* [PATCH 1/4] block: sed-opal: Implement IOC_OPAL_DISCOVERY
2022-07-18 21:01 [PATCH 0/4] sed-opal: keyrings, discovery, revert and key store gjoyce
@ 2022-07-18 21:01 ` gjoyce
2022-07-20 7:42 ` Christoph Hellwig
2022-07-18 21:01 ` [PATCH 2/4] block: sed-opal: Implement IOC_OPAL_REVERT_LSP gjoyce
` (3 subsequent siblings)
4 siblings, 1 reply; 17+ messages in thread
From: gjoyce @ 2022-07-18 21:01 UTC (permalink / raw)
To: linux-block
Cc: keyrings, dhowells, jarkko, jonathan.derrick, brking, greg, gjoyce
From: Greg Joyce <gjoyce@linux.vnet.ibm.com>
Add IOC_OPAL_DISCOVERY ioctl to return raw discovery data to a SED Opal
application. This allows the application to display drive capabilities
and state.
Signed-off-by: Greg Joyce <gjoyce@linux.vnet.ibm.com>
---
block/sed-opal.c | 38 ++++++++++++++++++++++++++++++++---
include/linux/sed-opal.h | 1 +
include/uapi/linux/sed-opal.h | 7 +++++++
3 files changed, 43 insertions(+), 3 deletions(-)
diff --git a/block/sed-opal.c b/block/sed-opal.c
index 9700197000f2..4b9a7ffbf00f 100644
--- a/block/sed-opal.c
+++ b/block/sed-opal.c
@@ -426,8 +426,11 @@ static int execute_steps(struct opal_dev *dev,
return error;
}
-static int opal_discovery0_end(struct opal_dev *dev)
+static int opal_discovery0_end(struct opal_dev *dev, void *data)
{
+ struct opal_discovery *discv_out = data; /* may be NULL */
+ u8 __user *buf_out;
+ u64 len_out;
bool found_com_id = false, supported = true, single_user = false;
const struct d0_header *hdr = (struct d0_header *)dev->resp;
const u8 *epos = dev->resp, *cpos = dev->resp;
@@ -443,6 +446,15 @@ static int opal_discovery0_end(struct opal_dev *dev)
return -EFAULT;
}
+ if (discv_out) {
+ buf_out = (u8 __user *)(uintptr_t)discv_out->data;
+ len_out = min(discv_out->size, (u64)hlen);
+ if (buf_out && copy_to_user(buf_out, dev->resp, len_out)) {
+ return -EFAULT;
+ }
+ discv_out->size = hlen; /* actual size of data */
+ }
+
epos += hlen; /* end of buffer */
cpos += sizeof(*hdr); /* current position on buffer */
@@ -517,13 +529,13 @@ static int opal_discovery0(struct opal_dev *dev, void *data)
if (ret)
return ret;
- return opal_discovery0_end(dev);
+ return opal_discovery0_end(dev, data);
}
static int opal_discovery0_step(struct opal_dev *dev)
{
const struct opal_step discovery0_step = {
- opal_discovery0,
+ opal_discovery0, NULL
};
return execute_step(dev, &discovery0_step, 0);
@@ -2179,6 +2191,22 @@ static int opal_secure_erase_locking_range(struct opal_dev *dev,
return ret;
}
+static int opal_get_discv(struct opal_dev *dev, struct opal_discovery *discv)
+{
+ const struct opal_step discovery0_step = {
+ opal_discovery0, discv
+ };
+ int ret = 0;
+
+ mutex_lock(&dev->dev_lock);
+ setup_opal_dev(dev);
+ ret = execute_step(dev, &discovery0_step, 0);
+ mutex_unlock(&dev->dev_lock);
+ if (ret)
+ return ret;
+ return discv->size; /* modified to actual length of data */
+}
+
static int opal_erase_locking_range(struct opal_dev *dev,
struct opal_session_info *opal_session)
{
@@ -2685,6 +2713,10 @@ int sed_ioctl(struct opal_dev *dev, unsigned int cmd, void __user *arg)
case IOC_OPAL_GENERIC_TABLE_RW:
ret = opal_generic_read_write_table(dev, p);
break;
+ case IOC_OPAL_DISCOVERY:
+ ret = opal_get_discv(dev, p);
+ break;
+
default:
break;
}
diff --git a/include/linux/sed-opal.h b/include/linux/sed-opal.h
index 1ac0d712a9c3..9197b7a628f2 100644
--- a/include/linux/sed-opal.h
+++ b/include/linux/sed-opal.h
@@ -43,6 +43,7 @@ static inline bool is_sed_ioctl(unsigned int cmd)
case IOC_OPAL_MBR_DONE:
case IOC_OPAL_WRITE_SHADOW_MBR:
case IOC_OPAL_GENERIC_TABLE_RW:
+ case IOC_OPAL_DISCOVERY:
return true;
}
return false;
diff --git a/include/uapi/linux/sed-opal.h b/include/uapi/linux/sed-opal.h
index 6f5af1a84213..114636c19d31 100644
--- a/include/uapi/linux/sed-opal.h
+++ b/include/uapi/linux/sed-opal.h
@@ -132,6 +132,12 @@ struct opal_read_write_table {
__u64 priv;
};
+struct opal_discovery {
+ __u64 data;
+ __u64 size;
+};
+
+
#define IOC_OPAL_SAVE _IOW('p', 220, struct opal_lock_unlock)
#define IOC_OPAL_LOCK_UNLOCK _IOW('p', 221, struct opal_lock_unlock)
#define IOC_OPAL_TAKE_OWNERSHIP _IOW('p', 222, struct opal_key)
@@ -148,5 +154,6 @@ struct opal_read_write_table {
#define IOC_OPAL_MBR_DONE _IOW('p', 233, struct opal_mbr_done)
#define IOC_OPAL_WRITE_SHADOW_MBR _IOW('p', 234, struct opal_shadow_mbr)
#define IOC_OPAL_GENERIC_TABLE_RW _IOW('p', 235, struct opal_read_write_table)
+#define IOC_OPAL_DISCOVERY _IOW('p', 236, struct opal_discovery)
#endif /* _UAPI_SED_OPAL_H */
--
2.27.0
^ permalink raw reply related [flat|nested] 17+ messages in thread* Re: [PATCH 1/4] block: sed-opal: Implement IOC_OPAL_DISCOVERY
2022-07-18 21:01 ` [PATCH 1/4] block: sed-opal: Implement IOC_OPAL_DISCOVERY gjoyce
@ 2022-07-20 7:42 ` Christoph Hellwig
0 siblings, 0 replies; 17+ messages in thread
From: Christoph Hellwig @ 2022-07-20 7:42 UTC (permalink / raw)
To: gjoyce
Cc: linux-block, keyrings, dhowells, jarkko, jonathan.derrick,
brking, greg, gjoyce
On Mon, Jul 18, 2022 at 04:01:53PM -0500, gjoyce@linux.vnet.ibm.com wrote:
> + if (discv_out) {
> + buf_out = (u8 __user *)(uintptr_t)discv_out->data;
> + len_out = min(discv_out->size, (u64)hlen);
> + if (buf_out && copy_to_user(buf_out, dev->resp, len_out)) {
> + return -EFAULT;
> + }
No need for the braces here.
Otherwise looks good:
Reviewed-by: Christoph Hellwig <hch@lst.de>
^ permalink raw reply [flat|nested] 17+ messages in thread
* [PATCH 2/4] block: sed-opal: Implement IOC_OPAL_REVERT_LSP
2022-07-18 21:01 [PATCH 0/4] sed-opal: keyrings, discovery, revert and key store gjoyce
2022-07-18 21:01 ` [PATCH 1/4] block: sed-opal: Implement IOC_OPAL_DISCOVERY gjoyce
@ 2022-07-18 21:01 ` gjoyce
2022-07-20 7:44 ` Christoph Hellwig
2022-07-18 21:01 ` [PATCH 3/4] block: sed-opal: keyring support for SED Opal keys gjoyce
` (2 subsequent siblings)
4 siblings, 1 reply; 17+ messages in thread
From: gjoyce @ 2022-07-18 21:01 UTC (permalink / raw)
To: linux-block
Cc: keyrings, dhowells, jarkko, jonathan.derrick, brking, greg, gjoyce
From: Greg Joyce <gjoyce@linux.vnet.ibm.com>
This is used in conjunction with IOC_OPAL_REVERT_TPR to return a drive to
Original Factory State without erasing the data. If IOC_OPAL_REVERT_LSP
is called with opal_revert_lsp.options bit OPAL_PRESERVE set prior
to calling IOC_OPAL_REVERT_TPR, the drive global locking range will not
be erased.
Signed-off-by: Greg Joyce <gjoyce@linux.vnet.ibm.com>
---
block/opal_proto.h | 4 ++++
block/sed-opal.c | 42 ++++++++++++++++++++++++++++++++++-
include/linux/sed-opal.h | 1 +
include/uapi/linux/sed-opal.h | 9 ++++++++
4 files changed, 55 insertions(+), 1 deletion(-)
diff --git a/block/opal_proto.h b/block/opal_proto.h
index b486b3ec7dc4..6127c08267f8 100644
--- a/block/opal_proto.h
+++ b/block/opal_proto.h
@@ -210,6 +210,10 @@ enum opal_parameter {
OPAL_SUM_SET_LIST = 0x060000,
};
+enum opal_revertlsp {
+ OPAL_KEEP_GLOBAL_RANGE_KEY = 0x060000,
+};
+
/* Packets derived from:
* TCG_Storage_Architecture_Core_Spec_v2.01_r1.00
* Secion: 3.2.3 ComPackets, Packets & Subpackets
diff --git a/block/sed-opal.c b/block/sed-opal.c
index 4b9a7ffbf00f..feba36e54ae0 100644
--- a/block/sed-opal.c
+++ b/block/sed-opal.c
@@ -448,7 +448,7 @@ static int opal_discovery0_end(struct opal_dev *dev, void *data)
if (discv_out) {
buf_out = (u8 __user *)(uintptr_t)discv_out->data;
- len_out = min(discv_out->size, (u64)hlen);
+ len_out = min_t(u64, discv_out->size, hlen);
if (buf_out && copy_to_user(buf_out, dev->resp, len_out)) {
return -EFAULT;
}
@@ -1592,6 +1592,26 @@ static int internal_activate_user(struct opal_dev *dev, void *data)
return finalize_and_send(dev, parse_and_check_status);
}
+static int revert_lsp(struct opal_dev *dev, void *data)
+{
+ struct opal_revert_lsp *rev = data;
+ int err;
+
+ err = cmd_start(dev, opaluid[OPAL_THISSP_UID],
+ opalmethod[OPAL_REVERTSP]);
+ add_token_u8(&err, dev, OPAL_STARTNAME);
+ add_token_u64(&err, dev, OPAL_KEEP_GLOBAL_RANGE_KEY);
+ add_token_u8(&err, dev, (rev->options & OPAL_PRESERVE) ?
+ OPAL_TRUE : OPAL_FALSE);
+ add_token_u8(&err, dev, OPAL_ENDNAME);
+ if (err) {
+ pr_debug("Error building REVERT SP command.\n");
+ return err;
+ }
+
+ return finalize_and_send(dev, parse_and_check_status);
+}
+
static int erase_locking_range(struct opal_dev *dev, void *data)
{
struct opal_session_info *session = data;
@@ -2207,6 +2227,23 @@ static int opal_get_discv(struct opal_dev *dev, struct opal_discovery *discv)
return discv->size; /* modified to actual length of data */
}
+static int opal_revertlsp(struct opal_dev *dev, struct opal_revert_lsp *rev)
+{
+ /* controller will terminate session */
+ const struct opal_step steps[] = {
+ { start_admin1LSP_opal_session, &rev->key },
+ { revert_lsp, rev }
+ };
+ int ret;
+
+ mutex_lock(&dev->dev_lock);
+ setup_opal_dev(dev);
+ ret = execute_steps(dev, steps, ARRAY_SIZE(steps));
+ mutex_unlock(&dev->dev_lock);
+
+ return ret;
+}
+
static int opal_erase_locking_range(struct opal_dev *dev,
struct opal_session_info *opal_session)
{
@@ -2713,6 +2750,9 @@ int sed_ioctl(struct opal_dev *dev, unsigned int cmd, void __user *arg)
case IOC_OPAL_GENERIC_TABLE_RW:
ret = opal_generic_read_write_table(dev, p);
break;
+ case IOC_OPAL_REVERT_LSP:
+ ret = opal_revertlsp(dev, p);
+ break;
case IOC_OPAL_DISCOVERY:
ret = opal_get_discv(dev, p);
break;
diff --git a/include/linux/sed-opal.h b/include/linux/sed-opal.h
index 9197b7a628f2..3a6082ff97e7 100644
--- a/include/linux/sed-opal.h
+++ b/include/linux/sed-opal.h
@@ -43,6 +43,7 @@ static inline bool is_sed_ioctl(unsigned int cmd)
case IOC_OPAL_MBR_DONE:
case IOC_OPAL_WRITE_SHADOW_MBR:
case IOC_OPAL_GENERIC_TABLE_RW:
+ case IOC_OPAL_REVERT_LSP:
case IOC_OPAL_DISCOVERY:
return true;
}
diff --git a/include/uapi/linux/sed-opal.h b/include/uapi/linux/sed-opal.h
index 114636c19d31..afbce867b906 100644
--- a/include/uapi/linux/sed-opal.h
+++ b/include/uapi/linux/sed-opal.h
@@ -51,6 +51,10 @@ struct opal_key {
__u8 key[OPAL_KEY_MAX];
};
+enum opal_revert_lsp_opts {
+ OPAL_PRESERVE = 0x01,
+};
+
struct opal_lr_act {
struct opal_key key;
__u32 sum;
@@ -137,6 +141,10 @@ struct opal_discovery {
__u64 size;
};
+struct opal_revert_lsp {
+ struct opal_key key;
+ __u32 options;
+};
#define IOC_OPAL_SAVE _IOW('p', 220, struct opal_lock_unlock)
#define IOC_OPAL_LOCK_UNLOCK _IOW('p', 221, struct opal_lock_unlock)
@@ -155,5 +163,6 @@ struct opal_discovery {
#define IOC_OPAL_WRITE_SHADOW_MBR _IOW('p', 234, struct opal_shadow_mbr)
#define IOC_OPAL_GENERIC_TABLE_RW _IOW('p', 235, struct opal_read_write_table)
#define IOC_OPAL_DISCOVERY _IOW('p', 236, struct opal_discovery)
+#define IOC_OPAL_REVERT_LSP _IOW('p', 237, struct opal_revert_lsp)
#endif /* _UAPI_SED_OPAL_H */
--
2.27.0
^ permalink raw reply related [flat|nested] 17+ messages in thread* Re: [PATCH 2/4] block: sed-opal: Implement IOC_OPAL_REVERT_LSP
2022-07-18 21:01 ` [PATCH 2/4] block: sed-opal: Implement IOC_OPAL_REVERT_LSP gjoyce
@ 2022-07-20 7:44 ` Christoph Hellwig
0 siblings, 0 replies; 17+ messages in thread
From: Christoph Hellwig @ 2022-07-20 7:44 UTC (permalink / raw)
To: gjoyce
Cc: linux-block, keyrings, dhowells, jarkko, jonathan.derrick,
brking, greg, gjoyce
On Mon, Jul 18, 2022 at 04:01:54PM -0500, gjoyce@linux.vnet.ibm.com wrote:
> From: Greg Joyce <gjoyce@linux.vnet.ibm.com>
>
> This is used in conjunction with IOC_OPAL_REVERT_TPR to return a drive to
> Original Factory State without erasing the data. If IOC_OPAL_REVERT_LSP
> is called with opal_revert_lsp.options bit OPAL_PRESERVE set prior
> to calling IOC_OPAL_REVERT_TPR, the drive global locking range will not
> be erased.
>
> Signed-off-by: Greg Joyce <gjoyce@linux.vnet.ibm.com>
> ---
> block/opal_proto.h | 4 ++++
> block/sed-opal.c | 42 ++++++++++++++++++++++++++++++++++-
> include/linux/sed-opal.h | 1 +
> include/uapi/linux/sed-opal.h | 9 ++++++++
> 4 files changed, 55 insertions(+), 1 deletion(-)
>
> diff --git a/block/opal_proto.h b/block/opal_proto.h
> index b486b3ec7dc4..6127c08267f8 100644
> --- a/block/opal_proto.h
> +++ b/block/opal_proto.h
> @@ -210,6 +210,10 @@ enum opal_parameter {
> OPAL_SUM_SET_LIST = 0x060000,
> };
>
> +enum opal_revertlsp {
> + OPAL_KEEP_GLOBAL_RANGE_KEY = 0x060000,
> +};
> +
> /* Packets derived from:
> * TCG_Storage_Architecture_Core_Spec_v2.01_r1.00
> * Secion: 3.2.3 ComPackets, Packets & Subpackets
> diff --git a/block/sed-opal.c b/block/sed-opal.c
> index 4b9a7ffbf00f..feba36e54ae0 100644
> --- a/block/sed-opal.c
> +++ b/block/sed-opal.c
> @@ -448,7 +448,7 @@ static int opal_discovery0_end(struct opal_dev *dev, void *data)
>
> if (discv_out) {
> buf_out = (u8 __user *)(uintptr_t)discv_out->data;
> - len_out = min(discv_out->size, (u64)hlen);
> + len_out = min_t(u64, discv_out->size, hlen);
This seems like it should go into the previous patch (or just dropped).
> +
> struct opal_lr_act {
> struct opal_key key;
> __u32 sum;
> @@ -137,6 +141,10 @@ struct opal_discovery {
> __u64 size;
> };
>
> +struct opal_revert_lsp {
> + struct opal_key key;
> + __u32 options;
this wants a __u32 __pad at the end to avoid struct padding problems.
^ permalink raw reply [flat|nested] 17+ messages in thread
* [PATCH 3/4] block: sed-opal: keyring support for SED Opal keys
2022-07-18 21:01 [PATCH 0/4] sed-opal: keyrings, discovery, revert and key store gjoyce
2022-07-18 21:01 ` [PATCH 1/4] block: sed-opal: Implement IOC_OPAL_DISCOVERY gjoyce
2022-07-18 21:01 ` [PATCH 2/4] block: sed-opal: Implement IOC_OPAL_REVERT_LSP gjoyce
@ 2022-07-18 21:01 ` gjoyce
2022-07-19 6:49 ` Hannes Reinecke
2022-07-20 7:49 ` Christoph Hellwig
2022-07-18 21:01 ` [PATCH 4/4] arch_vars: create arch specific permanent store gjoyce
2022-07-28 7:43 ` [PATCH 0/4] sed-opal: keyrings, discovery, revert and key store Jarkko Sakkinen
4 siblings, 2 replies; 17+ messages in thread
From: gjoyce @ 2022-07-18 21:01 UTC (permalink / raw)
To: linux-block
Cc: keyrings, dhowells, jarkko, jonathan.derrick, brking, greg, gjoyce
From: Greg Joyce <gjoyce@linux.vnet.ibm.com>
Extend the SED block driver so it can alternatively
obtain a key from a sed-opal kernel keyring. The SED
ioctls will indicate the source of the key, either
directly in the ioctl data or from the keyring.
This allows the use of SED commands in scripts such as
udev scripts so that drives may be automatically unlocked
as they become available.
Signed-off-by: Greg Joyce <gjoyce@linux.vnet.ibm.com>
Reported-by: kernel test robot <lkp@intel.com>
---
block/Kconfig | 1 +
block/sed-opal.c | 198 +++++++++++++++++++++++++++++++++-
include/linux/sed-opal.h | 3 +
include/uapi/linux/sed-opal.h | 8 +-
4 files changed, 206 insertions(+), 4 deletions(-)
diff --git a/block/Kconfig b/block/Kconfig
index 50b17e260fa2..f65169e9356b 100644
--- a/block/Kconfig
+++ b/block/Kconfig
@@ -182,6 +182,7 @@ config BLK_DEBUG_FS_ZONED
config BLK_SED_OPAL
bool "Logic for interfacing with Opal enabled SEDs"
+ depends on KEYS
help
Builds Logic for interfacing with Opal enabled controllers.
Enabling this option enables users to setup/unlock/lock
diff --git a/block/sed-opal.c b/block/sed-opal.c
index feba36e54ae0..4cfc3458cba5 100644
--- a/block/sed-opal.c
+++ b/block/sed-opal.c
@@ -20,6 +20,10 @@
#include <linux/sed-opal.h>
#include <linux/string.h>
#include <linux/kdev_t.h>
+#include <linux/key.h>
+#include <linux/key-type.h>
+#include <linux/arch_vars.h>
+#include <keys/user-type.h>
#include "opal_proto.h"
@@ -29,6 +33,8 @@
/* Number of bytes needed by cmd_finalize. */
#define CMD_FINALIZE_BYTES_NEEDED 7
+static struct key *sed_opal_keyring;
+
struct opal_step {
int (*fn)(struct opal_dev *dev, void *data);
void *data;
@@ -266,6 +272,107 @@ static void print_buffer(const u8 *ptr, u32 length)
#endif
}
+/*
+ * Allocate/update a SED Opal key and add it to the SED Opal keyring.
+ */
+static int update_sed_opal_key(const char *desc, u_char *key_data, int keylen)
+{
+ int ret;
+ struct key *key;
+
+ if (!sed_opal_keyring)
+ return -ENOKEY;
+
+ key = key_alloc(&key_type_user, desc, GLOBAL_ROOT_UID, GLOBAL_ROOT_GID,
+ current_cred(),
+ KEY_USR_VIEW | KEY_USR_SEARCH | KEY_USR_WRITE,
+ 0,
+ NULL);
+ if (IS_ERR(key))
+ return PTR_ERR(key);
+
+ ret = key_instantiate_and_link(key, key_data, keylen,
+ sed_opal_keyring, NULL);
+ key_put(key);
+
+ return ret;
+}
+
+/*
+ * Read a SED Opal key from the SED Opal keyring.
+ */
+static int read_sed_opal_key(const char *key_name, u_char *buffer, int buflen)
+{
+ int ret;
+ key_ref_t kref;
+ struct key *key;
+
+ if (!sed_opal_keyring)
+ return -ENOKEY;
+
+ kref = keyring_search(make_key_ref(sed_opal_keyring, true),
+ &key_type_user,
+ key_name,
+ true);
+
+ if (IS_ERR(kref)) {
+ ret = PTR_ERR(kref);
+ } else {
+ key = key_ref_to_ptr(kref);
+ down_read(&key->sem);
+ ret = key_validate(key);
+ if (ret == 0) {
+ if (buflen > key->datalen)
+ buflen = key->datalen;
+
+ ret = key->type->read(key, (char *)buffer, buflen);
+ }
+ up_read(&key->sem);
+
+ key_ref_put(kref);
+ }
+
+ return ret;
+}
+
+static int opal_get_key(struct opal_dev *dev, struct opal_key *key)
+{
+ int ret = 0;
+
+ switch (key->key_type) {
+ case OPAL_INCLUDED:
+ /* the key is ready to use */
+ break;
+ case OPAL_KEYRING:
+ /* the key is in the keyring */
+ ret = read_sed_opal_key(OPAL_AUTH_KEY, key->key, OPAL_KEY_MAX);
+ if (ret > 0) {
+ if (ret > 255) {
+ ret = -ENOSPC;
+ goto error;
+ }
+ key->key_len = ret;
+ key->key_type = OPAL_INCLUDED;
+ }
+ break;
+ default:
+ ret = -EINVAL;
+ break;
+ }
+ if (ret < 0)
+ goto error;
+
+ /* must have a PEK by now or it's an error */
+ if (key->key_type != OPAL_INCLUDED || key->key_len == 0) {
+ ret = -EINVAL;
+ goto error;
+ }
+ return 0;
+error:
+ pr_debug("Error getting password: %d\n", ret);
+ return ret;
+}
+
static bool check_tper(const void *data)
{
const struct d0_tper_features *tper = data;
@@ -2203,6 +2310,9 @@ static int opal_secure_erase_locking_range(struct opal_dev *dev,
};
int ret;
+ ret = opal_get_key(dev, &opal_session->opal_key);
+ if (ret)
+ return ret;
mutex_lock(&dev->dev_lock);
setup_opal_dev(dev);
ret = execute_steps(dev, erase_steps, ARRAY_SIZE(erase_steps));
@@ -2236,6 +2346,9 @@ static int opal_revertlsp(struct opal_dev *dev, struct opal_revert_lsp *rev)
};
int ret;
+ ret = opal_get_key(dev, &rev->key);
+ if (ret)
+ return ret;
mutex_lock(&dev->dev_lock);
setup_opal_dev(dev);
ret = execute_steps(dev, steps, ARRAY_SIZE(steps));
@@ -2254,6 +2367,9 @@ static int opal_erase_locking_range(struct opal_dev *dev,
};
int ret;
+ ret = opal_get_key(dev, &opal_session->opal_key);
+ if (ret)
+ return ret;
mutex_lock(&dev->dev_lock);
setup_opal_dev(dev);
ret = execute_steps(dev, erase_steps, ARRAY_SIZE(erase_steps));
@@ -2282,6 +2398,9 @@ static int opal_enable_disable_shadow_mbr(struct opal_dev *dev,
opal_mbr->enable_disable != OPAL_MBR_DISABLE)
return -EINVAL;
+ ret = opal_get_key(dev, &opal_mbr->key);
+ if (ret)
+ return ret;
mutex_lock(&dev->dev_lock);
setup_opal_dev(dev);
ret = execute_steps(dev, mbr_steps, ARRAY_SIZE(mbr_steps));
@@ -2307,6 +2426,9 @@ static int opal_set_mbr_done(struct opal_dev *dev,
mbr_done->done_flag != OPAL_MBR_NOT_DONE)
return -EINVAL;
+ ret = opal_get_key(dev, &mbr_done->key);
+ if (ret)
+ return ret;
mutex_lock(&dev->dev_lock);
setup_opal_dev(dev);
ret = execute_steps(dev, mbr_steps, ARRAY_SIZE(mbr_steps));
@@ -2328,6 +2450,9 @@ static int opal_write_shadow_mbr(struct opal_dev *dev,
if (info->size == 0)
return 0;
+ ret = opal_get_key(dev, &info->key);
+ if (ret)
+ return ret;
mutex_lock(&dev->dev_lock);
setup_opal_dev(dev);
ret = execute_steps(dev, mbr_steps, ARRAY_SIZE(mbr_steps));
@@ -2384,6 +2509,9 @@ static int opal_add_user_to_lr(struct opal_dev *dev,
return -EINVAL;
}
+ ret = opal_get_key(dev, &lk_unlk->session.opal_key);
+ if (ret)
+ return ret;
mutex_lock(&dev->dev_lock);
setup_opal_dev(dev);
ret = execute_steps(dev, steps, ARRAY_SIZE(steps));
@@ -2406,6 +2534,10 @@ static int opal_reverttper(struct opal_dev *dev, struct opal_key *opal, bool psi
int ret;
+ ret = opal_get_key(dev, opal);
+
+ if (ret)
+ return ret;
mutex_lock(&dev->dev_lock);
setup_opal_dev(dev);
if (psid)
@@ -2468,6 +2600,9 @@ static int opal_lock_unlock(struct opal_dev *dev,
if (lk_unlk->session.who > OPAL_USER9)
return -EINVAL;
+ ret = opal_get_key(dev, &lk_unlk->session.opal_key);
+ if (ret)
+ return ret;
mutex_lock(&dev->dev_lock);
ret = __opal_lock_unlock(dev, lk_unlk);
mutex_unlock(&dev->dev_lock);
@@ -2490,6 +2625,9 @@ static int opal_take_ownership(struct opal_dev *dev, struct opal_key *opal)
if (!dev)
return -ENODEV;
+ ret = opal_get_key(dev, opal);
+ if (ret)
+ return ret;
mutex_lock(&dev->dev_lock);
setup_opal_dev(dev);
ret = execute_steps(dev, owner_steps, ARRAY_SIZE(owner_steps));
@@ -2512,6 +2650,9 @@ static int opal_activate_lsp(struct opal_dev *dev,
if (!opal_lr_act->num_lrs || opal_lr_act->num_lrs > OPAL_MAX_LRS)
return -EINVAL;
+ ret = opal_get_key(dev, &opal_lr_act->key);
+ if (ret)
+ return ret;
mutex_lock(&dev->dev_lock);
setup_opal_dev(dev);
ret = execute_steps(dev, active_steps, ARRAY_SIZE(active_steps));
@@ -2530,6 +2671,9 @@ static int opal_setup_locking_range(struct opal_dev *dev,
};
int ret;
+ ret = opal_get_key(dev, &opal_lrs->session.opal_key);
+ if (ret)
+ return ret;
mutex_lock(&dev->dev_lock);
setup_opal_dev(dev);
ret = execute_steps(dev, lr_steps, ARRAY_SIZE(lr_steps));
@@ -2556,6 +2700,19 @@ static int opal_set_new_pw(struct opal_dev *dev, struct opal_new_pw *opal_pw)
ret = execute_steps(dev, pw_steps, ARRAY_SIZE(pw_steps));
mutex_unlock(&dev->dev_lock);
+ if (ret == 0) {
+ /* update keyring and arch var with new password */
+ ret = arch_write_variable(ARCH_VAR_OPAL_KEY, OPAL_AUTH_KEY,
+ opal_pw->new_user_pw.opal_key.key,
+ opal_pw->new_user_pw.opal_key.key_len);
+ if (ret != -EOPNOTSUPP)
+ pr_warn("error updating SED key: %d\n", ret);
+
+ ret = update_sed_opal_key(OPAL_AUTH_KEY,
+ opal_pw->new_user_pw.opal_key.key,
+ opal_pw->new_user_pw.opal_key.key_len);
+ }
+
return ret;
}
@@ -2576,6 +2733,9 @@ static int opal_activate_user(struct opal_dev *dev,
return -EINVAL;
}
+ ret = opal_get_key(dev, &opal_session->opal_key);
+ if (ret)
+ return ret;
mutex_lock(&dev->dev_lock);
setup_opal_dev(dev);
ret = execute_steps(dev, act_steps, ARRAY_SIZE(act_steps));
@@ -2662,6 +2822,9 @@ static int opal_generic_read_write_table(struct opal_dev *dev,
{
int ret, bit_set;
+ ret = opal_get_key(dev, &rw_tbl->key);
+ if (ret)
+ return ret;
mutex_lock(&dev->dev_lock);
setup_opal_dev(dev);
@@ -2693,9 +2856,9 @@ int sed_ioctl(struct opal_dev *dev, unsigned int cmd, void __user *arg)
if (!capable(CAP_SYS_ADMIN))
return -EACCES;
if (!dev)
- return -ENOTSUPP;
+ return -EOPNOTSUPP;
if (!dev->supported)
- return -ENOTSUPP;
+ return -EOPNOTSUPP;
p = memdup_user(arg, _IOC_SIZE(cmd));
if (IS_ERR(p))
@@ -2756,7 +2919,6 @@ int sed_ioctl(struct opal_dev *dev, unsigned int cmd, void __user *arg)
case IOC_OPAL_DISCOVERY:
ret = opal_get_discv(dev, p);
break;
-
default:
break;
}
@@ -2765,3 +2927,33 @@ int sed_ioctl(struct opal_dev *dev, unsigned int cmd, void __user *arg)
return ret;
}
EXPORT_SYMBOL_GPL(sed_ioctl);
+
+static int __init sed_opal_init(void)
+{
+ int ret;
+ struct key *kr;
+ char init_sed_key[OPAL_KEY_MAX];
+ int keylen = OPAL_KEY_MAX;
+
+ kr = keyring_alloc(".sed_opal",
+ GLOBAL_ROOT_UID, GLOBAL_ROOT_GID, current_cred(),
+ (KEY_POS_ALL & ~KEY_POS_SETATTR) | KEY_USR_VIEW |
+ KEY_USR_READ | KEY_USR_SEARCH | KEY_USR_WRITE,
+ KEY_ALLOC_NOT_IN_QUOTA,
+ NULL, NULL);
+ if (IS_ERR(kr))
+ return PTR_ERR(kr);
+
+ sed_opal_keyring = kr;
+
+ if (arch_read_variable(ARCH_VAR_OPAL_KEY, OPAL_AUTH_KEY, init_sed_key,
+ &keylen) < 0) {
+ memset(init_sed_key, '\0', sizeof(init_sed_key));
+ keylen = OPAL_KEY_MAX;
+ }
+
+ ret = update_sed_opal_key(OPAL_AUTH_KEY, init_sed_key, keylen);
+
+ return ret;
+}
+late_initcall(sed_opal_init);
diff --git a/include/linux/sed-opal.h b/include/linux/sed-opal.h
index 3a6082ff97e7..ed21e47bf773 100644
--- a/include/linux/sed-opal.h
+++ b/include/linux/sed-opal.h
@@ -24,6 +24,9 @@ bool opal_unlock_from_suspend(struct opal_dev *dev);
struct opal_dev *init_opal_dev(void *data, sec_send_recv *send_recv);
int sed_ioctl(struct opal_dev *dev, unsigned int cmd, void __user *ioctl_ptr);
+#define OPAL_AUTH_KEY "opal-boot-pin"
+#define OPAL_AUTH_KEY_PREV "opal-boot-pin-prev"
+
static inline bool is_sed_ioctl(unsigned int cmd)
{
switch (cmd) {
diff --git a/include/uapi/linux/sed-opal.h b/include/uapi/linux/sed-opal.h
index afbce867b906..aacaa4c8823f 100644
--- a/include/uapi/linux/sed-opal.h
+++ b/include/uapi/linux/sed-opal.h
@@ -44,10 +44,16 @@ enum opal_lock_state {
OPAL_LK = 0x04, /* 0100 */
};
+enum opal_key_type {
+ OPAL_INCLUDED = 0, /* key[] is the key */
+ OPAL_KEYRING, /* key is in keyring */
+};
+
struct opal_key {
__u8 lr;
__u8 key_len;
- __u8 __align[6];
+ __u8 key_type;
+ __u8 __align[5];
__u8 key[OPAL_KEY_MAX];
};
--
2.27.0
^ permalink raw reply related [flat|nested] 17+ messages in thread* Re: [PATCH 3/4] block: sed-opal: keyring support for SED Opal keys
2022-07-18 21:01 ` [PATCH 3/4] block: sed-opal: keyring support for SED Opal keys gjoyce
@ 2022-07-19 6:49 ` Hannes Reinecke
2022-07-20 7:49 ` Christoph Hellwig
1 sibling, 0 replies; 17+ messages in thread
From: Hannes Reinecke @ 2022-07-19 6:49 UTC (permalink / raw)
To: gjoyce, linux-block
Cc: keyrings, dhowells, jarkko, jonathan.derrick, brking, greg, gjoyce
On 7/18/22 23:01, gjoyce@linux.vnet.ibm.com wrote:
> From: Greg Joyce <gjoyce@linux.vnet.ibm.com>
>
> Extend the SED block driver so it can alternatively
> obtain a key from a sed-opal kernel keyring. The SED
> ioctls will indicate the source of the key, either
> directly in the ioctl data or from the keyring.
>
> This allows the use of SED commands in scripts such as
> udev scripts so that drives may be automatically unlocked
> as they become available.
>
> Signed-off-by: Greg Joyce <gjoyce@linux.vnet.ibm.com>
> Reported-by: kernel test robot <lkp@intel.com>
> ---
> block/Kconfig | 1 +
> block/sed-opal.c | 198 +++++++++++++++++++++++++++++++++-
> include/linux/sed-opal.h | 3 +
> include/uapi/linux/sed-opal.h | 8 +-
> 4 files changed, 206 insertions(+), 4 deletions(-)
>
> diff --git a/block/Kconfig b/block/Kconfig
> index 50b17e260fa2..f65169e9356b 100644
> --- a/block/Kconfig
> +++ b/block/Kconfig
> @@ -182,6 +182,7 @@ config BLK_DEBUG_FS_ZONED
>
> config BLK_SED_OPAL
> bool "Logic for interfacing with Opal enabled SEDs"
> + depends on KEYS
> help
> Builds Logic for interfacing with Opal enabled controllers.
> Enabling this option enables users to setup/unlock/lock
> diff --git a/block/sed-opal.c b/block/sed-opal.c
> index feba36e54ae0..4cfc3458cba5 100644
> --- a/block/sed-opal.c
> +++ b/block/sed-opal.c
> @@ -20,6 +20,10 @@
> #include <linux/sed-opal.h>
> #include <linux/string.h>
> #include <linux/kdev_t.h>
> +#include <linux/key.h>
> +#include <linux/key-type.h>
> +#include <linux/arch_vars.h>
> +#include <keys/user-type.h>
>
> #include "opal_proto.h"
>
> @@ -29,6 +33,8 @@
> /* Number of bytes needed by cmd_finalize. */
> #define CMD_FINALIZE_BYTES_NEEDED 7
>
> +static struct key *sed_opal_keyring;
> +
> struct opal_step {
> int (*fn)(struct opal_dev *dev, void *data);
> void *data;
> @@ -266,6 +272,107 @@ static void print_buffer(const u8 *ptr, u32 length)
> #endif
> }
>
> +/*
> + * Allocate/update a SED Opal key and add it to the SED Opal keyring.
> + */
> +static int update_sed_opal_key(const char *desc, u_char *key_data, int keylen)
> +{
> + int ret;
> + struct key *key;
> +
> + if (!sed_opal_keyring)
> + return -ENOKEY;
> +
> + key = key_alloc(&key_type_user, desc, GLOBAL_ROOT_UID, GLOBAL_ROOT_GID,
> + current_cred(),
> + KEY_USR_VIEW | KEY_USR_SEARCH | KEY_USR_WRITE,
> + 0,
> + NULL);
> + if (IS_ERR(key))
> + return PTR_ERR(key);
> +
> + ret = key_instantiate_and_link(key, key_data, keylen,
> + sed_opal_keyring, NULL);
> + key_put(key);
> +
Maybe you should consider 'key_create_or_update() here, as it combines
both operations.
Also the 'key_instantiate_and_link()' operation will always insert the
key, so you might end up with key duplicates.
Cheers,
Hannes
^ permalink raw reply [flat|nested] 17+ messages in thread* Re: [PATCH 3/4] block: sed-opal: keyring support for SED Opal keys
2022-07-18 21:01 ` [PATCH 3/4] block: sed-opal: keyring support for SED Opal keys gjoyce
2022-07-19 6:49 ` Hannes Reinecke
@ 2022-07-20 7:49 ` Christoph Hellwig
1 sibling, 0 replies; 17+ messages in thread
From: Christoph Hellwig @ 2022-07-20 7:49 UTC (permalink / raw)
To: gjoyce
Cc: linux-block, keyrings, dhowells, jarkko, jonathan.derrick,
brking, greg, gjoyce
I don't know the keyring code at all, so just some nitpicks here:
> + kref = keyring_search(make_key_ref(sed_opal_keyring, true),
> + &key_type_user,
> + key_name,
> + true);
> +
> + if (IS_ERR(kref)) {
> + ret = PTR_ERR(kref);
Just return directly here instead of indenting the main path. Also the
parameter list and empty line here look odd. Why not:
kref = keyring_search(make_key_ref(sed_opal_keyring, true),
&key_type_user, key_name, true);
if (IS_ERR(kref))
return PTR_ERR(kref);
?
> ret = execute_steps(dev, pw_steps, ARRAY_SIZE(pw_steps));
> mutex_unlock(&dev->dev_lock);
>
> + if (ret == 0) {
if (ret)
return ret;
and avoid the indentation below.
> + ret = update_sed_opal_key(OPAL_AUTH_KEY, init_sed_key, keylen);
> +
> + return ret;
return update_sed_opal_key(OPAL_AUTH_KEY, init_sed_key, keylen);
>
> +enum opal_key_type {
> + OPAL_INCLUDED = 0, /* key[] is the key */
> + OPAL_KEYRING, /* key is in keyring */
> +};
> +
> struct opal_key {
> __u8 lr;
> __u8 key_len;
> - __u8 __align[6];
> + __u8 key_type;
> + __u8 __align[5];
Can we assume this was always zero initialized before?
^ permalink raw reply [flat|nested] 17+ messages in thread
* [PATCH 4/4] arch_vars: create arch specific permanent store
2022-07-18 21:01 [PATCH 0/4] sed-opal: keyrings, discovery, revert and key store gjoyce
` (2 preceding siblings ...)
2022-07-18 21:01 ` [PATCH 3/4] block: sed-opal: keyring support for SED Opal keys gjoyce
@ 2022-07-18 21:01 ` gjoyce
2022-07-20 7:50 ` Christoph Hellwig
2022-07-28 7:43 ` [PATCH 0/4] sed-opal: keyrings, discovery, revert and key store Jarkko Sakkinen
4 siblings, 1 reply; 17+ messages in thread
From: gjoyce @ 2022-07-18 21:01 UTC (permalink / raw)
To: linux-block
Cc: keyrings, dhowells, jarkko, jonathan.derrick, brking, greg, gjoyce
From: Greg Joyce <gjoyce@linux.vnet.ibm.com>
Platforms that have a permanent key store may provide unique
platform dependent functions to read/write variables. The
default (weak) functions return -EOPNOTSUPP unless overridden
by architecture/platform versions.
Signed-off-by: Greg Joyce <gjoyce@linux.vnet.ibm.com>
---
include/linux/arch_vars.h | 23 +++++++++++++++++++++++
lib/Makefile | 2 +-
lib/arch_vars.c | 25 +++++++++++++++++++++++++
3 files changed, 49 insertions(+), 1 deletion(-)
create mode 100644 include/linux/arch_vars.h
create mode 100644 lib/arch_vars.c
diff --git a/include/linux/arch_vars.h b/include/linux/arch_vars.h
new file mode 100644
index 000000000000..9c280ff9432e
--- /dev/null
+++ b/include/linux/arch_vars.h
@@ -0,0 +1,23 @@
+/* SPDX-License-Identifier: GPL-2.0 */
+/*
+ * Platform variable opearations.
+ *
+ * Copyright (C) 2022 IBM Corporation
+ *
+ * These are the accessor functions (read/write) for architecture specific
+ * variables. Specific architectures can provide overrides.
+ *
+ */
+
+#include <linux/kernel.h>
+
+enum arch_variable_type {
+ ARCH_VAR_OPAL_KEY = 0, /* SED Opal Authentication Key */
+ ARCH_VAR_OTHER = 1, /* Other type of variable */
+ ARCH_VAR_MAX = 1, /* Maximum type value */
+};
+
+int arch_read_variable(enum arch_variable_type type, char *varname,
+ void *varbuf, u_int *varlen);
+int arch_write_variable(enum arch_variable_type type, char *varname,
+ void *varbuf, u_int varlen);
diff --git a/lib/Makefile b/lib/Makefile
index f99bf61f8bbc..b90c4cb0dbbb 100644
--- a/lib/Makefile
+++ b/lib/Makefile
@@ -48,7 +48,7 @@ obj-y += bcd.o sort.o parser.o debug_locks.o random32.o \
bsearch.o find_bit.o llist.o memweight.o kfifo.o \
percpu-refcount.o rhashtable.o \
once.o refcount.o usercopy.o errseq.o bucket_locks.o \
- generic-radix-tree.o
+ generic-radix-tree.o arch_vars.o
obj-$(CONFIG_STRING_SELFTEST) += test_string.o
obj-y += string_helpers.o
obj-$(CONFIG_TEST_STRING_HELPERS) += test-string_helpers.o
diff --git a/lib/arch_vars.c b/lib/arch_vars.c
new file mode 100644
index 000000000000..e6f16d7d09c1
--- /dev/null
+++ b/lib/arch_vars.c
@@ -0,0 +1,25 @@
+// SPDX-License-Identifier: GPL-2.0-only
+/*
+ * Platform variable operations.
+ *
+ * Copyright (C) 2022 IBM Corporation
+ *
+ * These are the accessor functions (read/write) for architecture specific
+ * variables. Specific architectures can provide overrides.
+ *
+ */
+
+#include <linux/kernel.h>
+#include <linux/arch_vars.h>
+
+int __weak arch_read_variable(enum arch_variable_type type, char *varname,
+ void *varbuf, u_int *varlen)
+{
+ return -EOPNOTSUPP;
+}
+
+int __weak arch_write_variable(enum arch_variable_type type, char *varname,
+ void *varbuf, u_int varlen)
+{
+ return -EOPNOTSUPP;
+}
--
2.27.0
^ permalink raw reply related [flat|nested] 17+ messages in thread* Re: [PATCH 4/4] arch_vars: create arch specific permanent store
2022-07-18 21:01 ` [PATCH 4/4] arch_vars: create arch specific permanent store gjoyce
@ 2022-07-20 7:50 ` Christoph Hellwig
2022-07-26 18:53 ` Greg Joyce
0 siblings, 1 reply; 17+ messages in thread
From: Christoph Hellwig @ 2022-07-20 7:50 UTC (permalink / raw)
To: gjoyce
Cc: linux-block, keyrings, dhowells, jarkko, jonathan.derrick,
brking, greg, gjoyce
On Mon, Jul 18, 2022 at 04:01:56PM -0500, gjoyce@linux.vnet.ibm.com wrote:
> From: Greg Joyce <gjoyce@linux.vnet.ibm.com>
>
> Platforms that have a permanent key store may provide unique
> platform dependent functions to read/write variables. The
> default (weak) functions return -EOPNOTSUPP unless overridden
> by architecture/platform versions.
This is still lacking any useful implementation. It also seems to be
used in patch 3 before it actually is used.
As the functionality seems optional I'd suggest to drop this patch for
now and not call it from patch 3, and do a separate series later that
adds the infrastructure, at leat one useful backend and the caller.
^ permalink raw reply [flat|nested] 17+ messages in thread
* Re: [PATCH 4/4] arch_vars: create arch specific permanent store
2022-07-20 7:50 ` Christoph Hellwig
@ 2022-07-26 18:53 ` Greg Joyce
0 siblings, 0 replies; 17+ messages in thread
From: Greg Joyce @ 2022-07-26 18:53 UTC (permalink / raw)
To: Christoph Hellwig
Cc: linux-block, keyrings, dhowells, jarkko, jonathan.derrick,
brking, greg, gjoyce
On Wed, 2022-07-20 at 00:50 -0700, Christoph Hellwig wrote:
> On Mon, Jul 18, 2022 at 04:01:56PM -0500, gjoyce@linux.vnet.ibm.com
> wrote:
> > From: Greg Joyce <gjoyce@linux.vnet.ibm.com>
> >
> > Platforms that have a permanent key store may provide unique
> > platform dependent functions to read/write variables. The
> > default (weak) functions return -EOPNOTSUPP unless overridden
> > by architecture/platform versions.
>
> This is still lacking any useful implementation. It also seems to be
> used in patch 3 before it actually is used.
>
> As the functionality seems optional I'd suggest to drop this patch
> for
> now and not call it from patch 3, and do a separate series later that
> adds the infrastructure, at leat one useful backend and the caller.
It's kind of a chicken and egg thing. I'd hoped to add the
infrastructure and follow it up with another pseries specific patchset
that provided platform specific implementations of those functions.
But I can break it up as you suggest. I'll include your other comments
as well as the keyring suggestion from Hannes.
^ permalink raw reply [flat|nested] 17+ messages in thread
* Re: [PATCH 0/4] sed-opal: keyrings, discovery, revert and key store
2022-07-18 21:01 [PATCH 0/4] sed-opal: keyrings, discovery, revert and key store gjoyce
` (3 preceding siblings ...)
2022-07-18 21:01 ` [PATCH 4/4] arch_vars: create arch specific permanent store gjoyce
@ 2022-07-28 7:43 ` Jarkko Sakkinen
4 siblings, 0 replies; 17+ messages in thread
From: Jarkko Sakkinen @ 2022-07-28 7:43 UTC (permalink / raw)
To: gjoyce
Cc: linux-block, keyrings, dhowells, jonathan.derrick, brking, greg, gjoyce
On Mon, Jul 18, 2022 at 04:01:52PM -0500, gjoyce@linux.vnet.ibm.com wrote:
> From: Greg Joyce <gjoyce@linux.vnet.ibm.com>
>
> The current TCG SED Opal implementation in the block
> driver requires that authentication keys be provided
> in an ioctl so that they can be presented to the
> underlying SED Opal capable drive. Currently, the key
> is typically entered by a user with an application
> like sedutil or sedcli. While this process works, it
> does not lend itself to automation like unlock by a udev
> rule.
Please explain also what SED Opal is.
>
> Extend the SED block driver so it can alternatively
> obtain a key from a sed-opal kernel keyring. The SED
> ioctls will indicate the source of the key, either
> directly in the ioctl data or from the keyring.
>
> Two new SED ioctls have also been added. These are:
> 1) IOC_OPAL_REVERT_LSP to revert LSP state
> 2) IOC_OPAL_DISCOVERY to discover drive capabilities/state
>
> Also, for platforms that have a permanent key store, the
> platform may provide unique platform dependent functions
> to read/write variables. The SED block driver has been
> modified to attempt to read a key from the platform key
> store. If successful, the key value is saved in the kernel
> sed-opal keyring. If the platform does not support a
> permanent key store, the read will fail and a key will
> not be added to the keyring. This patchset does not include
> any providers of the variable read/write functions.
>
> Signed-off-by: Greg Joyce <gjoyce@linux.vnet.ibm.com>
> Reported-by: kernel test robot <lkp@intel.com>
> base-commit: ff6992735ade75aae3e35d16b17da1008d753d28
>
> Greg Joyce (4):
> block: sed-opal: Implement IOC_OPAL_DISCOVERY
> block: sed-opal: Implement IOC_OPAL_REVERT_LSP
> block: sed-opal: keyring support for SED Opal keys
> arch_vars: create arch specific permanent store
>
> block/Kconfig | 1 +
> block/opal_proto.h | 4 +
> block/sed-opal.c | 274 +++++++++++++++++++++++++++++++++-
> include/linux/arch_vars.h | 23 +++
> include/linux/sed-opal.h | 5 +
> include/uapi/linux/sed-opal.h | 24 ++-
> lib/Makefile | 2 +-
> lib/arch_vars.c | 25 ++++
> 8 files changed, 351 insertions(+), 7 deletions(-)
> create mode 100644 include/linux/arch_vars.h
> create mode 100644 lib/arch_vars.c
>
>
> --
> 2.27.0
>
BR, Jarkko
^ permalink raw reply [flat|nested] 17+ messages in thread