Other can't enable LTO hardware encryption

nester

New Member

Reaction score: 3
Messages: 2

Does anyone have tape drive hardware encryption working on freebsd?

I have an HP LTO-5 tape drive. Unencrypted read/writes and toggling compression with mt works, but enabling encryption doesn't. I compiled stenc, which does have ifdef's for freebsd sg, but no matter what I try I get either an error for 0x19 or 0x16 from ioctl ("inappropriate ioctl for device") when I try to set a key. I've tried 128 and 256bits, with and without -a 1 (key index). I've tried various devices, including /dev/sa0, nsa0, sa0.ctl, and /dev/pass0 (which says I don't have permission, despite the fact I'm root - no jails or anything funny). sg_logs -a /dev/sa0 works fine.


(Unrelated note to others who find this in search: you must manually enable the drive's write buffer every power cycle, and possibly after an sg* tools, with this command: camcontrol cmd /dev/nsa0 -c '15 10 00 00 04 00' -o 4 '0 0 10 0' -- or write performance is terrible and it will shoe shine.)
 
OP
N

nester

New Member

Reaction score: 3
Messages: 2

The problem was GENERIC kernels don't include SCSI sg device! You have to build your own kernel. Follow the kernel build guide, copy GENERIC to MYKERNEL, add to the end of the file this line (without quotes of course): "device sg", build and install.

Then you can run camcontrol devlist to find the /dev/sg[0-9]+ file for your tape drive. Then stenc -f /dev/sg[0-9] works. For my HP drive -a 1 is necessary to set the encryption key.
 

Terry_Kennedy

Aspiring Daemon

Reaction score: 352
Messages: 986

The problem was GENERIC kernels don't include SCSI sg device! You have to build your own kernel. Follow the kernel build guide, copy GENERIC to MYKERNEL, add to the end of the file this line (without quotes of course): "device sg", build and install.

Then you can run camcontrol devlist to find the /dev/sg[0-9]+ file for your tape drive. Then stenc -f /dev/sg[0-9] works. For my HP drive -a 1 is necessary to set the encryption key.
sg seems to be there for Linux compatibility. The top of /usr/src/sys/cam/scsi/scsi_sg.c says "This driver is meant to implement the Linux * SG passthrough interface for SCSI."

The FreeBSD native method would be a pass(4) device. You should get one automatically when your tape drive is identified:
Code:
<IBM ULTRIUM-HH4 G361>             at scbus14 target 7 lun 0 (pass4,sa0)
 
Top