[PATCH] block: sed-opal: Change the check condition for regular session validity

[PATCH] block: sed-opal: Change the check condition for regular session validity

[Revanth Rajashekar]

This patch changes the check condition for the validity/authentication
of the session.

1. The Host Session Number(HSN) in the response should match the HSN for
   the session.
2. The TPER Session Number(TSN) can never be less than 4096 for a regular
   session.

Reference:
Section 3.2.2.1   of https://trustedcomputinggroup.org/wp-content/uploads/TCG_Storage_Opal_SSC_Application_Note_1-00_1-00-Final.pdf
Section 3.3.7.1.1 of https://trustedcomputinggroup.org/wp-content/uploads/TCG_Storage_Architecture_Core_Spec_v2.01_r1.00.pdf

Co-developed-by: Andrzej Jakowski <andrzej.jakowski@linux.intel.com>
Signed-off-by: Andrzej Jakowski <andrzej.jakowski@linux.intel.com>
Signed-off-by: Revanth Rajashekar <revanth.rajashekar@intel.com>
---
 block/opal_proto.h | 1 +
 block/sed-opal.c   | 2 +-
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/block/opal_proto.h b/block/opal_proto.h
index 325cbba2465f..27740baad61d 100644
--- a/block/opal_proto.h
+++ b/block/opal_proto.h
@@ -36,6 +36,7 @@ enum opal_response_token {

 #define DTAERROR_NO_METHOD_STATUS 0x89
 #define GENERIC_HOST_SESSION_NUM 0x41
+#define RSVD_TPER_SESSION_NUM	4096

 #define TPER_SYNC_SUPPORTED 0x01
 #define MBR_ENABLED_MASK 0x10
diff --git a/block/sed-opal.c b/block/sed-opal.c
index 880cc57a5f6b..f2b61a868901 100644
--- a/block/sed-opal.c
+++ b/block/sed-opal.c
@@ -1056,7 +1056,7 @@ static int start_opal_session_cont(struct opal_dev *dev)
 	hsn = response_get_u64(&dev->parsed, 4);
 	tsn = response_get_u64(&dev->parsed, 5);

-	if (hsn == 0 && tsn == 0) {
+	if (hsn != GENERIC_HOST_SESSION_NUM || tsn < RSVD_TPER_SESSION_NUM) {
 		pr_debug("Couldn't authenticate session\n");
 		return -EPERM;
 	}
--
2.17.1

Re: [PATCH] block: sed-opal: Change the check condition for regular session validity

[Derrick, Jonathan]

Hi Revanth

On Fri, 2020-02-28 at 15:42 -0700, Revanth Rajashekar wrote:
> This patch changes the check condition for the validity/authentication
> of the session.
> 
> 1. The Host Session Number(HSN) in the response should match the HSN for
>    the session.
> 2. The TPER Session Number(TSN) can never be less than 4096 for a regular
>    session.
> 
> Reference:
> Section 3.2.2.1   of https://trustedcomputinggroup.org/wp-content/uploads/TCG_Storage_Opal_SSC_Application_Note_1-00_1-00-Final.pdf
> Section 3.3.7.1.1 of https://trustedcomputinggroup.org/wp-content/uploads/TCG_Storage_Architecture_Core_Spec_v2.01_r1.00.pdf
> 
> Co-developed-by: Andrzej Jakowski <andrzej.jakowski@linux.intel.com>
> Signed-off-by: Andrzej Jakowski <andrzej.jakowski@linux.intel.com>
> Signed-off-by: Revanth Rajashekar <revanth.rajashekar@intel.com>
> ---
>  block/opal_proto.h | 1 +
>  block/sed-opal.c   | 2 +-
>  2 files changed, 2 insertions(+), 1 deletion(-)
> 
> diff --git a/block/opal_proto.h b/block/opal_proto.h
> index 325cbba2465f..27740baad61d 100644
> --- a/block/opal_proto.h
> +++ b/block/opal_proto.h
> @@ -36,6 +36,7 @@ enum opal_response_token {
> 
>  #define DTAERROR_NO_METHOD_STATUS 0x89
>  #define GENERIC_HOST_SESSION_NUM 0x41
> +#define RSVD_TPER_SESSION_NUM	4096
This seems confusing as it looks like 4096 the Reserved session rather
than 0-4095.
Can you name it appropriately?


> 
>  #define TPER_SYNC_SUPPORTED 0x01
>  #define MBR_ENABLED_MASK 0x10
> diff --git a/block/sed-opal.c b/block/sed-opal.c
> index 880cc57a5f6b..f2b61a868901 100644
> --- a/block/sed-opal.c
> +++ b/block/sed-opal.c
> @@ -1056,7 +1056,7 @@ static int start_opal_session_cont(struct opal_dev *dev)
>  	hsn = response_get_u64(&dev->parsed, 4);
>  	tsn = response_get_u64(&dev->parsed, 5);
> 
> -	if (hsn == 0 && tsn == 0) {
> +	if (hsn != GENERIC_HOST_SESSION_NUM || tsn < RSVD_TPER_SESSION_NUM) {
>  		pr_debug("Couldn't authenticate session\n");
>  		return -EPERM;
>  	}
> --
> 2.17.1
> 

Re: [PATCH] block: sed-opal: Change the check condition for regular session validity

[Rajashekar, Revanth]

Hi Jon,

On 2/28/2020 3:57 PM, Derrick, Jonathan wrote:
> Hi Revanth
>
> On Fri, 2020-02-28 at 15:42 -0700, Revanth Rajashekar wrote:
>> This patch changes the check condition for the validity/authentication
>> of the session.
>>
>> 1. The Host Session Number(HSN) in the response should match the HSN for
>>    the session.
>> 2. The TPER Session Number(TSN) can never be less than 4096 for a regular
>>    session.
>>
>> Reference:
>> Section 3.2.2.1   of https://trustedcomputinggroup.org/wp-content/uploads/TCG_Storage_Opal_SSC_Application_Note_1-00_1-00-Final.pdf
>> Section 3.3.7.1.1 of https://trustedcomputinggroup.org/wp-content/uploads/TCG_Storage_Architecture_Core_Spec_v2.01_r1.00.pdf
>>
>> Co-developed-by: Andrzej Jakowski <andrzej.jakowski@linux.intel.com>
>> Signed-off-by: Andrzej Jakowski <andrzej.jakowski@linux.intel.com>
>> Signed-off-by: Revanth Rajashekar <revanth.rajashekar@intel.com>
>> ---
>>  block/opal_proto.h | 1 +
>>  block/sed-opal.c   | 2 +-
>>  2 files changed, 2 insertions(+), 1 deletion(-)
>>
>> diff --git a/block/opal_proto.h b/block/opal_proto.h
>> index 325cbba2465f..27740baad61d 100644
>> --- a/block/opal_proto.h
>> +++ b/block/opal_proto.h
>> @@ -36,6 +36,7 @@ enum opal_response_token {
>>
>>  #define DTAERROR_NO_METHOD_STATUS 0x89
>>  #define GENERIC_HOST_SESSION_NUM 0x41
>> +#define RSVD_TPER_SESSION_NUM	4096
> This seems confusing as it looks like 4096 the Reserved session rather
> than 0-4095.
> Can you name it appropriately?
Sure, do you think INIT_TPER_SESSION_NUM would be appropriate..?
>
>>  #define TPER_SYNC_SUPPORTED 0x01
>>  #define MBR_ENABLED_MASK 0x10
>> diff --git a/block/sed-opal.c b/block/sed-opal.c
>> index 880cc57a5f6b..f2b61a868901 100644
>> --- a/block/sed-opal.c
>> +++ b/block/sed-opal.c
>> @@ -1056,7 +1056,7 @@ static int start_opal_session_cont(struct opal_dev *dev)
>>  	hsn = response_get_u64(&dev->parsed, 4);
>>  	tsn = response_get_u64(&dev->parsed, 5);
>>
>> -	if (hsn == 0 && tsn == 0) {
>> +	if (hsn != GENERIC_HOST_SESSION_NUM || tsn < RSVD_TPER_SESSION_NUM) {
>>  		pr_debug("Couldn't authenticate session\n");
>>  		return -EPERM;
>>  	}
>> --
>> 2.17.1
>>

Re: [PATCH] block: sed-opal: Change the check condition for regular session validity

[Derrick, Jonathan]

On Fri, 2020-02-28 at 16:01 -0700, Rajashekar, Revanth wrote:
> Hi Jon,
> 
> On 2/28/2020 3:57 PM, Derrick, Jonathan wrote:
> > Hi Revanth
> > 
> > On Fri, 2020-02-28 at 15:42 -0700, Revanth Rajashekar wrote:
> > > This patch changes the check condition for the validity/authentication
> > > of the session.
> > > 
> > > 1. The Host Session Number(HSN) in the response should match the HSN for
> > >    the session.
> > > 2. The TPER Session Number(TSN) can never be less than 4096 for a regular
> > >    session.
> > > 
> > > Reference:
> > > Section 3.2.2.1   of https://trustedcomputinggroup.org/wp-content/uploads/TCG_Storage_Opal_SSC_Application_Note_1-00_1-00-Final.pdf
> > > Section 3.3.7.1.1 of https://trustedcomputinggroup.org/wp-content/uploads/TCG_Storage_Architecture_Core_Spec_v2.01_r1.00.pdf
> > > 
> > > Co-developed-by: Andrzej Jakowski <andrzej.jakowski@linux.intel.com>
> > > Signed-off-by: Andrzej Jakowski <andrzej.jakowski@linux.intel.com>
> > > Signed-off-by: Revanth Rajashekar <revanth.rajashekar@intel.com>
> > > ---
> > >  block/opal_proto.h | 1 +
> > >  block/sed-opal.c   | 2 +-
> > >  2 files changed, 2 insertions(+), 1 deletion(-)
> > > 
> > > diff --git a/block/opal_proto.h b/block/opal_proto.h
> > > index 325cbba2465f..27740baad61d 100644
> > > --- a/block/opal_proto.h
> > > +++ b/block/opal_proto.h
> > > @@ -36,6 +36,7 @@ enum opal_response_token {
> > > 
> > >  #define DTAERROR_NO_METHOD_STATUS 0x89
> > >  #define GENERIC_HOST_SESSION_NUM 0x41
> > > +#define RSVD_TPER_SESSION_NUM	4096
> > This seems confusing as it looks like 4096 the Reserved session rather
> > than 0-4095.
> > Can you name it appropriately?
> Sure, do you think INIT_TPER_SESSION_NUM would be appropriate..?
Init could be confused with Initialize
Maybe MIN_TPER_SESSION_NUM or FIRST_... ?

Thanks for thinking about this.

> > >  #define TPER_SYNC_SUPPORTED 0x01
> > >  #define MBR_ENABLED_MASK 0x10
> > > diff --git a/block/sed-opal.c b/block/sed-opal.c
> > > index 880cc57a5f6b..f2b61a868901 100644
> > > --- a/block/sed-opal.c
> > > +++ b/block/sed-opal.c
> > > @@ -1056,7 +1056,7 @@ static int start_opal_session_cont(struct opal_dev *dev)
> > >  	hsn = response_get_u64(&dev->parsed, 4);
> > >  	tsn = response_get_u64(&dev->parsed, 5);
> > > 
> > > -	if (hsn == 0 && tsn == 0) {
> > > +	if (hsn != GENERIC_HOST_SESSION_NUM || tsn < RSVD_TPER_SESSION_NUM) {
> > >  		pr_debug("Couldn't authenticate session\n");
> > >  		return -EPERM;
> > >  	}
> > > --
> > > 2.17.1
> > > 

Re: [PATCH] block: sed-opal: Change the check condition for regular session validity

[Rajashekar, Revanth]

On 2/28/2020 4:07 PM, Derrick, Jonathan wrote:
> On Fri, 2020-02-28 at 16:01 -0700, Rajashekar, Revanth wrote:
>> Hi Jon,
>>
>> On 2/28/2020 3:57 PM, Derrick, Jonathan wrote:
>>> Hi Revanth
>>>
>>> On Fri, 2020-02-28 at 15:42 -0700, Revanth Rajashekar wrote:
>>>> This patch changes the check condition for the validity/authentication
>>>> of the session.
>>>>
>>>> 1. The Host Session Number(HSN) in the response should match the HSN for
>>>>    the session.
>>>> 2. The TPER Session Number(TSN) can never be less than 4096 for a regular
>>>>    session.
>>>>
>>>> Reference:
>>>> Section 3.2.2.1   of https://trustedcomputinggroup.org/wp-content/uploads/TCG_Storage_Opal_SSC_Application_Note_1-00_1-00-Final.pdf
>>>> Section 3.3.7.1.1 of https://trustedcomputinggroup.org/wp-content/uploads/TCG_Storage_Architecture_Core_Spec_v2.01_r1.00.pdf
>>>>
>>>> Co-developed-by: Andrzej Jakowski <andrzej.jakowski@linux.intel.com>
>>>> Signed-off-by: Andrzej Jakowski <andrzej.jakowski@linux.intel.com>
>>>> Signed-off-by: Revanth Rajashekar <revanth.rajashekar@intel.com>
>>>> ---
>>>>  block/opal_proto.h | 1 +
>>>>  block/sed-opal.c   | 2 +-
>>>>  2 files changed, 2 insertions(+), 1 deletion(-)
>>>>
>>>> diff --git a/block/opal_proto.h b/block/opal_proto.h
>>>> index 325cbba2465f..27740baad61d 100644
>>>> --- a/block/opal_proto.h
>>>> +++ b/block/opal_proto.h
>>>> @@ -36,6 +36,7 @@ enum opal_response_token {
>>>>
>>>>  #define DTAERROR_NO_METHOD_STATUS 0x89
>>>>  #define GENERIC_HOST_SESSION_NUM 0x41
>>>> +#define RSVD_TPER_SESSION_NUM	4096
>>> This seems confusing as it looks like 4096 the Reserved session rather
>>> than 0-4095.
>>> Can you name it appropriately?
>> Sure, do you think INIT_TPER_SESSION_NUM would be appropriate..?
> Init could be confused with Initialize
> Maybe MIN_TPER_SESSION_NUM or FIRST_... ?
FIRST_TPER_SESSION_NUM sounds good for me :)
>
> Thanks for thinking about this.
Sure...
>
>>>>  #define TPER_SYNC_SUPPORTED 0x01
>>>>  #define MBR_ENABLED_MASK 0x10
>>>> diff --git a/block/sed-opal.c b/block/sed-opal.c
>>>> index 880cc57a5f6b..f2b61a868901 100644
>>>> --- a/block/sed-opal.c
>>>> +++ b/block/sed-opal.c
>>>> @@ -1056,7 +1056,7 @@ static int start_opal_session_cont(struct opal_dev *dev)
>>>>  	hsn = response_get_u64(&dev->parsed, 4);
>>>>  	tsn = response_get_u64(&dev->parsed, 5);
>>>>
>>>> -	if (hsn == 0 && tsn == 0) {
>>>> +	if (hsn != GENERIC_HOST_SESSION_NUM || tsn < RSVD_TPER_SESSION_NUM) {
>>>>  		pr_debug("Couldn't authenticate session\n");
>>>>  		return -EPERM;
>>>>  	}
>>>> --
>>>> 2.17.1
>>>>