From: Greg Joyce <gjoyce@xxxxxxxxxxxxxxxxxx> TCG SED Opal is a specification from The Trusted Computing Group that allows self encrypting storage devices (SED) to be locked at power on and require an authentication key to unlock the drive. Add read and write functions that allow SED Opal authentication keys to be stored in a permanent keystore. Signed-off-by: Greg Joyce <gjoyce@xxxxxxxxxxxxxxxxxx> Reviewed-by: Jonathan Derrick <jonathan.derrick@xxxxxxxxx> --- block/Makefile | 2 +- block/sed-opal-key.c | 24 ++++++++++++++++++++++++ include/linux/sed-opal-key.h | 15 +++++++++++++++ 3 files changed, 40 insertions(+), 1 deletion(-) create mode 100644 block/sed-opal-key.c create mode 100644 include/linux/sed-opal-key.h diff --git a/block/Makefile b/block/Makefile index 4e01bb71ad6e..464a9f209552 100644 --- a/block/Makefile +++ b/block/Makefile @@ -35,7 +35,7 @@ obj-$(CONFIG_BLK_DEV_ZONED) += blk-zoned.o obj-$(CONFIG_BLK_WBT) += blk-wbt.o obj-$(CONFIG_BLK_DEBUG_FS) += blk-mq-debugfs.o obj-$(CONFIG_BLK_DEBUG_FS_ZONED)+= blk-mq-debugfs-zoned.o -obj-$(CONFIG_BLK_SED_OPAL) += sed-opal.o +obj-$(CONFIG_BLK_SED_OPAL) += sed-opal.o sed-opal-key.o obj-$(CONFIG_BLK_PM) += blk-pm.o obj-$(CONFIG_BLK_INLINE_ENCRYPTION) += blk-crypto.o blk-crypto-profile.o \ blk-crypto-sysfs.o diff --git a/block/sed-opal-key.c b/block/sed-opal-key.c new file mode 100644 index 000000000000..16f380164c44 --- /dev/null +++ b/block/sed-opal-key.c @@ -0,0 +1,24 @@ +// SPDX-License-Identifier: GPL-2.0-only +/* + * SED key operations. + * + * Copyright (C) 2022 IBM Corporation + * + * These are the accessor functions (read/write) for SED Opal + * keys. Specific keystores can provide overrides. + * + */ + +#include <linux/kernel.h> +#include <linux/errno.h> +#include <linux/sed-opal-key.h> + +int __weak sed_read_key(char *keyname, char *key, u_int *keylen) +{ + return -EOPNOTSUPP; +} + +int __weak sed_write_key(char *keyname, char *key, u_int keylen) +{ + return -EOPNOTSUPP; +} diff --git a/include/linux/sed-opal-key.h b/include/linux/sed-opal-key.h new file mode 100644 index 000000000000..c9b1447986d8 --- /dev/null +++ b/include/linux/sed-opal-key.h @@ -0,0 +1,15 @@ +/* SPDX-License-Identifier: GPL-2.0 */ +/* + * SED key operations. + * + * Copyright (C) 2022 IBM Corporation + * + * These are the accessor functions (read/write) for SED Opal + * keys. Specific keystores can provide overrides. + * + */ + +#include <linux/kernel.h> + +int sed_read_key(char *keyname, char *key, u_int *keylen); +int sed_write_key(char *keyname, char *key, u_int keylen); -- gjoyce@xxxxxxxxxxxxxxxxxx