From: "Derrick, Jonathan" <jonathan.derrick@intel.com>
To: "zub@linux.fjfi.cvut.cz" <zub@linux.fjfi.cvut.cz>,
"sbauer@plzdonthack.me" <sbauer@plzdonthack.me>
Cc: "hch@infradead.org" <hch@infradead.org>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
"linux-block@vger.kernel.org" <linux-block@vger.kernel.org>,
"jonas.rabenstein@studium.uni-erlangen.de"
<jonas.rabenstein@studium.uni-erlangen.de>,
"axboe@kernel.dk" <axboe@kernel.dk>
Subject: Re: [PATCH 0/3] block: sed-opal: add support for shadow MBR done flag and write
Date: Thu, 9 May 2019 19:31:12 +0000 [thread overview]
Message-ID: <8342e25cc9d6e84c620d54c6cbe0f7244ebb7de1.camel@intel.com> (raw)
In-Reply-To: <20190505144330.GB1030@hacktheplanet>
[-- Attachment #1: Type: text/plain, Size: 2574 bytes --]
On Sun, 2019-05-05 at 10:43 -0400, Scott Bauer wrote:
> On Fri, May 03, 2019 at 10:32:19PM +0200, David Kozub wrote:
> > On Wed, 1 May 2019, Christoph Hellwig wrote:
> >
> > > > I successfully tested toggling the MBR done flag and writing
> > > > the shadow MBR
> > > > using some tools I hacked together[4] with a Samsung SSD 850
> > > > EVO drive.
> > >
> > > Can you submit the tool to util-linux so that we get it into
> > > distros?
> >
> > There is already Scott's sed-opal-temp[1] and a fork by Jonas that
> > adds
> > support for older version of these new IOCTLs[2]. There was already
> > some
> > discussion of getting that to util-linux.[3]
> >
> > While I like my hack, sed-opal-temp can do much more (my tool
> > supports just
> > the few things I actually use). But there are two things which sed-
> > opal-temp
> > currently lacks which my hack has:
> >
> > * It can use a PBKDF2 hash (salted by disk serial number) of the
> > password
> > rather than the password directly. This makes it compatible with
> > sedutil
> > and I think it's also better practice (as firmware can contain
> > many
> > surprises).
> >
> > * It contains a 'PBA' (pre-boot authorization) tool. A tool
> > intended to be
> > run from shadow mbr that asks for a password and uses it to
> > unlock all
> > disks and set shadow mbr done flag, so after restart the computer
> > boots
> > into the real OS.
> >
> > @Scott: What are your plans with sed-opal-temp? If you want I can
> > update
> > Jonas' patches to the adapted IOCTLs. What are your thoughts on PW
> > hashing
> > and a PBA tool?
>
> I will accept any and all patches to sed opal tooling, I am not
> picky. I will
> also give up maintainership of it is someone else feels they can
> (rightfully
> so) do a better job.
>
> Jon sent me a patch for the tool that will deal with writing to the
> shadow MBR,
> so once we know these patches are going in i'll pull that patch into
> the tool.
>
> Then I guess that leaves PBKDF2 which I don't think will be too hard
> to pull in.
>
> With regard to your PBA tool, is that actually being run post-
> uefi/pre-linux?
> IE are we writing your tool into the SMBR and that's what is being
> run on bootup?
>
> Jon, if you think it's a good idea can you ask David if Revanth or
> you wants
> to take over the tooling? Or if anyone else here wants to own it then
> let me know.
>
I'll get back to you on this. Let me know if it begins to pick up a lot
of steam and I can prioritize this.
[-- Attachment #2: smime.p7s --]
[-- Type: application/x-pkcs7-signature, Size: 3278 bytes --]
next prev parent reply other threads:[~2019-05-09 19:31 UTC|newest]
Thread overview: 19+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-04-30 23:20 [PATCH 0/3] block: sed-opal: add support for shadow MBR done flag and write David Kozub
2019-04-30 23:20 ` [PATCH 1/3] block: sed-opal: add ioctl for done-mark of shadow mbr David Kozub
2019-05-01 10:36 ` David Kozub
2019-05-01 13:46 ` Christoph Hellwig
2019-05-05 14:16 ` Scott Bauer
2019-05-06 20:02 ` Derrick, Jonathan
2019-04-30 23:20 ` [PATCH 2/3] block: sed-opal: ioctl for writing to " David Kozub
2019-05-01 13:48 ` Christoph Hellwig
2019-05-05 14:22 ` Scott Bauer
2019-04-30 23:20 ` [PATCH 3/3] block: sed-opal: check size of " David Kozub
2019-05-05 14:27 ` Scott Bauer
2019-05-06 20:15 ` Derrick, Jonathan
2019-05-01 13:49 ` [PATCH 0/3] block: sed-opal: add support for shadow MBR done flag and write Christoph Hellwig
2019-05-03 20:32 ` David Kozub
2019-05-05 14:43 ` Scott Bauer
2019-05-09 19:31 ` Derrick, Jonathan [this message]
2019-05-13 22:12 ` David Kozub
2019-05-02 12:30 ` Scott Bauer
2019-05-02 16:03 ` David Kozub
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=8342e25cc9d6e84c620d54c6cbe0f7244ebb7de1.camel@intel.com \
--to=jonathan.derrick@intel.com \
--cc=axboe@kernel.dk \
--cc=hch@infradead.org \
--cc=jonas.rabenstein@studium.uni-erlangen.de \
--cc=linux-block@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=sbauer@plzdonthack.me \
--cc=zub@linux.fjfi.cvut.cz \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).