex

44、t Block Encryption Status page.1908.5.2.9 Random Number page1938.5.2.10 Device Server Key Wrapping Public Key page.1948.5.2.10.1 Device Server Key Wrapping Public Key page overview.1948.5.2.10.2 RSA 2048 public keys.1948.5.2.10.3 ECC 521 public keys1958.5.3 SECURITY PROTOCOL OUT command specifying T

45、ape Data Encryption security protocol1958.5.3.1 SECURITY PROTOCOL OUT command specifying Tape Data Encryption security protocol overview.1958.5.3.2 Set Data Encryption page.1968.5.3.2.1 Set Data Encryption page overview1968.5.3.2.2 Plain-text key2038.5.3.2.3 Vendor-specific key reference2038.5.3.2.4

46、 Key wrapped by device server public key.2048.5.3.2.4.1 Key wrapped by device server public key overview 2048.5.3.2.4.2 Key wrapping with RSA 2048 2058.5.3.2.4.3 Key wrapping with ECC 521 2068.5.3.2.5 Key encrypted using ESP-SCSI.2068.5.3.3 SA Encapsulation page.2078.5.4 SECURITY PROTOCOL IN and SEC

47、URITY PROTOCOL OUT descriptors2078.5.4.1 Tape Data Encryption security protocol descriptors overview2078.5.4.2 Tape Data Encryption descriptors format.2088.5.4.2.1 Tape Daya Encryption descriptors format overview.2088.5.4.2.2 U-KAD key descriptor.2088.5.4.2.3 A-KAD key descriptor.2098.5.4.2.4 Nonce

48、value key descriptor2098.5.4.2.5 M-KAD key descriptor.2098.5.4.3 Wrapped Key descriptors2098.5.4.3.1 Wrapped key descriptors overview.2098.5.4.3.2 Device server identification descriptor2108.5.4.3.3 Key wrapping entity identification descriptor.2108.5.4.3.4 Wrapped key information descriptor.2108.5.

49、4.3.5 Wrapped key identification descriptor.2108.5.4.3.6 Wrapped key length descriptor.210Annex A - Application client recommendations for using TapeAlert (informative).211A.1 Overview.211A.2 Recommendations for using TapeAlert.211A.3 TapeAlert flag associated information.211Annex B - Security environment (informative).217B.1 Security environment overview.217