libata: sysctl knob for enabling tpm/opal at runtime

libata: sysctl knob for enabling tpm/opal at runtime

[Enrico Weigelt, metux IT consult]

Hello folks,


here's a patchset that allows enabling libata's tpm features (opal)
at runtime. Until now we need to boot with special kernel parameter,
in order to use OPAL - this patch also adds a sysctl knob for that.

It seems such a knob already had existed once (perhaps just in an
wip patchset), as sed-util expects it.

The first patch just introduces a systcl subdir for libata, the
second one adds the actual knob. I had already sent these patches,
few weeks ago, along with some general build fixes. The latter
meanwhile went mainline, but haven't received any comments on
the two opal related ones yet.

Please let me know, whether there's anything wrong w/ it.


have fun,
--mtx

[PATCH v2 1/2] drivers: libata: introduce sysctl directory

[Enrico Weigelt, metux IT consult]

Register a sysctl directory for libata, so upcoming knobs
can be added here.

Signed-off-by: Enrico Weigelt, metux IT consult <info@metux.net>
---
 drivers/ata/libata-core.c | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

diff --git a/drivers/ata/libata-core.c b/drivers/ata/libata-core.c
index aaa57e0..2af2470 100644
--- a/drivers/ata/libata-core.c
+++ b/drivers/ata/libata-core.c
@@ -160,6 +160,21 @@ struct ata_force_ent {
 MODULE_LICENSE("GPL");
 MODULE_VERSION(DRV_VERSION);
 
+static struct ctl_table ctl_libata[] = {
+	{}
+};
+
+static struct ctl_table libata_dir_table[] = {
+	{
+		.procname	= "libata",
+		.maxlen		= 0,
+		.mode		= 0555,
+		.child		= ctl_libata,
+	},
+	{ },
+};
+
+static struct ctl_table_header *libata_sysctl_header;
 
 static bool ata_sstatus_online(u32 sstatus)
 {
@@ -7043,6 +7058,8 @@ static int __init ata_init(void)
 		goto err_out;
 	}
 
+	libata_sysctl_header = register_sysctl_table(libata_dir_table);
+
 	printk(KERN_DEBUG "libata version " DRV_VERSION " loaded.\n");
 	return 0;
 
@@ -7056,6 +7073,7 @@ static void __exit ata_exit(void)
 	libata_transport_exit();
 	ata_sff_exit();
 	kfree(ata_force_tbl);
+	unregister_sysctl_table(libata_sysctl_header);
 }
 
 subsys_initcall(ata_init);
-- 
1.9.1

[PATCH v2 2/2] drivers: libata: add sysctl: 'libata.allow_tpm' for self-encrypted devices

[Enrico Weigelt, metux IT consult]

libata tpm functionality, needed for self encrypted devices (OPAL, ...),
is currently disabled per default and needs to be enabled via kernel
command line.

This patch allows enabling it via sysctl.

The implementation might look a bit 'naive', as there aren't any locks
or barriers, etc. As we're dealing just w/ a plain boolean value, that's
only checked when an tpm-related ioctl is called, we're fine w/ that.

Signed-off-by: Enrico Weigelt, metux IT consult <info@metux.net>
---
 drivers/ata/libata-core.c | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/drivers/ata/libata-core.c b/drivers/ata/libata-core.c
index 2af2470..f241028 100644
--- a/drivers/ata/libata-core.c
+++ b/drivers/ata/libata-core.c
@@ -161,6 +161,13 @@ struct ata_force_ent {
 MODULE_VERSION(DRV_VERSION);
 
 static struct ctl_table ctl_libata[] = {
+	{
+		.procname	= "allow_tpm",
+		.data		= &libata_allow_tpm,
+		.maxlen		= sizeof(libata_allow_tpm),
+		.mode		= 0644,
+		.proc_handler	= proc_dointvec,
+	},
 	{}
 };
 
-- 
1.9.1

Re: libata: sysctl knob for enabling tpm/opal at runtime

[Christoph Hellwig]

On Wed, Jun 05, 2019 at 01:36:25PM +0200, Enrico Weigelt, metux IT consult wrote:
> Hello folks,
> 
> 
> here's a patchset that allows enabling libata's tpm features (opal)
> at runtime. Until now we need to boot with special kernel parameter,
> in order to use OPAL - this patch also adds a sysctl knob for that.

Or you can use the block/sed-opal.c code which doesn't require the
tweak, and really is the proper way forward to use OPAL.

> The first patch just introduces a systcl subdir for libata, the
> second one adds the actual knob. I had already sent these patches,
> few weeks ago, along with some general build fixes. The latter
> meanwhile went mainline, but haven't received any comments on
> the two opal related ones yet.

Independent of that new sysctls are deprecated.

Re: libata: sysctl knob for enabling tpm/opal at runtime

[Enrico Weigelt, metux IT consult]

On 05.06.19 21:23, Christoph Hellwig wrote:
> On Wed, Jun 05, 2019 at 01:36:25PM +0200, Enrico Weigelt, metux IT consult wrote:
>> Hello folks,
>>
>>
>> here's a patchset that allows enabling libata's tpm features (opal)
>> at runtime. Until now we need to boot with special kernel parameter,
>> in order to use OPAL - this patch also adds a sysctl knob for that.
> 
> Or you can use the block/sed-opal.c code which doesn't require the
> tweak, and really is the proper way forward to use OPAL.

You're referring to the OPAL ioctl()s ?

hmm, it seems that sed-util doesn't use them at all, but directly
sends raw ata commands.

Shall I use a different userland tool ?


--mtx

-- 
Enrico Weigelt, metux IT consult
Free software and Linux embedded engineering
info@metux.net -- +49-151-27565287