From: gjoyce@linux.vnet.ibm.com
To: linux-block@vger.kernel.org
Cc: axboe@kernel.dk, gjoyce@linux.vnet.ibm.com, nayna@linux.ibm.com,
keyrings@vger.kernel.org, jonathan.derrick@linux.dev,
brking@linux.vnet.ibm.com, akpm@linux-foundation.org,
msuchanek@suse.de, linuxppc-dev@lists.ozlabs.org
Subject: [PATCH v5 3/3] block: sed-opal: keystore access for SED Opal keys
Date: Wed, 30 Nov 2022 14:23:58 -0600 [thread overview]
Message-ID: <20221130202358.18034-4-gjoyce@linux.vnet.ibm.com> (raw)
In-Reply-To: <20221130202358.18034-1-gjoyce@linux.vnet.ibm.com>
From: Greg Joyce <gjoyce@linux.vnet.ibm.com>
Allow for permanent SED authentication keys by
reading/writing to the SED Opal non-volatile keystore.
Signed-off-by: Greg Joyce <gjoyce@linux.vnet.ibm.com>
Reviewed-by: Jonathan Derrick <jonathan.derrick@linux.dev>
---
block/sed-opal.c | 18 ++++++++++++++++--
1 file changed, 16 insertions(+), 2 deletions(-)
diff --git a/block/sed-opal.c b/block/sed-opal.c
index a8729892178b..e280631b932e 100644
--- a/block/sed-opal.c
+++ b/block/sed-opal.c
@@ -18,6 +18,7 @@
#include <linux/uaccess.h>
#include <uapi/linux/sed-opal.h>
#include <linux/sed-opal.h>
+#include <linux/sed-opal-key.h>
#include <linux/string.h>
#include <linux/kdev_t.h>
#include <linux/key.h>
@@ -2762,7 +2763,13 @@ static int opal_set_new_pw(struct opal_dev *dev, struct opal_new_pw *opal_pw)
if (ret)
return ret;
- /* update keyring with new password */
+ /* update keyring and key store with new password */
+ ret = sed_write_key(OPAL_AUTH_KEY,
+ opal_pw->new_user_pw.opal_key.key,
+ opal_pw->new_user_pw.opal_key.key_len);
+ if (ret != -EOPNOTSUPP)
+ pr_warn("error updating SED key: %d\n", ret);
+
ret = update_sed_opal_key(OPAL_AUTH_KEY,
opal_pw->new_user_pw.opal_key.key,
opal_pw->new_user_pw.opal_key.key_len);
@@ -3009,6 +3016,8 @@ EXPORT_SYMBOL_GPL(sed_ioctl);
static int __init sed_opal_init(void)
{
struct key *kr;
+ char init_sed_key[OPAL_KEY_MAX];
+ int keylen = OPAL_KEY_MAX;
kr = keyring_alloc(".sed_opal",
GLOBAL_ROOT_UID, GLOBAL_ROOT_GID, current_cred(),
@@ -3021,6 +3030,11 @@ static int __init sed_opal_init(void)
sed_opal_keyring = kr;
- return 0;
+ if (sed_read_key(OPAL_AUTH_KEY, init_sed_key, &keylen) < 0) {
+ memset(init_sed_key, '\0', sizeof(init_sed_key));
+ keylen = OPAL_KEY_MAX;
+ }
+
+ return update_sed_opal_key(OPAL_AUTH_KEY, init_sed_key, keylen);
}
late_initcall(sed_opal_init);
--
gjoyce@linux.vnet.ibm.com
prev parent reply other threads:[~2022-11-30 20:27 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-11-30 20:23 [PATCH v5 0/3] generic and PowerPC SED Opal keystore gjoyce
2022-11-30 20:23 ` [PATCH v5 1/3] block: sed-opal: " gjoyce
2022-11-30 20:23 ` [PATCH v5 2/3] powerpc/pseries: PLPKS SED Opal keystore support gjoyce
2022-11-30 20:23 ` gjoyce [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20221130202358.18034-4-gjoyce@linux.vnet.ibm.com \
--to=gjoyce@linux.vnet.ibm.com \
--cc=akpm@linux-foundation.org \
--cc=axboe@kernel.dk \
--cc=brking@linux.vnet.ibm.com \
--cc=jonathan.derrick@linux.dev \
--cc=keyrings@vger.kernel.org \
--cc=linux-block@vger.kernel.org \
--cc=linuxppc-dev@lists.ozlabs.org \
--cc=msuchanek@suse.de \
--cc=nayna@linux.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).